Display Filter Reference: Elasticsearch

Protocol field name: elasticsearch

Versions: 2.0.0 to 2.4.4

Back to Display Filter Reference

Field name Description Type Versions
elasticsearch.action Action Character string 2.0.0 to 2.4.4
elasticsearch.address.format Format Unsigned integer, 1 byte 2.0.0 to 2.4.4
elasticsearch.address.format.unsupported Unsupported address format Label 2.4.0 to 2.4.4
elasticsearch.address.ipv4 IP IPv4 address 2.0.0 to 2.4.4
elasticsearch.address.ipv6 IP IPv6 address 2.0.0 to 2.4.4
elasticsearch.address.ipv6.scope_id IP Unsigned integer, 4 bytes 2.0.0 to 2.4.4
elasticsearch.address.length Length Unsigned integer, 1 byte 2.0.0 to 2.4.4
elasticsearch.address.name Name Character string 2.0.0 to 2.4.4
elasticsearch.address.port Port Unsigned integer, 4 bytes 2.0.0 to 2.4.4
elasticsearch.address.type Type Unsigned integer, 2 bytes 2.0.0 to 2.4.4
elasticsearch.address.type.unsupported Unsupported address type Label 2.4.0 to 2.4.4
elasticsearch.attributes.length Attributes length Unsigned integer, 4 bytes 2.0.0 to 2.4.4
elasticsearch.cluster_name Cluster name Character string 2.0.0 to 2.4.4
elasticsearch.data Data Label 2.0.0 to 2.4.4
elasticsearch.data_compressed Compressed data Label 2.0.0 to 2.4.4
elasticsearch.header.message_length Message length Unsigned integer, 4 bytes 2.0.0 to 2.4.4
elasticsearch.header.request_id Request ID Unsigned integer, 8 bytes 2.0.0 to 2.4.4
elasticsearch.header.status_flags Status flags Unsigned integer, 1 byte 2.0.0 to 2.4.4
elasticsearch.header.status_flags.compression Compression Boolean 2.0.0 to 2.4.4
elasticsearch.header.status_flags.error Error Boolean 2.0.0 to 2.4.4
elasticsearch.header.status_flags.message_type Message type Unsigned integer, 1 byte 2.0.0 to 2.4.4
elasticsearch.header.token Token Character string 2.0.0 to 2.4.4
elasticsearch.host_address Host address Character string 2.0.0 to 2.4.4
elasticsearch.host_name Hostname Character string 2.0.0 to 2.4.4
elasticsearch.internal_header Internal header Unsigned integer, 4 bytes 2.0.0 to 2.4.4
elasticsearch.node_id Node ID Character string 2.0.0 to 2.4.4
elasticsearch.node_name Node name Character string 2.0.0 to 2.4.4
elasticsearch.ping_request_id Ping ID Unsigned integer, 4 bytes 2.0.0 to 2.4.4
elasticsearch.version Version Unsigned integer, 4 bytes 2.0.0 to 2.4.4
elasticsearch.version.unsupported Unsupported header type: Elasticsearch version < 0.20.0RC1 Label 2.4.0 to 2.4.4
Go Beyond with Riverbed Technology

Riverbed is Wireshark's primary sponsor and provides our funding. They also make great products that fully integrate with Wireshark.

I have a lot of traffic...

ANSWER: SteelCentral™ Packet Analyzer PE
  • • Visually rich, powerful LAN analyzer
  • • Quickly access very large pcap files
  • • Professional, customizable reports
  • • Advanced triggers and alerts
  • • Fully integrated with Wireshark and AirPcap™
Learn More

Buy Now

No, really, I have a LOT of traffic…

ANSWER: SteelCentral™ NetShark appliance
  • • Troubleshoot problems faster
  • • Quickly identify the applications running on your network
  • • Monitor your virtual machine traffic
Learn More