PCF Log Search Tags Dictionary

The following table lists the generated tags that Log Search provides. Log Search attaches these tags when it recognizes that the data belongs to a common log field category. These tags appear at the top of the Available Fields list in Kibana, above the raw keys from the source JSON logs sent to Log Search. You can use these tags to to filter data and more effectively search your logs.

Tag Description Example Value
@level Severity level of the message Can be one of: DEBUG, INFO, WARN, ERROR or FATAL
@message Unparsed, human readable text of log. May be empty if all data parses into separate fields Switchboard.Error routing to backend
@raw Unparsed log message <139>2016-01-28T21:17:52.856995+00:00 switchboard [job=proxy- partition-e3353cc4ddedf43fa7a6 index=0] {"timestamp":"1454015872.856954575","source": "Switchboard","message":"Switchboard.Error routing to backend","log_level":2,"data": {"error":"No active Backend"}}`
@source.deployment Name of deployment cluster log is from. For example, bosh deployment or tile name CF if from a Cloud Foundry job, or logsearch if from a logsearch job
@source.host Guid of the container running the app. Defaults to @source.ip if not applicable From a container: 4138q23c-1v2c-4a21-9szbc-4b37c11fda0b. From a VM:
@source.index Instance of source component job 0
@source.ip IP address of the origin VM
@source.job Name of source component In a Log Search deployment: elasticsearch_data, elasticsearch_master, kibana, etc.
@source.program Program emitting the logs cloud_controller_ng
@source.vm Combination of @source.job and @source.index elasticseach_data/0
@timestamp Parsed timestamp of log message, in UTC. Defaults to parse time. Overridden by syslog_timestamp, or timestamp pulled from specific log message 2015-11-18T15:00:04.896Z
@timestamp_ns Nanoseconds since Unix Epoch. Not all logs include nanosecond precision. For a timestamp of 1463503340.250173807, @timestamp_ns is 173,807
