...
Anchor | ||||
---|---|---|---|---|
|
Field | Type | Field transformation | Source field name | Extra fields | ||
---|---|---|---|---|---|---|
eventdate |
|
|
| |||
hostname |
|
|
| |||
account |
|
|
| |||
cluster |
|
|
| |||
host |
|
|
| |||
ingester |
|
|
| |||
logtype |
|
|
| |||
file |
|
|
| |||
line |
|
|
| |||
rawline |
|
|
| |||
ts |
|
|
| |||
platform |
|
|
| |||
app |
|
|
| |||
ip_v4 |
|
| ip | |||
ip_v6 |
|
| ip | |||
_key2 |
|
|
| |||
level2 |
|
|
| |||
bid |
|
|
| |||
data_event |
|
|
| |||
log_source_crn |
|
|
| |||
save_service_copy |
|
|
| |||
id |
|
|
| |||
event_id |
|
|
| |||
correlation_id |
|
|
| |||
event_time |
|
|
| |||
event_outcome |
|
|
| |||
action |
|
|
| |||
severity |
|
|
| |||
message |
|
|
| |||
mezmo_line_size |
|
|
| |||
observer__name |
|
|
| |||
initiator__id |
|
|
| |||
initiator__name |
|
|
| |||
initiator__authn_id |
|
|
| |||
initiator__authn_name |
|
|
| |||
initiator__type_uri |
|
|
| |||
initiator__host__agent |
|
|
| |||
initiator__host__address_ip4 |
|
| initiator__host__address | |||
initiator__host__address_vp6 |
|
| initiator__host__address | |||
initiator__host__address_type |
|
|
| |||
initiator__credential__type |
|
|
| |||
reason__reason_code |
|
|
| |||
reason__reason_type |
|
|
| |||
destination_ip__id |
|
|
| |||
destination_ip__type_uri |
|
|
| |||
destination_ip__name |
|
|
| |||
request_data__local_time |
|
|
| |||
request_data__tag_type |
|
|
| |||
request_data__body__tag_names |
|
|
| |||
request_data__body__o_resources |
|
|
| |||
response_data__results |
|
|
| |||
at_devo_environment |
|
|
| |||
at_devo_pulling_id |
|
|
| |||
hostchain |
|
|
| ✓ | ||
tag |
|
|
| ✓ | ||
rawMessage |
|
|
| ✓ |
Anchor | ||||
---|---|---|---|---|
|
...
Anchor | ||||
---|---|---|---|---|
|
Field | Type | Field transformation | Source field name | Extra fields | ||
---|---|---|---|---|---|---|
eventdate |
|
|
| |||
hostname |
|
|
| |||
account |
|
|
| |||
key |
|
|
| |||
version |
|
|
| |||
collector_crn |
|
|
| |||
attached_endpoint_type |
|
|
| |||
network_interface_id |
|
|
| |||
instance_crn |
|
|
| |||
vpc_crn |
|
|
| |||
capture_end_time |
|
|
| |||
capture_start_time |
|
|
| |||
state |
|
|
| |||
flow_log_start_time |
|
|
| |||
flow_log_end_time |
|
|
| |||
flow_log_direction |
|
|
| |||
flow_log_action |
|
|
| |||
flow_log_initiator_ip_v4 |
|
| flow_log_initiator_ip | |||
flow_log_initiator_ip_v6 |
|
| flow_log_initiator_ip | |||
flow_log_initiator_port |
|
|
| |||
flow_log_target_ip_v4 |
|
| flow_log_target_ip | |||
flow_log_target_ip_v6 |
|
| flow_log_target_ip | |||
flow_log_target_port |
|
|
| |||
flow_log_transport_protocol |
|
|
| |||
flow_log_ether_type |
|
|
| |||
flow_log_was_initiated |
|
|
| |||
flow_log_was_terminated |
|
|
| |||
flow_log_bytes_from_initiator |
|
|
| |||
flow_log_packets_from_initiator |
|
|
| |||
flow_log_bytes_from_target |
|
|
| |||
flow_log_packets_from_target |
|
|
| |||
flow_log_cumulative_packets_from_initiator |
|
|
| |||
flow_log_cumulative_packets_from_target |
|
|
| |||
flow_log_cumulative_bytes_from_target |
|
|
| |||
flow_log_cumulative_bytes_from_initiator |
|
|
| |||
at_devo_environment |
|
|
| |||
at_devo_pulling_id |
|
|
| |||
hostchain |
|
|
| ✓ | ||
tag |
|
|
| ✓ | ||
rawMessage |
|
|
| ✓ |