forked from elastic/ecs
-
Notifications
You must be signed in to change notification settings - Fork 0
/
container.yml
129 lines (115 loc) · 4.03 KB
/
container.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
# Licensed to Elasticsearch B.V. under one or more contributor
# license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright
# ownership. Elasticsearch B.V. licenses this file to you under
# the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
---
- name: container
title: Container
group: 2
short: Fields describing the container that generated this event.
description: >
Container fields are used for meta information about the specific container
that is the source of information.
These fields help correlate data based containers from any runtime.
type: group
fields:
- name: cpu.usage
type: scaled_float
scaling_factor: 1000
level: extended
short: Percent CPU used, between 0 and 1.
description: >
Percent CPU used which is normalized by the number of CPU cores and it
ranges from 0 to 1. Scaling factor: 1000.
- name: disk.read.bytes
type: long
level: extended
short: The number of bytes read by all disks.
description: >
The total number of bytes (gauge) read successfully (aggregated from all
disks) since the last metric collection.
- name: disk.write.bytes
type: long
level: extended
short: The number of bytes written on all disks.
description: >
The total number of bytes (gauge) written successfully (aggregated from
all disks) since the last metric collection.
- name: id
level: core
type: keyword
description: >
Unique container id.
- name: image.name
level: extended
type: keyword
description: >
Name of the image the container was built on.
- name: image.tag
level: extended
type: keyword
description: >
Container image tags.
normalize:
- array
- name: image.hash.all
level: extended
type: keyword
short: An array of digests of the image the container was built on.
description: >
An array of digests of the image the container was built on.
Each digest consists of the hash algorithm and value in this format: `algorithm:value`.
Algorithm names should align with the field names in the ECS hash field set.
example: '[sha256:f8fefc80e3273dc756f288a63945820d6476ad64883892c771b5e2ece6bf1b26]'
normalize:
- array
- name: labels
level: extended
type: object
object_type: keyword
description: >
Image labels.
- name: memory.usage
type: scaled_float
scaling_factor: 1000
level: extended
short: Percent memory used, between 0 and 1.
description: >
Memory usage percentage and it ranges from 0 to 1. Scaling factor: 1000.
- name: name
level: extended
type: keyword
description: >
Container name.
- name: network.ingress.bytes
type: long
level: extended
short: The number of bytes received on all network interfaces.
description: >
The number of bytes received (gauge) on all network interfaces by the
container since the last metric collection.
- name: network.egress.bytes
type: long
level: extended
short: The number of bytes sent on all network interfaces.
description: >
The number of bytes (gauge) sent out on all network interfaces by the
container since the last metric collection.
- name: runtime
level: extended
type: keyword
description: >
Runtime managing this container.
example: docker