Versions Compared

Version Old Version 4 New Version 5
Changes made by

Juan Tomás Alonso Nieto

Juan Tomás Alonso Nieto

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
maxLevel2
typeflat

...

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

AWS Web Application Firewall (WAF)

cloud.aws.waf.logs

cloud.aws.waf.logs

For more information, read more about Devo tags.

How is the data sent to Devo?

Logs generated by AWS WAF service can be sent to AWS CloudWatch Logs, S3, and Kinesis Data Firehose services.

...

These are the fields displayed in this table:

cloud.aws.waf.logs

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

hostname

str

ACCID

str

ACCID_actual

str

action

REGION

str

eventdate

timestamp

timestamp

formatVersion

int4

hostchain

webaclId

str

hostname

terminatingRuleId

str

terminatingRuleType

str

httpRequest_args

action

str

httpRequest

terminatingRuleMatchDetails_conditionType_

clientIphttpRequest_headers_name

str

str

Code Block

httpRequest_country

str

join(terminatingRuleMatchDetails_conditionType, ',')

terminatingRuleMatchDetails_conditionType

terminatingRuleMatchDetails_location_str

str

Code Block
join(

httpRequest

terminatingRuleMatchDetails_

headers_name

location, ',')

httpRequest

terminatingRuleMatchDetails_

headers_name

location

httpRequest

terminatingRuleMatchDetails_

headers

matchedData_

value_

str

str

Code Block
join(

httpRequest

terminatingRuleMatchDetails_

headers_value

matchedData, ',')

httpRequest

terminatingRuleMatchDetails_

headers_valuehttpRequest_httpMethod

matchedData

httpSourceName

str

httpRequest_httpVersion

httpSourceId

str

httpRequest

ruleGroupList_ruleGroupId_

requestId

str

httpRequest_uri

httpSourceName

str

labels_name

str

httpSourceId

str

Code Block
join(ruleGroupList_ruleGroupId, ',')

ruleGroupList_ruleGroupId

ruleGroupList_terminatingRule_ruleId_str

str

Code Block
join(

labels

ruleGroupList_terminatingRule_

name

ruleId, ',')

labels

ruleGroupList_terminatingRule_

name

ruleId

nonTerminatingMatchingRules

ruleGroupList_terminatingRule_action_str

str

Code Block
join(

nonTerminatingMatchingRules

ruleGroupList_terminatingRule_action, ',')

nonTerminatingMatchingRules

ruleGroupList_terminatingRule_action

nonTerminatingMatchingRules

ruleGroupList_terminatingRule_

ruleId

ruleMatchDetails_str

str

Code Block
join(

nonTerminatingMatchingRules

ruleGroupList_terminatingRule_

ruleId

ruleMatchDetails, ',')

nonTerminatingMatchingRules

ruleGroupList_terminatingRule_

ruleId

ruleMatchDetails

rateBasedRuleList

ruleGroupList_

limitKey

nonTerminatingMatchingRules_str

str

Code Block
join(

rateBasedRuleList

ruleGroupList_

limitKey

nonTerminatingMatchingRules, ',')

rateBasedRuleList

ruleGroupList_

limitKey

nonTerminatingMatchingRules

rateBasedRuleList

ruleGroupList_

maxRateAllowed

excludedRules_str

str

Code Block

stringify

join(

json(rateBasedRuleList_maxRateAllowed)

ruleGroupList_excludedRules, ',')

rateBasedRuleList

ruleGroupList_

maxRateAllowed

REGION

str

requestHeadersInserted_name

excludedRules

rateBasedRuleList_rateBasedRuleId_str

str

Code Block
join(rateBasedRuleList_rateBasedRuleId, ',')

rateBasedRuleList_rateBasedRuleId

rawMessage

str

rateBasedRuleList_limitKey_str

str

Code Block
join(

requestHeadersInserted

rateBasedRuleList_

name

limitKey, ',')

requestHeadersInserted

rateBasedRuleList_

name

limitKey

requestHeadersInserted

rateBasedRuleList_

value

maxRateAllowed_str

str

Code Block

join

stringify(json(

requestHeadersInserted_value, ','

rateBasedRuleList_maxRateAllowed))

requestHeadersInserted

rateBasedRuleList_

value

responseCodeSent

int4

ruleGroupList_excludedRules

maxRateAllowed

nonTerminatingMatchingRules_action_str

str

Code Block
join(

ruleGroupList

nonTerminatingMatchingRules_

excludedRules

action, ',')

ruleGroupList

nonTerminatingMatchingRules_

excludedRules

action

ruleGroupList

nonTerminatingMatchingRules_

nonTerminatingMatchingRules

ruleId_str

str

Code Block
join(

ruleGroupList

nonTerminatingMatchingRules_

nonTerminatingMatchingRules

ruleId, ',')

ruleGroupList

nonTerminatingMatchingRules_

nonTerminatingMatchingRules

ruleId

ruleGroupList

requestHeadersInserted_

ruleGroupId

name_str

str

Code Block
join(

ruleGroupList

requestHeadersInserted_

ruleGroupId

name, ',')

ruleGroupList

requestHeadersInserted_

ruleGroupId

name

ruleGroupList

requestHeadersInserted_

terminatingRule_action

value_str

str

Code Block
join(

ruleGroupList

requestHeadersInserted_

terminatingRule_action

value, ',')

ruleGroupList_terminatingRule_action

ruleGroupList_terminatingRule_ruleId

requestHeadersInserted_value
responseCodeSent
int4
httpRequest_clientIp
str
httpRequest_country
str
httpRequest_headers_name_str
str
 Code Block
join(
ruleGroupList
httpRequest_
terminatingRule
headers_
ruleId
name, ',')
ruleGroupList
httpRequest_
terminatingRule
headers_
ruleId
name
ruleGroupList
httpRequest_
terminatingRule
headers_
ruleMatchDetails
value_str
str
 Code Block
join(
ruleGroupList
httpRequest_
terminatingRule
headers_
ruleMatchDetails
value, ',')
ruleGroupList
httpRequest_
terminatingRule
headers_
ruleMatchDetails
value
tag
httpRequest_uri
str
httpRequest_args
str
terminatingRuleId
httpRequest_httpVersion
str
terminatingRuleMatchDetails
httpRequest_
conditionType_str
httpMethod
str
 Code Block
join(terminatingRuleMatchDetails_conditionType, ',')
terminatingRuleMatchDetails_conditionType
terminatingRuleMatchDetails_location
httpRequest_requestId
str
labels_name_str
str
 Code Block
join(
terminatingRuleMatchDetails
labels_
location
name, ',')
terminatingRuleMatchDetails
labels_
locationterminatingRuleMatchDetails_matchedData_str
terminatingRuleType
str
timestamp
timestamp
webaclId
str
name
hostchain
str
 Code Block
join(terminatingRuleMatchDetails_matchedData, ',')
terminatingRuleMatchDetails_matchedData
tag
str
rawMessage
str