WIP Update the HTTP field set with ECS definitions as of beta 2 (elas…

…tic#9645) - Introduces fields for http size metrics - HTTP body field is now nested deeper: - `http.request.body` moves to `http.request.body.content` - `http.response.body` moves to `http.response.body.content` - packetbeat has been adjusted accordingly - Introduces missing field definition updates (mainly to lowercase `method`) - Unrelated: delete `x-pack/auditbeat/include/fields.go` which should have been deleted in elastic#9724.
DStape · Dec 21, 2018 · ea749e1 · ea749e1
1 parent cda144d
commit ea749e1
Show file tree

Hide file tree

Showing 2 changed files with 64 additions and 3 deletions.
diff --git a/docs/fields.asciidoc b/docs/fields.asciidoc
@@ -1943,9 +1943,22 @@ Fields related to HTTP activity.
 --
 type: keyword
 
-example: GET, POST, PUT
+example: get, post, put
 
 Http request method.
+The field value must be normalized to lowercase for querying. See "Lowercase Capitalization" in the "Implementing ECS"  section.
+
+
+--
+
+*`http.request.body.content`*::
++
+--
+type: keyword
+
+example: Hello world
+
+The full http request body.
 
 
 --
@@ -1974,7 +1987,7 @@ Http response status code.
 
 --
 
-*`http.response.body`*::
+*`http.response.body.content`*::
 +
 --
 type: keyword
@@ -1996,6 +2009,54 @@ example: 1.1
 Http version.
 
 
+--
+
+*`http.request.bytes`*::
++
+--
+type: long
+
+example: 1437
+
+Total size in bytes of the request (body and headers).
+
+
+--
+
+*`http.request.body.bytes`*::
++
+--
+type: long
+
+example: 887
+
+Size in bytes of the request body.
+
+
+--
+
+*`http.response.bytes`*::
++
+--
+type: long
+
+example: 1437
+
+Total size in bytes of the response (body and headers).
+
+
+--
+
+*`http.response.body.bytes`*::
++
+--
+type: long
+
+example: 887
+
+Size in bytes of the response body.
+
+
 --
 
 [float]