Skip to main content

L7 log data types

Big picture

Calico Cloud sends the following data to Elasticsearch.

The following table details the key/value pairs in the JSON blob, including their Elasticsearch datatype.

NameDatatypeDescription
hostkeywordName of the node that collected the L7 log entry.
start_timedateStart time of log collection in UNIX timestamp format.
end_timedateEnd time of log collection in UNIX timestamp format.
bytes_inlongNumber of incoming bytes since the last export.
bytes_outlongNumber of outgoing bytes since the last export.
duration_meanlongMean duration time of all the requests that match this combination of L7 data in nanoseconds.
duration_maxlongMax duration time of all the requests that match this combination of L7 data in nanoseconds.
countlongNumber of requests that match this combination of L7 data.
src_name_aggrkeywordContains one of the following values:
- Aggregated name of the source pod.
- pvt: endpoint is not a pod. Its IP address belongs to a private subnet.
- pub: endpoint is not a pod. Its IP address does not belong to a private subnet. It is probably an endpoint on the public internet.
src_namespacekeywordNamespace of the source endpoint.
src_typekeywordSource endpoint type. Possible values:
- wep: A workload endpoint, a pod in Kubernetes.
- ns: A Networkset. If multiple Networksets match, then the one with the longest prefix match is chosen.
- net: A Network. The IP address did not fall into a known endpoint type.
dest_name_aggrkeywordContains one of the following values:
- Aggregated name of the destination pod.
- pvt: endpoint is not a pod. Its IP address belongs to a private subnet.
- pub: endpoint is not a pod. Its IP address does not belong to a private subnet. It is probably an endpoint on the public internet.
dest_namespacekeywordNamespace of the destination endpoint.
dest_typekeywordDestination endpoint type. Possible values:
- wep: A workload endpoint, a pod in Kubernetes.
- ns: A Networkset. If multiple Networksets match, then the one with the longest prefix match is chosen.
- net: A Network. The IP address did not fall into a known endpoint type.
dest_service_namekeywordName of the destination service. This may be empty if the request was not made against a service.
dest_service_namespacekeywordNamespace of the destination service. This may be empty if the request was not made against a service.
dest_service_portlongDestination service port.
urlkeywordURL that the request was made against.
response_codekeywordResponse code returned by the request.
methodkeywordHTTP method for the request.
user_agentkeywordUser agent of the request.
typekeywordType of request made. Possible values include tcp, tls, and html/<version>.