General attributes

Status: Experimental

The attributes described in this section are not specific to a particular operation but rather generic. They may be used in any Span they apply to. Particular operations may refer to or require some of these attributes.

General network connection attributes

These attributes may be used for any network related operation. The net.peer.* attributes describe properties of the remote end of the network connection (usually the transport-layer peer, e.g. the node to which a TCP connection was established), while the* properties describe the local end. In an ideal situation, not accounting for proxies, multiple IP addresses or host names, the net.peer.* properties of a client are equal to the* properties of the server and vice versa.

Network transport attributes

net.transportstringTransport protocol used. See note below.ip_tcpNo
net.peer.ipstringRemote address of the peer (dotted decimal for IPv4 or RFC5952 for IPv6)
net.peer.portintRemote port number.80; 8080; 443No
net.peer.namestringRemote hostname or similar, see note below. [1]example.comNo net.peer.ip but for the host IP. Useful in case of a multi-IP host. net.peer.port but for the host port.35555No hostname or similar, see note below.localhostNo internet connection type currently being used by the host.wifiNo describes more details regarding the connection.type. It may be the type of cell technology connection, but it could be used for describing details about a wifi connection.LTENo name of the mobile carrier.sprintNo mobile carrier country code.310No mobile carrier network code.001No ISO 3166-1 alpha-2 2-character country code associated with the mobile carrier network.DENo

[1]: SHOULD NOT be set if capturing it would require an extra DNS lookup.

net.transport MUST be one of the following:

ipAnother IP-based protocol
unixUnix Domain socket. See below.
pipeNamed or anonymous pipe. See note below.
inprocIn-process communication. [1]
otherSomething else (non IP-based).

[1]: Signals that there is only in-process communication not using a “real” network protocol in cases where network attributes would normally be expected. Usually all other network attributes can be left out in that case. has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

unknownunknown has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

evdo_0EVDO Rel. 0
evdo_aEVDO Rev. A
cdma2000_1xrttCDMA2000 1XRTT
evdo_bEVDO Rev. B
nr5G NR (New Radio)
nrnsa5G NRNSA (New Radio Non-Standalone)
lte_caLTE CA

For Unix and pipe, since the connection goes over the file system instead of being directly to a known peer, is the only attribute that usually makes sense (see description of below).

net.*.name attributes

For IP-based communication, the name should be a DNS host name. For, this should be the name that was used to look up the IP address that was connected to (i.e., matching net.peer.ip if that one is set; e.g., "" if connecting to an URL If only the IP address but no host name is available, reverse DNS lookup SHOULD NOT be used to obtain, and SHOULD NOT be set. should be the host name of the local host, preferably the one that the peer used to connect for the current operation. If that is not known, a public hostname should be preferred over a private one. However, in that case it may be redundant with information already contained in resources and may be left out. It will usually not make sense to use reverse-lookup to obtain, as that would result in static information that is better stored as resource information.

If net.transport is "unix" or "pipe", the absolute path to the file representing it should be used as ( doesn’t make sense in that context). If there is no such file (e.g., anonymous pipe), the name should explicitly be set to the empty string to distinguish it from the case where the name is just unknown or not covered by the instrumentation.

General remote service attributes

This attribute may be used for any operation that accesses some remote service. Users can define what the name of a service is based on their particular semantics in their distributed system. Instrumentations SHOULD provide a way for users to configure this name.

peer.servicestringThe of the remote service. SHOULD be equal to the actual resource attribute of the remote service if any.AuthTokenCacheNo

Examples of peer.service that users may specify:

  • A Redis cache of auth tokens as peer.service="AuthTokenCache".
  • A gRPC service rpc.service="io.opentelemetry.AuthService" may be hosted in both a gateway, peer.service="ExternalApiService" and a backend, peer.service="AuthService".

General identity attributes

These attributes may be used for any operation with an authenticated and/or authorized enduser.

enduser.idstringUsername or client_id extracted from the access token or Authorization header in the inbound request from outside the system.usernameNo
enduser.rolestringActual/assumed role the client is making the request under extracted from token or application security context.adminNo
enduser.scopestringScopes or granted authorities the client currently possesses extracted from token or application security context. The value would come from the scope associated with an OAuth 2.0 Access Token or an attribute value in a SAML 2.0, write:filesNo

These attributes describe the authenticated user driving the user agent making requests to the instrumented system. It is expected this information would be propagated unchanged from node-to-node within the system using the Baggage mechanism. These attributes should not be used to record system-to-system authentication attributes.

Examples of where the value is extracted from:

Authentication protocolField or description
HTTP Basic/Digest Authenticationusername
OAuth 2.0 Bearer TokenOAuth 2.0 Client Identifier value from client_id for the OAuth 2.0 Client Credentials Grant flow and subject or username from get token info response for other flows using opaque tokens.
OpenID Connect 1.0 IDTokensub
SAML 2.0 Assertionurn:oasis:names:tc:SAML:2.0:assertion:Subject
FrameworkField or description
JavaEE/JakartaEE Servletjavax.servlet.http.HttpServletRequest.getUserPrincipal()
Windows Communication FoundationServiceSecurityContext.Current.PrimaryIdentity

Given the sensitive nature of this information, SDKs and exporters SHOULD drop these attributes by default and then provide a configuration parameter to turn on retention for use cases where the information is required and would not violate any policies or regulations.

General thread attributes

These attributes may be used for any operation to store information about a thread that started a span.

thread.idintCurrent “managed” thread ID (as opposed to OS thread ID).42No
thread.namestringCurrent thread name.mainNo

Examples of where and can be extracted from:

Language or

Source Code Attributes

Often a span is closely tied to a certain unit of code that is logically responsible for handling the operation that the span describes (usually the method that starts the span). For an HTTP server span, this would be the function that handles the incoming request, for example. The attributes listed below allow to report this unit of code and therefore to provide more context about the span.

code.functionstringThe method or function name, or equivalent (usually rightmost part of the code unit’s name).serveRequestNo
code.namespacestringThe “namespace” within which code.function is defined. Usually the qualified class or module name, such that code.namespace + some separator + code.function form a unique identifier for the code
code.filepathstringThe source code file name that identifies the code unit as uniquely as possible (preferably an absolute file path)./usr/local/MyApplication/content_root/app/index.phpNo
code.linenointThe line number in code.filepath best representing the operation. It SHOULD point within the code unit named in code.function.42No