Page Comparison

...

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service	Tags	Data tables
IBM Cloud Activity Tracker	`cloud.ibm.activity_tracker.audit`	`cloud.ibm.activity_tracker.audit`
IBM SoftLayer	`cloud.ibm.softlayer.event_log`	`cloud.ibm.softlayer.event_log`
IBM Cloud Virtual Private Cloud (VPC)	`cloud.ibm.vpc.flow_log`	`cloud.ibm.vpc.flow_log`

For more information, read more About Devo tags.

...

Anchor
tag1
tag1
cloud.ibm.activity_tracker.audit

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

hostname

str

account

str

cluster

str

host

str

ingester

str

logtype

str

file

str

line

str

rawline

str

ts

timestamp

platform

str

app

str

ip_v4

ip4

Code Block
ip4(ip)

ip

ip_v6

ip6

Code Block
ip6(ip)

ip

_key2

str

level2

str

bid

str

data_event

bool

log_source_crn

str

save_service_copy

bool

id

str

event_id

str

correlation_id

str

event_time

str

event_outcome

str

action

str

severity

str

message

str

mezmo_line_size

int4

observer__name

str

initiator__id

str

initiator__name

str

initiator__authn_id

str

initiator__authn_name

str

initiator__type_uri

str

initiator__host__agent

str

initiator__host__address_ip4

ip4

Code Block
ip4(initiator__host__address)

initiator__host__address

initiator__host__address_vp6

ip6

Code Block
ip6(initiator__host__address)

initiator__host__address

initiator__host__address_type

str

initiator__credential__type

str

reason__reason_code

int4

reason__reason_type

str

destination_ip__id

str

destination_ip__type_uri

str

destination_ip__name

str

request_data__local_time

str

request_data__tag_type

str

request_data__body__tag_names

str

request_data__body__o_resources

str

response_data__results

str

at_devo_environment

str

at_devo_pulling_id

str

hostchain

str

✓

tag

str

✓

rawMessage

str

✓

Anchor
tag2
tag2
cloud.ibm.softlayer.event_log

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

hostname

str

account_id

int8

event_create_date

str

event_name

str

ipv4

ip4

Code Block
ip4(ip)

ip

ipv6

ip6

Code Block
ip6(ip)

ip

label

str

meta_data

str

object_id

int8

object_name

str

trace_id

str

user_id

int8

user_type

str

open_id_connect_user_name

str

username

str

at_devo_environment

str

at_devo_pulling_id

str

hostchain

str

✓

tag

str

✓

rawMessage

str

✓

Anchor
tag3
tag3
cloud.ibm.vpc.flow_log

Field	Type	Field transformation	Source field name	Extra fields
eventdate	`timestamp`
hostname	`str`
account	`str`

cluster


key	`str`

host


version	`str`

ingester


collector_crn	`str`

logtype

str

file

str

line

str

rawline

str

ts

timestamp

app

str

ip4

ip4

Code Block
ip4(ip)

ip

ip6

ip6

Code Block
ip6(ip)

ip

_key2

bid

str


attached_endpoint_type	`str`

level2

str

network_interface_id

str

state

str

capture_start_time

timestamp

vpc


instance_crn	`str`

version

str

instance


vpc_crn	`str`
capture_end_time	`timestamp`

attached

capture_

endpoint

start_

type

time

str

timestamp

collector_crn


state	`str`
flow_log_start_time

str

`timestamp`
flow_log_end_time

str

timestamp

connection

flow_

start_time

timestamp

log_direction	`str`
flow_log_action	`str`
flow_log_initiator_ip_

ip4

v4

ip4

Code Block
ip4(flow_log_initiator_ip)

flow_log_initiator_ip

flow_log_initiator_

ip6

ip_v6

ip6

Code Block
ip6(flow_log_initiator_ip)

flow_log_initiator_ip

flow_log_initiator_port

int4

flow_log_target_

ip4

ip_v4

ip4

Code Block
ip4(flow_log_target_ip)

flow_log_target_ip

flow_log_target_ip_

ip6

v6

ip6

Code Block
ip6(flow_log_target_ip)

flow_log_target_ip

initiator_port

int4


flow_log_target_port	`int4`
flow_log_transport_protocol	`int4`
flow_log_ether_type	`str`
flow_log_was_initiated	`bool`
flow_log_was_terminated	`bool`
flow_log_bytes_from_initiator	`int4`
flow_log_packets_from_initiator	`int4`
flow_log_bytes_from_target	`int4`
flow_log_packets_from_target	`int4`
flow_log_cumulative_

bytes

packets_from_initiator	`int4`
flow_log_cumulative_packets_from_

initiator

target	`int4`
flow_log_cumulative_bytes_from_target

int4

`int8`
flow_log_cumulative_

packets

bytes_from_

target

int4

key

str

mezmo_line_size

int4

id

str

initiator	`int8`
at_devo_environment	`str`
at_devo_pulling_id	`str`
hostchain	`str`	✓
tag	`str`	✓
rawMessage	`str`	✓

Versions Compared

Old Version 1

New Version 2

Key

Anchor
tag1
tag1
cloud.ibm.activity_tracker.audit

Anchor
tag2
tag2
cloud.ibm.softlayer.event_log

Anchor
tag3
tag3
cloud.ibm.vpc.flow_log

Page Comparison

Versions Compared

Old Version 1

New Version 2

Key

Anchortag1tag1cloud.ibm.activity_tracker.audit

Anchortag2tag2cloud.ibm.softlayer.event_log

Anchortag3tag3cloud.ibm.vpc.flow_log

Anchor
tag1
tag1
cloud.ibm.activity_tracker.audit

Anchor
tag2
tag2
cloud.ibm.softlayer.event_log

Anchor
tag3
tag3
cloud.ibm.vpc.flow_log