-
Notifications
You must be signed in to change notification settings - Fork 419
/
process.yml
102 lines (87 loc) · 2.35 KB
/
process.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
---
- name: process
title: Process
group: 2
short: These fields contain information about a process.
description: >
These fields contain information about a process.
These fields can help you correlate metrics information with a process id/name
from a log message. The `process.pid` often stays in the metric itself and is
copied to the global field for correlation.
type: group
fields:
- name: pid
format: string
level: core
type: long
description: >
Process id.
example: 4242
- name: name
level: extended
type: keyword
short: Process name.
description: >
Process name.
Sometimes called program name or similar.
example: ssh
- name: ppid
format: string
level: extended
type: long
description: >
Parent process' pid.
example: 4241
- name: pgid
format: string
level: extended
type: long
description: >
Identifier of the group of processes the process belongs to.
- name: args
level: extended
type: keyword
short: Array of process arguments.
description: >
Array of process arguments.
May be filtered to protect sensitive information.
example: ["ssh", "-l", "user", "10.0.0.16"]
- name: executable
level: extended
type: keyword
description: >
Absolute path to the process executable.
example: /usr/bin/ssh
- name: title
level: extended
type: keyword
short: Process title.
description: >
Process title.
The proctitle, some times the same as process name. Can also be different:
for example a browser setting its title to the web page currently opened.
- name: thread.id
format: string
level: extended
type: long
example: 4242
description: >
Thread ID.
- name: start
level: extended
type: date
example: "2016-05-23T08:05:34.853Z"
description: >
The time the process started.
- name: uptime
level: extended
type: long
example: 1325
description: >
Seconds the process has been up.
- name: working_directory
level: extended
type: keyword
example: /home/alice
description: >
The working directory of the process.