Versions Compared

Version Old Version 4 New Version 5
Changes made by

Juan Tomás Alonso Nieto

Juan Tomás Alonso Nieto

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
maxLevel2
typeflat

...

Tags beginning with auth.ping identify events generated by authentication services belonging to PingIdentity.

Valid tags and data tables

The full tag must have 4 levels. The first two are fixed asauth.ping. The third level identifies the type of events sent, and the fourth level indicates the event subtype. 

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tag

Data table

PingFederate

auth.ping.federate.audit

auth.ping.federate.audit

auth.ping.federate.security_audit

auth.ping.federate.security_audit

auth.ping.federate.server

auth.ping.federate.server

PingID

auth.ping.id.mfa

auth.ping.id.mfa

Table structure

These are the fields displayed in these tables:

Rw ui tabs macro
Rw tab
title1-2

...

...

Anchor
tag1
tag1
auth.ping.

...

federate.

...

Field

...

Value

...

audit

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

...

 

...

host

str

...

-

...

action

...

str

...

-

...

actors__type_str

...

str

...

-

...

actors__id_str

...

str

...

-

...

actors__name_str

...

str

...

-

...

source

...

str

...

-

...

id

...

str

...

-

...

client2

...

str

...

-

...

result__status

...

str

...

-

...

result__message

...

str

...

-

...

recorded

...

str

...

-

...

hostchain

...

str

...

...

tag

...

str

...

...

rawMessage

...

str

...

...

Code Block
split(hostchain, "=", 0)

hostchain

timestamp

timestamp

Code Block
parsedate(timestamp_date, +" " + timestamp_hour, dateformat("YYYY-MM-DD HH:mm:ss,SSS", "UTC"))

timestamp_hour

timestamp_date

event

str

 

 

subject

str

 

 

ip

ip4

 

 

app

str

 

 

connectionid

str

 

 

protocol

str

 

 

pfhost

str

 

 

role

str

 

 

status

str

 

 

adapterid

str

 

 

description

str

 

 

responsetime

str

 

 

message

str

 

rawMessage

hostchain

str

 

 

tag

str

 

 

rawMessage

str

 

 

Anchor
tag2
tag2
auth.ping.federate.security_audit

Field

Type

Extra fields

eventdate

timestamp

hostname

str

transactionTime

timestamp

trackingId

str

event

str

subject

str

ip

ip4

app

str

connectionId

str

protocol

str

host

str

role

str

status

str

adapterId

str

description

str

responseTime

int4

hostchain

str

tag

str

rawMessage

str

Rw tab
title3-4

...

Anchor
tag3
tag3
auth.ping.federate.

...

server

Field

Type

Field transformation

...

Source field name

Extra

...

fields

eventdate

timestamp

...

 

 

...

host

str

Code Block
split(hostchain, "=", 0)

hostchain

timestamp

timestamp

Code Block
parsedate(timestamp_date, +" " + timestamp_hour, dateformat("YYYY-

...

transactionTime

...

timestamp

...

-

...

trackingId

...

str

...

-

...

event

...

str

...

-

...

subject

...

str

...

-

...

ip

...

ip4

...

-

...

app

...

str

...

-

...

connectionId

...

str

...

-

...

protocol

...

str

...

-

...

host

...

str

...

-

...

role

...

str

...

-

...

status

...

str

...

-

...

adapterId

...

str

...

-

...

description

...

str

...

-

...

responseTime

...

int4

...

MM-DD HH:mm:ss,SSS", "UTC"))

timestamp_hour

timestamp_date

tid

str

 

 

logging_level

str

 

 

java_class

str

 

 

message

str

 

 

hostchain

str

 

 

tag

str

 

 

rawMessage

str

 

 

Anchor
tag4
tag4
auth.ping.id.mfa

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

hostname

str

action

str

actors__type_str

str

Code Block
join(actors__type, ',')

actors__type

actors__id_str

str

Code Block
join(actors__id, ',')

actors__id

actors__name_str

str

Code Block
join(actors__name, ',')

actors__name

source

str

id

str

client2

str

result__status

str

result__message

str

recorded

str

hostchain

str

tag

str

rawMessage

str