Display Filter Reference: Elasticsearch

Protocol field name: elasticsearch

Versions: 2.0.0 to 2.6.3

Back to Display Filter Reference

Field name Description Type Versions
elasticsearch.action Action Character string 2.0.0 to 2.6.3
elasticsearch.address.format Format Unsigned integer, 1 byte 2.0.0 to 2.6.3
elasticsearch.address.format.unsupported Unsupported address format Label 2.4.0 to 2.6.3
elasticsearch.address.ipv4 IP IPv4 address 2.0.0 to 2.6.3
elasticsearch.address.ipv6 IP IPv6 address 2.0.0 to 2.6.3
elasticsearch.address.ipv6.scope_id IP Unsigned integer, 4 bytes 2.0.0 to 2.6.3
elasticsearch.address.length Length Unsigned integer, 1 byte 2.0.0 to 2.6.3
elasticsearch.address.name Name Character string 2.0.0 to 2.6.3
elasticsearch.address.port Port Unsigned integer, 4 bytes 2.0.0 to 2.6.3
elasticsearch.address.type Type Unsigned integer, 2 bytes 2.0.0 to 2.6.3
elasticsearch.address.type.unsupported Unsupported address type Label 2.4.0 to 2.6.3
elasticsearch.attributes.length Attributes length Unsigned integer, 4 bytes 2.0.0 to 2.6.3
elasticsearch.cluster_name Cluster name Character string 2.0.0 to 2.6.3
elasticsearch.data Data Label 2.0.0 to 2.6.3
elasticsearch.data_compressed Compressed data Label 2.0.0 to 2.6.3
elasticsearch.header.message_length Message length Unsigned integer, 4 bytes 2.0.0 to 2.6.3
elasticsearch.header.request_id Request ID Unsigned integer, 8 bytes 2.0.0 to 2.6.3
elasticsearch.header.status_flags Status flags Unsigned integer, 1 byte 2.0.0 to 2.6.3
elasticsearch.header.status_flags.compression Compression Boolean 2.0.0 to 2.6.3
elasticsearch.header.status_flags.error Error Boolean 2.0.0 to 2.6.3
elasticsearch.header.status_flags.message_type Message type Unsigned integer, 1 byte 2.0.0 to 2.6.3
elasticsearch.header.token Token Character string 2.0.0 to 2.6.3
elasticsearch.host_address Host address Character string 2.0.0 to 2.6.3
elasticsearch.host_name Hostname Character string 2.0.0 to 2.6.3
elasticsearch.internal_header Internal header Unsigned integer, 4 bytes 2.0.0 to 2.6.3
elasticsearch.node_id Node ID Character string 2.0.0 to 2.6.3
elasticsearch.node_name Node name Character string 2.0.0 to 2.6.3
elasticsearch.ping_request_id Ping ID Unsigned integer, 4 bytes 2.0.0 to 2.6.3
elasticsearch.version Version Unsigned integer, 4 bytes 2.0.0 to 2.6.3
elasticsearch.version.unsupported Unsupported header type: Elasticsearch version < 0.20.0RC1 Label 2.4.0 to 2.6.3
Go Beyond with Riverbed Technology

Riverbed is Wireshark's primary sponsor and provides our funding. They also make great products that fully integrate with Wireshark.

I have a lot of traffic...

ANSWER: SteelCentral™ Packet Analyzer PE
  • • Visually rich, powerful LAN analyzer
  • • Quickly access very large pcap files
  • • Professional, customizable reports
  • • Advanced triggers and alerts
Learn More

Buy Now

No, really, I have a LOT of traffic…

ANSWER: SteelCentral™ AppResponse 11
  • • Full stack analysis – from packets to pages
  • • Rich performance metrics & pre-defined insights for fast problem identification/resolution
  • • Modular, flexible solution for deeply-analyzing network & application performance
Learn More