Semantic Conventions for Elasticsearch

The Semantic Conventions for Elasticsearch extend and override the Database Semantic Conventions.

db.system MUST be set to "elasticsearch" and SHOULD be provided at span creation time.

Span Name

The span name follows the general database span name guidelines with the endpoint identifier stored in db.operation.name, and the index stored in db.collection.name.

Attributes

Attribute	Type	Description	Examples	Requirement Level
`db.operation.name`	string	The name of the operation or command being executed. [1]	`search`; `ml.close_job`; `cat.aliases`	`Required`
`http.request.method`	string	HTTP request method. [2]	`GET`; `POST`; `HEAD`	`Required`
`url.full`	string	Absolute URL describing a network resource according to RFC3986 [3]	`https://localhost:9200/index/_search?q=user.id:kimchy`	`Required`
`db.elasticsearch.path_parts.<key>`	string	A dynamic value in the url path. [4]	`db.elasticsearch.path_parts.index=test-index`; `db.elasticsearch.path_parts.doc_id=123`	`Conditionally Required` when the url has dynamic values
`error.type`	string	Describes a class of error the operation ended with. [5]	`timeout`; `java.net.UnknownHostException`; `server_certificate_invalid`; `500`	`Conditionally Required` If and only if the operation failed.
`server.port`	int	Server port number. [6]	`80`; `8080`; `443`	`Conditionally Required` [7]
`db.collection.name`	string	The index or data stream against which the query is executed. [8]	`my_index`; `index1, index2`	`Recommended`
`db.elasticsearch.node.name`	string	Represents the human-readable identifier of the node/instance to which a request was routed. [9]	`instance-0000000001`	`Recommended`
`db.namespace`	string	The name of the Elasticsearch cluster which the client connects to. [10]	`customers`; `test.users`	`Recommended`
`db.query.text`	string	The request body for a search-type query, as a json string. [11]	`"{\"query\":{\"term\":{\"user.id\":\"kimchy\"}}}"`	`Recommended` [12]
`server.address`	string	Name of the database host. [13]	`example.com`; `10.1.2.80`; `/tmp/my.sock`	`Recommended`

[1]: The db.operation.name SHOULD match the endpoint identifier provided in the request (see the Elasticsearch schema).

[2]: HTTP request method value SHOULD be “known” to the instrumentation. By default, this convention defines “known” methods as the ones listed in RFC9110 and the PATCH method defined in RFC5789.

If the HTTP request method is not known to instrumentation, it MUST set the http.request.method attribute to _OTHER.

If the HTTP instrumentation could end up converting valid HTTP request methods to _OTHER, then it MUST provide a way to override the list of known HTTP methods. If this override is done via environment variable, then the environment variable MUST be named OTEL_INSTRUMENTATION_HTTP_KNOWN_METHODS and support a comma-separated list of case-sensitive known HTTP methods (this list MUST be a full override of the default known method, it is not a list of known methods in addition to the defaults).

HTTP method names are case-sensitive and http.request.method attribute value MUST match a known HTTP method name exactly. Instrumentations for specific web frameworks that consider HTTP methods to be case insensitive, SHOULD populate a canonical equivalent. Tracing instrumentations that do so, MUST also set http.request.method_original to the original value.

[3]: For network calls, URL usually has scheme://host[:port][path][?query][#fragment] format, where the fragment is not transmitted over HTTP, but if it is known, it SHOULD be included nevertheless. url.full MUST NOT contain credentials passed via URL in form of https://username:password@www.example.com/. In such case username and password SHOULD be redacted and attribute’s value SHOULD be https://REDACTED:REDACTED@www.example.com/. url.full SHOULD capture the absolute URL when it is available (or can be reconstructed). Sensitive content provided in url.full SHOULD be scrubbed when instrumentations can identify it.

[4]: Many Elasticsearch url paths allow dynamic values. These SHOULD be recorded in span attributes in the format db.elasticsearch.path_parts.<key>, where <key> is the url path part name. The implementation SHOULD reference the elasticsearch schema in order to map the path part values to their names.

[5]: The error.type SHOULD match the error code returned by the database or the client library, the canonical name of exception that occurred, or another low-cardinality error identifier. Instrumentations SHOULD document the list of errors they report.

[6]: When observed from the client side, and when communicating through an intermediary, server.port SHOULD represent the server port behind any intermediaries, for example proxies, if it’s available.

[7]: If using a port other than the default port for this DBMS and if server.address is set.

[8]: The query may target multiple indices or data streams, in which case it SHOULD be a comma separated list of those. If the query doesn’t target a specific index, this field MUST NOT be set.

[9]: When communicating with an Elastic Cloud deployment, this should be collected from the “X-Found-Handling-Instance” HTTP response header.

[10]: When communicating with an Elastic Cloud deployment, this should be collected from the “X-Found-Handling-Cluster” HTTP response header.

[11]: For sanitization see Sanitization of db.query.text. For batch operations, if the individual operations are known to have the same query text then that query text SHOULD be used, otherwise all of the individual query texts SHOULD be concatenated with separator ; or some other database system specific separator if more applicable. Even though parameterized query text can potentially have sensitive data, by using a parameterized query the user is giving a strong signal that any sensitive data will be passed as parameter values, and the benefit to observability of capturing the static part of the query text by default outweighs the risk.

[12]: Should be collected by default for search-type queries and only if there is sanitization that excludes sensitive information.

[13]: When observed from the client side, and when communicating through an intermediary, server.address SHOULD represent the server address behind any intermediaries, for example proxies, if it’s available.

The following attributes can be important for making sampling decisions and SHOULD be provided at span creation time (if provided at all):

error.type has the following list of well-known values. If one of them applies, then the respective value MUST be used; otherwise, a custom value MAY be used.

Value	Description	Stability
`_OTHER`	A fallback error value to be used when the instrumentation doesn’t define a custom value.

http.request.method has the following list of well-known values. If one of them applies, then the respective value MUST be used; otherwise, a custom value MAY be used.

Value	Description	Stability
`_OTHER`	Any HTTP method that the instrumentation has no prior knowledge of.
`CONNECT`	CONNECT method.
`DELETE`	DELETE method.
`GET`	GET method.
`HEAD`	HEAD method.
`OPTIONS`	OPTIONS method.
`PATCH`	PATCH method.
`POST`	POST method.
`PUT`	PUT method.
`TRACE`	TRACE method.

Example

Key	Value
Span name	`"search my-index"`
`db.system`	`"elasticsearch"`
`server.address`	`"elasticsearch.mydomain.com"`
`server.port`	`9200`
`http.request.method`	`"GET"`
`db.query.text`	`"{\"query\":{\"term\":{\"user.id\":\"kimchy\"}}}"`
`db.operation.name`	`"search"`
`db.collection.name`	`"my-index"`
`url.full`	`"https://elasticsearch.mydomain.com:9200/my-index-000001/_search?from=40&size=20"`
`db.elasticsearch.path_parts.index`	`"my-index-000001"`
`db.namespace`	`"my-cluster"`
`db.elasticsearch.node.name`	`"instance-0000000001"`

Feedback

Was this page helpful?

Thank you. Your feedback is appreciated!

Please let us know how we can improve this page. Your feedback is appreciated!