HTTP Fields

edit

Fields related to HTTP activity. Use the url field set to store the url of the request.

HTTP Field Details

edit
Field Description Level

http.request.body.bytes

Size in bytes of the request body.

type: long

example: 887

extended

http.request.body.content

The full HTTP request body.

type: wildcard

Multi-fields:

* http.request.body.content.text (type: match_only_text)

example: Hello world

extended

http.request.bytes

Total size in bytes of the request (body and headers).

type: long

example: 1437

extended

http.request.id

A unique identifier for each HTTP request to correlate logs between clients and servers in transactions.

The id may be contained in a non-standard HTTP header, such as X-Request-ID or X-Correlation-ID.

type: keyword

example: 123e4567-e89b-12d3-a456-426614174000

extended

http.request.method

HTTP request method.

The value should retain its casing from the original event. For example, GET, get, and GeT are all considered valid values for this field.

type: keyword

example: POST

extended

http.request.mime_type

Mime type of the body of the request.

This value must only be populated based on the content of the request body, not on the Content-Type header. Comparing the mime type of a request with the request’s Content-Type header can be helpful in detecting threats or misconfigured clients.

type: keyword

example: image/gif

extended

http.request.referrer

Referrer for this HTTP request.

type: keyword

example: https://blog.example.com/

extended

http.response.body.bytes

Size in bytes of the response body.

type: long

example: 887

extended

http.response.body.content

The full HTTP response body.

type: wildcard

Multi-fields:

* http.response.body.content.text (type: match_only_text)

example: Hello world

extended

http.response.bytes

Total size in bytes of the response (body and headers).

type: long

example: 1437

extended

http.response.mime_type

Mime type of the body of the response.

This value must only be populated based on the content of the response body, not on the Content-Type header. Comparing the mime type of a response with the response’s Content-Type header can be helpful in detecting misconfigured servers.

type: keyword

example: image/gif

extended

http.response.status_code

HTTP response status code.

type: long

example: 404

extended

http.version

HTTP version.

type: keyword

example: 1.1

extended