Display Filter Reference: Elasticsearch

Protocol field name: elasticsearch

Versions: 2.0.0 to 3.4.5

Back to Display Filter Reference

Field name Description Type Versions
elasticsearch.action Action Character string 2.0.0 to 3.4.5
elasticsearch.address.format Format Unsigned integer, 1 byte 2.0.0 to 3.4.5
elasticsearch.address.format.unsupported Unsupported address format Label 2.4.0 to 3.4.5
elasticsearch.address.ipv4 IP IPv4 address 2.0.0 to 3.4.5
elasticsearch.address.ipv6 IP IPv6 address 2.0.0 to 3.4.5
elasticsearch.address.ipv6.scope_id IP Unsigned integer, 4 bytes 2.0.0 to 3.4.5
elasticsearch.address.length Length Unsigned integer, 1 byte 2.0.0 to 3.4.5
elasticsearch.address.name Name Character string 2.0.0 to 3.4.5
elasticsearch.address.port Port Unsigned integer, 4 bytes 2.0.0 to 3.4.5
elasticsearch.address.type Type Unsigned integer, 2 bytes 2.0.0 to 3.4.5
elasticsearch.address.type.unsupported Unsupported address type Label 2.4.0 to 3.4.5
elasticsearch.attributes.length Attributes length Unsigned integer, 4 bytes 2.0.0 to 3.4.5
elasticsearch.cluster_name Cluster name Character string 2.0.0 to 3.4.5
elasticsearch.data Data Label 2.0.0 to 3.4.5
elasticsearch.data_compressed Compressed data Label 2.0.0 to 3.4.5
elasticsearch.feature Feature Character string 3.4.0 to 3.4.5
elasticsearch.header.key Key Character string 3.4.0 to 3.4.5
elasticsearch.header.message_length Message length Unsigned integer, 4 bytes 2.0.0 to 3.4.5
elasticsearch.header.request Request header Label 3.4.0 to 3.4.5
elasticsearch.header.request_id Request ID Unsigned integer, 8 bytes 2.0.0 to 3.4.5
elasticsearch.header.response Response header Label 3.4.0 to 3.4.5
elasticsearch.header.size Header size Unsigned integer, 4 bytes 3.4.0 to 3.4.5
elasticsearch.header.status_flags Status flags Unsigned integer, 1 byte 2.0.0 to 3.4.5
elasticsearch.header.status_flags.compression Compression Boolean 2.0.0 to 3.4.5
elasticsearch.header.status_flags.error Error Boolean 2.0.0 to 3.4.5
elasticsearch.header.status_flags.message_type Message type Unsigned integer, 1 byte 2.0.0 to 3.4.5
elasticsearch.header.token Token Character string 2.0.0 to 3.4.5
elasticsearch.header.value Value Character string 3.4.0 to 3.4.5
elasticsearch.host_address Host address Character string 2.0.0 to 3.4.5
elasticsearch.host_name Hostname Character string 2.0.0 to 3.4.5
elasticsearch.internal_header Internal header Unsigned integer, 4 bytes 2.0.0 to 3.4.5
elasticsearch.node_id Node ID Character string 2.0.0 to 3.4.5
elasticsearch.node_name Node name Character string 2.0.0 to 3.4.5
elasticsearch.ping_request_id Ping ID Unsigned integer, 4 bytes 2.0.0 to 3.4.5
elasticsearch.version Version Unsigned integer, 4 bytes 2.0.0 to 3.4.5
elasticsearch.version.unsupported Unsupported header type: Elasticsearch version < 0.20.0RC1 Label 2.4.0 to 3.4.5
Go Beyond with Riverbed Technology

Riverbed is Wireshark's primary sponsor and provides our funding. They also make great products that fully integrate with Wireshark.

I have a lot of traffic...

ANSWER: SteelCentral™ AppResponse 11
  • • Full stack analysis – from packets to pages
  • • Rich performance metrics & pre-defined insights for fast problem identification/resolution
  • • Modular, flexible solution for deeply-analyzing network & application performance
Learn More