General attributes

Status: Experimental

The attributes described in this section are not specific to a particular operation but rather generic. They may be used in any Span they apply to. Particular operations may refer to or require some of these attributes.

General network connection attributes

These attributes may be used for any network related operation. The net.peer.* attributes describe properties of the remote end of the network connection (usually the transport-layer peer, e.g. the node to which a TCP connection was established), while the net.host.* properties describe the local end. In an ideal situation, not accounting for proxies, multiple IP addresses or host names, the net.peer.* properties of a client are equal to the net.host.* properties of the server and vice versa.

Network transport attributes

AttributeTypeDescriptionExamplesRequirement Level
net.transportstringTransport protocol used. See note below.ip_tcpRecommended
net.app.protocol.namestringApplication layer protocol used. The value SHOULD be normalized to lowercase.amqp; http; mqttRecommended
net.app.protocol.versionstringVersion of the application layer protocol used. See note below. [1]3.1.1Recommended
net.sock.peer.namestringRemote socket peer name.proxy.example.comRecommended: [2]
net.sock.peer.addrstringRemote socket peer address: IPv4 or IPv6 for internet protocols, path for local communication, etc.127.0.0.1; /tmp/mysql.sockRecommended
net.sock.peer.portintRemote socket peer port.16456Recommended: [3]
net.sock.familystringProtocol address family which is used for communication.inet6; bluetoothConditionally Required: [4]
net.peer.namestringLogical remote hostname, see note below. [5]example.comRecommended
net.peer.portintLogical remote port number80; 8080; 443Recommended
net.host.namestringLogical local hostname or similar, see note below.localhostRecommended
net.host.portintLogical local port number, preferably the one that the peer used to connect8080Recommended
net.sock.host.addrstringLocal socket address. Useful in case of a multi-IP host.192.168.0.1Recommended
net.sock.host.portintLocal socket port number.35555Recommended: [6]
net.host.connection.typestringThe internet connection type currently being used by the host.wifiRecommended
net.host.connection.subtypestringThis describes more details regarding the connection.type. It may be the type of cell technology connection, but it could be used for describing details about a wifi connection.LTERecommended
net.host.carrier.namestringThe name of the mobile carrier.sprintRecommended
net.host.carrier.mccstringThe mobile carrier country code.310Recommended
net.host.carrier.mncstringThe mobile carrier network code.001Recommended
net.host.carrier.iccstringThe ISO 3166-1 alpha-2 2-character country code associated with the mobile carrier network.DERecommended

[1]: net.app.protocol.version refers to the version of the protocol used and might be different from the protocol client’s version. If the HTTP client used has a version of 0.27.2, but sends HTTP version 1.1, this attribute should be set to 1.1.

[2]: If available and different from net.peer.name and if net.sock.peer.addr is set.

[3]: If defined for the address family and if different than net.peer.port and if net.sock.peer.addr is set.

[4]: If different than inet and if any of net.sock.peer.addr or net.sock.host.addr are set. Consumers of telemetry SHOULD accept both IPv4 and IPv6 formats for the address in net.sock.peer.addr if net.sock.family is not set. This is to support instrumentations that follow previous versions of this document.

[5]: net.peer.name SHOULD NOT be set if capturing it would require an extra DNS lookup.

[6]: If defined for the address family and if different than net.host.port and if net.sock.host.addr is set.

net.transport has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
ip_tcpip_tcp
ip_udpip_udp
pipeNamed or anonymous pipe. See note below.
inprocIn-process communication. [1]
otherSomething else (non IP-based).

[1]: Signals that there is only in-process communication not using a “real” network protocol in cases where network attributes would normally be expected. Usually all other network attributes can be left out in that case.

net.sock.family has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
inetIPv4 address
inet6IPv6 address
unixUnix domain socket path

net.host.connection.type has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
wifiwifi
wiredwired
cellcell
unavailableunavailable
unknownunknown

net.host.connection.subtype has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

ValueDescription
gprsGPRS
edgeEDGE
umtsUMTS
cdmaCDMA
evdo_0EVDO Rel. 0
evdo_aEVDO Rev. A
cdma2000_1xrttCDMA2000 1XRTT
hsdpaHSDPA
hsupaHSUPA
hspaHSPA
idenIDEN
evdo_bEVDO Rev. B
lteLTE
ehrpdEHRPD
hspapHSPAP
gsmGSM
td_scdmaTD-SCDMA
iwlanIWLAN
nr5G NR (New Radio)
nrnsa5G NRNSA (New Radio Non-Standalone)
lte_caLTE CA

For Unix and pipe, since the connection goes over the file system instead of being directly to a known peer, net.peer.name is the only attribute that usually makes sense (see description of net.peer.name below).

net.peer.name and net.host.name attributes

net.peer.name and net.host.name represent logical host names. Semantic conventions that refer to these attributes SHOULD specify what these attributes mean in their context.

Semantic conventions and instrumentations that populate both logical (net.peer.name, net.host.name) and socket-level (net.sock.*.name) attributes SHOULD set socket-level attributes only when they don’t match logical ones. For example, when direct connection to the remote destination is established and net.peer.name is populated, net.sock.peer.name SHOULD NOT be set. Check out Connecting through intermediary for more information.

net.peer.name

For IP-based communication, the name should be a DNS host name of the remote service.

net.peer.name should be the name of logical remote destination, e.g., "example.com" if connecting to an URL https://example.com/foo. Usually, application pass it as configuration to client libraries in form of URL, connection string, host name, etc.

Sometimes host name is only available to instrumentation as a string which may contain DNS name or IP address. net.peer.name SHOULD be set to the available known hostname (e.g., "127.0.0.1" if connecting to an URL https://127.0.0.1.com/foo).

If only IP address is available via net.sock.peer.addr, net.peer.name SHOULD NOT be set. Reverse DNS lookup SHOULD NOT be used to obtain DNS name.

If net.transport is "pipe", the absolute path to the file representing it should be used as net.peer.name (net.host.name doesn’t make sense in that context). If there is no such file (e.g., anonymous pipe), the name should explicitly be set to the empty string to distinguish it from the case where the name is just unknown or not covered by the instrumentation.

For Unix domain socket, net.sock.peer.addr attribute represents destination name and net.peer.name SHOULD NOT be set.

net.peer.name and net.peer.port apply to client instrumentations only. Server instrumentations SHOULD NOT set these attributes.

net.host.name

net.host.name should be the host name of the local host, preferably the one that the peer used to connect for the current operation. If that is not known, a public hostname should be preferred over a private one. However, in that case it may be redundant with information already contained in resources and may be left out. It will usually not make sense to use reverse-lookup to obtain net.host.name, as that would result in static information that is better stored as resource information.

net.host.name and net.host.port apply to server instrumentations only. Client instrumentations SHOULD NOT set these attributes.

net.sock.* attributes

Note: this section applies to socket connections visible to instrumentations. Instrumentations have limited knowledge about intermediaries communications goes through such as transparent proxies or VPN servers. Higher-level instrumentations such as HTTP don’t always have access to the socket-level information and may not be able to populate socket-level attributes.

Socket-level attributes identify peer and host that are directly connected to each other. Since instrumentations may have limited knowledge on network information, instrumentations SHOULD populate such attributes to the best of their knowledge when populate them at all.

net.sock.family identifies address family specified when connecting to the socket. For example, it matches sa_family field of sockaddr structure on Linux and Windows.

Note: Specific structures and methods to obtain socket-level attributes are mentioned here only as examples. Instrumentations would usually use Socket API provided by their environment or sockets implementations.

Peer

net.sock.peer.addr, net.sock.peer.port identify remote peer - the address used to connect to the socket. For example, when connecting using connect(2) on Linux or Windows with AF_INET address family, represent sin_addr and sin_port fields of sockaddr_in structure.

Address and port can be obtained by calling getpeername method on Linux, Windows.

net.sock.peer.port SHOULD only be populated for families that have notion of port.

net.sock.peer.name SHOULD be set to the DNS name used to resolve net.sock.peer.addr if it’s readily available. Instrumentations SHOULD NOT do DNS lookups to obtain net.sock.peer.addr or net.sock.peer.name. If peer information available to instrumentation can represent DNS name or IP address, instrumentation SHOULD NOT attempt to parse it and SHOULD only set net.sock.peer.name.

For example, URL Host component can contain IP address or DNS name and instrumentations that don’t have access to socket-level communication can only populate net.sock.peer.name. Instrumentations that have access to socket connection, may be able to populate valid net.sock.peer.addr instead of or in addition to DNS name.

Host

net.sock.host.addr, net.sock.host.port identify local socket address - the address used to bind to the socket. For example, when using bind(2) on Linux or Windows with AF_INET address family, represent sin_addr and sin_port fields of sockaddr_in structure.

net.sock.host.port SHOULD only be populated for families that have notion of port.

Address and port can be obtained by calling getsockname method on Linux, Windows.

Connecting through intermediary

When connecting to the remote destination through an intermediary (e.g. proxy), client instrumentations SHOULD set net.peer.name and net.peer.port to logical remote destination address and net.sock.peer.addr and net.sock.peer.port to the socket peer connection is established with - the intermediary.

Server instrumentations that use net.host.name and net.host.port SHOULD set them to logical local host; If net.sock.peer.addr and net.sock.peer.port are used, they SHOULD be set to the address of intermediary connection is established with. Server semantic conventions SHOULD define additional attribute(s) representing originating peer address for reverse-proxy scenarios when such information is available.

General remote service attributes

This attribute may be used for any operation that accesses some remote service. Users can define what the name of a service is based on their particular semantics in their distributed system. Instrumentations SHOULD provide a way for users to configure this name.

AttributeTypeDescriptionExamplesRequirement Level
peer.servicestringThe service.name of the remote service. SHOULD be equal to the actual service.name resource attribute of the remote service if any.AuthTokenCacheRecommended

Examples of peer.service that users may specify:

  • A Redis cache of auth tokens as peer.service="AuthTokenCache".
  • A gRPC service rpc.service="io.opentelemetry.AuthService" may be hosted in both a gateway, peer.service="ExternalApiService" and a backend, peer.service="AuthService".

General identity attributes

These attributes may be used for any operation with an authenticated and/or authorized enduser.

AttributeTypeDescriptionExamplesRequirement Level
enduser.idstringUsername or client_id extracted from the access token or Authorization header in the inbound request from outside the system.usernameRecommended
enduser.rolestringActual/assumed role the client is making the request under extracted from token or application security context.adminRecommended
enduser.scopestringScopes or granted authorities the client currently possesses extracted from token or application security context. The value would come from the scope associated with an OAuth 2.0 Access Token or an attribute value in a SAML 2.0 Assertion.read:message, write:filesRecommended

These attributes describe the authenticated user driving the user agent making requests to the instrumented system. It is expected this information would be propagated unchanged from node-to-node within the system using the Baggage mechanism. These attributes should not be used to record system-to-system authentication attributes.

Examples of where the enduser.id value is extracted from:

Authentication protocolField or description
HTTP Basic/Digest Authenticationusername
OAuth 2.0 Bearer TokenOAuth 2.0 Client Identifier value from client_id for the OAuth 2.0 Client Credentials Grant flow and subject or username from get token info response for other flows using opaque tokens.
OpenID Connect 1.0 IDTokensub
SAML 2.0 Assertionurn:oasis:names:tc:SAML:2.0:assertion:Subject
KerberosPrincipalName
FrameworkField or description
JavaEE/JakartaEE Servletjavax.servlet.http.HttpServletRequest.getUserPrincipal()
Windows Communication FoundationServiceSecurityContext.Current.PrimaryIdentity

Given the sensitive nature of this information, SDKs and exporters SHOULD drop these attributes by default and then provide a configuration parameter to turn on retention for use cases where the information is required and would not violate any policies or regulations.

General thread attributes

These attributes may be used for any operation to store information about a thread that started a span.

AttributeTypeDescriptionExamplesRequirement Level
thread.idintCurrent “managed” thread ID (as opposed to OS thread ID).42Recommended
thread.namestringCurrent thread name.mainRecommended

Examples of where thread.id and thread.name can be extracted from:

Language or platformthread.idthread.name
JVMThread.currentThread().getId()Thread.currentThread().getName()
.NETThread.CurrentThread.ManagedThreadIdThread.CurrentThread.Name
Pythonthreading.current_thread().identthreading.current_thread().name
RubyThread.current.object_idThread.current.name
C++std::this_thread::get_id()
Erlangerlang:system_info(scheduler_id)

Source Code Attributes

Often a span is closely tied to a certain unit of code that is logically responsible for handling the operation that the span describes (usually the method that starts the span). For an HTTP server span, this would be the function that handles the incoming request, for example. The attributes listed below allow to report this unit of code and therefore to provide more context about the span.

AttributeTypeDescriptionExamplesRequirement Level
code.functionstringThe method or function name, or equivalent (usually rightmost part of the code unit’s name).serveRequestRecommended
code.namespacestringThe “namespace” within which code.function is defined. Usually the qualified class or module name, such that code.namespace + some separator + code.function form a unique identifier for the code unit.com.example.MyHttpServiceRecommended
code.filepathstringThe source code file name that identifies the code unit as uniquely as possible (preferably an absolute file path)./usr/local/MyApplication/content_root/app/index.phpRecommended
code.linenointThe line number in code.filepath best representing the operation. It SHOULD point within the code unit named in code.function.42Recommended