Table of Contents | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...
Valid tags and data tables
The full tag must have 4 levels. The first two are fixed ascdn.akamai
. The third level identifies the type of events sent, and the fourth level indicates the event subtype.
These are the valid tags and corresponding data tables that will receive the parsers' data:
Product / Service | Tags | Data tables |
---|---|---|
Akamai CDN |
|
|
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
...
For more information, read more about Devo tags.
How is the data sent to Devo?
Cloud Monitor sends event data in JSON format via HTTPs POST requests. For complete instructions, see the vendor documentation online.
...
Rw ui tabs macro | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Field | Type | Field transformation | Source field name | Extra fields | eventdate |
|
|
| type |
|
|
| format |
|
|
| version |
|
|
| id |
|
|
| timestamp_epoch |
|
|
| timestamp |
|
|
| cp |
|
|
| network_networkType |
|
|
| network_edgeIP |
|
| network_edgeIP2 | network_asnum |
|
| network_asnum2 | network_network |
|
|
| reqHdr_referer |
|
|
| reqHdr_cookie |
|
|
| AnalysisUserId |
|
|
| bm_sv |
|
|
| ak_bmsc |
|
|
| akamai_ro |
|
|
| reqHdr_accEnc |
|
|
| reqHdr_accLang |
|
|
| reqHdr_conn |
|
|
| reqHdr_auth |
|
|
| reqHdr_DNT |
|
|
| reqHdr_cacheCtl |
|
|
| reqHdr_expect |
|
|
| reqHdr_ifMod |
|
|
| reqHdr_ifNone |
|
|
| reqHdr_ifRange |
|
|
| reqHdr_range |
|
|
| reqHdr_te |
|
|
| reqHdr_upgrade |
|
|
| reqHdr_via |
|
|
| reqHdr_xFrwdFor |
|
|
| reqHdr_xReqWith |
|
|
| geo_lat |
|
| geo_lat2 | geo_country |
|
|
| geo_region |
|
|
| geo_long |
|
| geo_long2 | geo_city |
|
|
| netPerf_asnum |
|
| netPerf_asnum2 | netPerf_cacheStatus |
|
| netPerf_cacheStatus2 | netPerf_lastMileRTT |
|
| netPerf_lastMileRTT2 | netPerf_downloadTime |
|
| netPerf_downloadTime2 | netPerf_edgeIP |
|
| netPerf_edgeIP2 | netPerf_lastByte |
|
| netPerf_lastByte2 | netPerf_firstByte |
|
| netPerf_firstByte2 | netPerf_midMileLatency |
|
| netPerf_midMileLatency2 | netPerf_midMileRTT |
|
| netPerf_midMileRTT2 | netPerf_netOriginLatency |
|
| netPerf_netOriginLatency2 | respHdr_contEnc |
|
|
| respHdr_cacheCtl |
|
|
| respHdr_contLang |
|
|
| respHdr_server |
|
|
| respHdr_date |
|
|
| respHdr_setCookie |
|
|
| respHdr_conn |
|
|
| respHdr_Sampled |
|
|
| respHdr_UA |
|
|
| respHdr_accRange |
|
|
| respHdr_acs_tput |
|
|
| respHdr_allow |
|
|
| respHdr_allowOrigin |
|
|
| respHdr_application |
|
|
| respHdr_asnum |
|
|
| respHdr_bytes |
|
|
| respHdr_cache_frags |
|
|
| respHdr_city |
|
|
| respHdr_cliIP |
|
|
| respHdr_clientTLSSNIName |
|
|
| respHdr_contDisp |
|
|
| respHdr_contRange |
|
|
| respHdr_denyData |
|
|
| respHdr_denyRules |
|
|
| respHdr_eTag |
|
|
| respHdr_edgeIP |
|
|
| respHdr_expires |
|
|
| respHdr_fwdHost |
|
|
| respHdr_fwd_bytes |
|
|
| respHdr_lastByte |
|
|
| respHdr_lastMod |
|
|
| respHdr_lat |
|
|
| respHdr_long |
|
|
| respHdr_network |
|
|
| respHdr_networkType |
|
|
| respHdr_parent_tput |
|
|
| respHdr_peer_tput |
|
|
| respHdr_reqHost |
|
|
| respHdr_reqMethod |
|
|
| respHdr_reqPath |
|
|
| respHdr_reqPort |
|
|
| respHdr_respCT |
|
|
| respHdr_retry |
|
|
| respHdr_sslVer |
|
|
| respHdr_status |
|
|
| respHdr_vary |
|
|
| respHdr_wafDenyData |
|
|
| respHdr_wafDenyRules |
|
|
| respHdr_wwwAuth |
|
|
| respHdr_xPwrdBy |
|
|
| message_status |
|
| message_status2 | message_cliIP |
|
| message_cliIP2 | message_protoVer |
|
| message_protoVer2 | message_proto |
|
|
| message_respCT |
|
|
| message_reqQuery |
|
|
| message_bytes |
|
| message_bytes2 | message_reqPath |
|
|
| message_respLen |
|
| message_respLen2 | message_reqPort |
|
| message_reqPort2 | message_reqHost |
|
|
| message_reqMethod |
|
|
| message_sslVer |
|
|
| message_UA |
|
|
| message_fwdHost |
|
|
| message_redirURL |
|
|
| message_reqCT |
|
|
| message_reqLen |
|
|
| message_URL |
|
| message_proto message_reqPort message_reqPath message_reqHost | waf_denyData |
|
|
| waf_denyRules |
|
|
| waf_denyDor |
|
|
| waf_model |
|
|
| waf_oft |
|
|
| waf_pAction |
|
|
| waf_pRate |
|
|
| waf_policy |
|
|
| waf_riskGroups |
|
|
| waf_riskScores |
|
|
| waf_riskTuples |
|
|
| waf_rsr |
|
|
| waf_ruleSet |
|
|
| waf_ver |
|
|
| waf_warnData |
|
|
| waf_warnRules |
|
|
| waf_warnTags |
|
|
| waf_warnSlrs |
|
|
| Custom_warnData_Username |
|
|
| content_Custom_BOT_ANOMALY_BEHAVIOR |
|
|
| content_Custom_warnDataEmail |
|
|
| content_Custom_warnDataEmpID |
|
|
| content_Custom_warnDataFirstName |
|
|
| content_Custom_warnDataHireDate |
|
|
| content_Custom_warnDataLastName |
|
|
| content_Reputation |
|
|
| content_trace_ParentSpanId |
|
|
| content_trace_Sampled |
|
|
| content_trace_SpanId |
|
|
| content_trace_SpanName |
|
|
| content_trace_TraceId |
|
|
| content_trace_application |
|
|
| originalJson |
|
| rawMessage | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
hostchain |
|
|
| ✓ | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
tag |
|
|
| ✓ | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rawMessage |
|
|
| ✓ |
Rw tab | ||
---|---|---|
|
Field
Type
Field transformation
Source field name
Extra fields
eventdate
timestamp
type
str
format
str
version
str
id
str
timestamp_epoch
str
timestamp
timestamp
cp
str
network_networkType
str
network_edgeIP
ip4
network_edgeIP2
network_asnum
int4
Code Block |
---|
int4(network_asnum2) |
network_asnum2
network_network
str
reqHdr_referer
str
reqHdr_cookie
str
AnalysisUserId
str
bm_sv
str
ak_bmsc
str
akamai_ro
str
reqHdr_accEnc
str
reqHdr_accLang
str
reqHdr_conn
str
reqHdr_auth
str
reqHdr_DNT
str
reqHdr_cacheCtl
str
reqHdr_expect
str
reqHdr_ifMod
str
reqHdr_ifNone
str
reqHdr_ifRange
str
reqHdr_range
str
reqHdr_te
str
reqHdr_upgrade
str
reqHdr_via
str
reqHdr_xFrwdFor
str
reqHdr_xReqWith
str
geo_lat
float8
Code Block |
---|
float8(geo_lat2) |
geo_lat2
geo_country
str
geo_region
str
geo_long
float8
Code Block |
---|
float8(geo_long2) |
geo_long2
geo_city
str
netPerf_asnum
int4
Code Block |
---|
int4(netPerf_asnum2) |
netPerf_asnum2
netPerf_cacheStatus
int4
Code Block |
---|
int4(netPerf_cacheStatus2) |
netPerf_cacheStatus2
netPerf_lastMileRTT
int4
Code Block |
---|
int4(netPerf_lastMileRTT2) |
netPerf_lastMileRTT2
netPerf_downloadTime
int4
Code Block |
---|
int4(netPerf_downloadTime2) |
netPerf_downloadTime2
netPerf_edgeIP
ip4
netPerf_edgeIP2
netPerf_lastByte
int4
Code Block |
---|
int4(netPerf_lastByte2) |
netPerf_lastByte2
netPerf_firstByte
int4
Code Block |
---|
int4(netPerf_firstByte2) |
netPerf_firstByte2
netPerf_midMileLatency
int4
Code Block |
---|
int4(netPerf_midMileLatency2) |
netPerf_midMileLatency2
netPerf_midMileRTT
int4
Code Block |
---|
int4(netPerf_midMileRTT2) |
netPerf_midMileRTT2
netPerf_netOriginLatency
int4
Code Block |
---|
int4(netPerf_netOriginLatency2) |
netPerf_netOriginLatency2
respHdr_contEnc
str
respHdr_cacheCtl
str
respHdr_contLang
str
respHdr_server
str
respHdr_date
str
respHdr_setCookie
str
respHdr_conn
str
respHdr_Sampled
str
respHdr_UA
str
respHdr_accRange
str
respHdr_acs_tput
str
respHdr_allow
str
respHdr_allowOrigin
str
respHdr_application
str
respHdr_asnum
str
respHdr_bytes
str
respHdr_cache_frags
str
respHdr_city
str
respHdr_cliIP
str
respHdr_clientTLSSNIName
str
respHdr_contDisp
str
respHdr_contRange
str
respHdr_denyData
str
respHdr_denyRules
str
respHdr_eTag
str
respHdr_edgeIP
str
respHdr_expires
str
respHdr_fwdHost
str
respHdr_fwd_bytes
str
respHdr_lastByte
str
respHdr_lastMod
str
respHdr_lat
str
respHdr_long
str
respHdr_network
str
respHdr_networkType
str
respHdr_parent_tput
str
respHdr_peer_tput
str
respHdr_reqHost
str
respHdr_reqMethod
str
respHdr_reqPath
str
respHdr_reqPort
str
respHdr_respCT
str
respHdr_retry
str
respHdr_sslVer
str
respHdr_status
str
respHdr_vary
str
respHdr_wafDenyData
str
respHdr_wafDenyRules
str
respHdr_wwwAuth
str
respHdr_xPwrdBy
str
message_status
int4
Code Block |
---|
int4(message_status2) |
message_status2
message_cliIP
ip4
message_cliIP2
message_protoVer
float4
Code Block |
---|
float4(message_protoVer2) |
message_protoVer2
message_proto
str
message_respCT
str
message_reqQuery
str
message_bytes
int4
Code Block |
---|
int4(message_bytes2) |
message_bytes2
message_reqPath
str
message_respLen
int4
Code Block |
---|
int4(message_respLen2) |
message_respLen2
message_reqPort
int4
Code Block |
---|
int4(message_reqPort2) |
message_reqPort2
message_reqHost
str
message_reqMethod
str
message_sslVer
str
message_UA
str
message_fwdHost
str
message_redirURL
str
message_reqCT
str
message_reqLen
int8
message_URL
str
Code Block |
---|
message_proto + "://" + message_reqHost + ":" + message_reqPort + message_reqPath |
message_proto
message_reqHost
message_reqPort
message_reqPath
waf_denyData
str
waf_denyRules
str
waf_denyDor
str
waf_model
str
waf_oft
str
waf_pAction
str
waf_pRate
str
waf_policy
str
waf_riskGroups
str
waf_riskScores
str
waf_riskTuples
str
waf_rsr
str
waf_ruleSet
str
waf_ver
str
waf_warnData
str
waf_warnRules
str
waf_warnTags
str
waf_warnSlrs
str
Custom_warnData_Username
str
content_Custom_BOT_ANOMALY_BEHAVIOR
str
content_Custom_warnDataEmail
str
content_Custom_warnDataEmpID
str
content_Custom_warnDataFirstName
str
content_Custom_warnDataHireDate
str
content_Custom_warnDataLastName
str
content_Reputation
str
content_trace_ParentSpanId
str
content_trace_Sampled
str
content_trace_SpanId
str
content_trace_SpanName
str
content_trace_TraceId
str
content_trace_application
str
originalJson
str
rawMessage
hostchain
str
✓
tag
str
✓
rawMessage
str
Anchor | ||||
---|---|---|---|---|
|
Field | Type | Extra fields |
---|---|---|
eventdate |
|
|
event_data |
|
|
event_id |
|
|
event_time |
|
|
event_type__event_definition__event_definition_id |
|
|
event_type__event_definition__event_description |
|
|
event_type__event_definition__event_name |
|
|
event_type__event_type_id |
|
|
event_type__event_type_name |
|
|
impersonator |
|
|
username |
|
|
hostchain |
| ✓ |
tag |
| ✓ |
rawMessage |
| ✓ |
Anchor | ||||
---|---|---|---|---|
|
Field | Type | Field transformation | Source field name | Extra fields | ||
---|---|---|---|---|---|---|
eventdate |
|
|
| |||
type |
|
|
| |||
format |
|
|
| |||
version |
|
|
| |||
id |
|
| id_tmp reqId_tmp | |||
reqId |
|
| id_tmp reqId_tmp | |||
timestamp |
|
| timestamp_tmp timestamp2_tmp | |||
timestamp_epoch |
|
| timestamp2_epoch_tmp timestamp_epoch_tmp | |||
reqTimeSec |
|
| timestamp_epoch | |||
cp |
|
|
| |||
network_networkType |
|
|
| |||
network_edgeIP |
|
| network_edgeIP2 edgeIP2 | |||
edgeIP |
|
| network_edgeIP2 edgeIP2 | |||
network_edgeIPStr |
|
| network_edgeIPStr2 edgeIPStr2 | |||
edgeIPStr |
|
| network_edgeIPStr2 edgeIPStr2 | |||
network_asnum |
|
| network_asnum2 | |||
network_network |
|
|
| |||
reqHdr_referer |
|
|
| |||
reqHdr_cookie |
|
|
| |||
AnalysisUserId |
|
|
| |||
bm_sv |
|
|
| |||
ak_bmsc |
|
|
| |||
akamai_ro |
|
|
| |||
reqHdr_accEnc |
|
|
| |||
reqHdr_accLang |
|
|
| |||
reqHdr_conn |
|
|
| |||
reqHdr_basic_username |
|
|
| |||
reqHdr_authHash |
|
|
| |||
reqHdr_auth |
|
|
| |||
reqHdr_DNT |
|
|
| |||
reqHdr_cacheCtl |
|
|
| |||
reqHdr_expect |
|
|
| |||
reqHdr_ifMod |
|
|
| |||
reqHdr_ifNone |
|
|
| |||
reqHdr_ifRange |
|
|
| |||
reqHdr_range |
|
|
| |||
reqHdr_te |
|
|
| |||
reqHdr_upgrade |
|
|
| |||
reqHdr_via |
|
|
| |||
reqHdr_xFrwdFor |
|
|
| |||
reqHdr_xReqWith |
|
|
| |||
reqHdr_jwt |
|
|
| |||
reqHdr_jwt_kid |
|
|
| |||
reqHdr_jwt_trust |
|
|
| |||
reqHdr_jwt_iat |
|
|
| |||
reqHdr_jwt_exp |
|
|
| |||
reqHdr_jwt_iss |
|
|
| |||
reqHdr_jwt_jti |
|
|
| |||
reqHdr_jwt_lat |
|
|
| |||
reqHdr_jwt_aud |
|
|
| |||
reqHdr_jwt_sub |
|
|
| |||
reqHdr_jwt_sbt |
|
|
| |||
reqHdr_jwt_source |
|
|
| |||
reqHdr_cookies_length |
|
|
| |||
reqHdr_cookies_count |
|
|
| |||
reqHdr_cookies_items_anonymousId |
|
|
| |||
reqHdr_jwt_scp_str |
|
| reqHdr_jwt_scp | |||
reqHdr_jwt_prn |
|
|
| |||
reqHdr_jwt_prt |
|
|
| |||
geo_lat |
|
| geo_lat2 | |||
geo_country |
|
|
| |||
country |
|
| geo_country | |||
geo_region |
|
|
| |||
geo_long |
|
| geo_long2 | |||
geo_city |
|
|
| |||
city |
|
| geo_city | |||
netPerf_asnum |
|
| netPerf_asnum2 | |||
netPerf_cacheStatus |
|
| netPerf_cacheStatus2 | |||
cacheStatus |
|
| netPerf_cacheStatus | |||
netPerf_lastMileRTT |
|
| netPerf_lastMileRTT2 | |||
netPerf_downloadTime |
|
| netPerf_downloadTime2 | |||
netPerf_edgeIP |
|
| netPerf_edgeIP2 | |||
netPerf_lastByte |
|
| netPerf_lastByte2 | |||
netPerf_firstByte |
|
| netPerf_firstByte2 | |||
netPerf_midMileLatency |
|
| netPerf_midMileLatency2 | |||
netPerf_midMileRTT |
|
| netPerf_midMileRTT2 | |||
netPerf_netOriginLatency |
|
| netPerf_netOriginLatency2 | |||
respHdr_contEnc |
|
|
| |||
respHdr_cacheCtl |
|
|
| |||
respHdr_contLang |
|
|
| |||
respHdr_server |
|
|
| |||
respHdr_date |
|
|
| |||
respHdr_setCookie |
|
|
| |||
respHdr_conn |
|
|
| |||
respHdr_Sampled |
|
|
| |||
respHdr_UA |
|
|
| |||
respHdr_accRange |
|
|
| |||
respHdr_acs_tput |
|
|
| |||
respHdr_allow |
|
|
| |||
respHdr_allowOrigin |
|
|
| |||
respHdr_application |
|
|
| |||
respHdr_asnum |
|
|
| |||
respHdr_bytes |
|
|
| |||
respHdr_cache_frags |
|
|
| |||
respHdr_city |
|
|
| |||
respHdr_cliIP |
|
|
| |||
respHdr_clientTLSSNIName |
|
|
| |||
respHdr_contDisp |
|
|
| |||
respHdr_contRange |
|
|
| |||
respHdr_denyData |
|
|
| |||
respHdr_denyRules |
|
|
| |||
respHdr_eTag |
|
|
| |||
respHdr_edgeIP |
|
|
| |||
respHdr_expires |
|
|
| |||
respHdr_fwdHost |
|
|
| |||
respHdr_fwd_bytes |
|
|
| |||
respHdr_lastByte |
|
|
| |||
respHdr_lastMod |
|
|
| |||
respHdr_lat |
|
|
| |||
respHdr_long |
|
|
| |||
respHdr_network |
|
|
| |||
respHdr_networkType |
|
|
| |||
respHdr_parent_tput |
|
|
| |||
respHdr_peer_tput |
|
|
| |||
respHdr_reqHost |
|
|
| |||
respHdr_reqMethod |
|
|
| |||
respHdr_reqPath |
|
|
| |||
respHdr_reqPort |
|
|
| |||
respHdr_respCT |
|
|
| |||
respHdr_retry |
|
|
| |||
respHdr_sslVer |
|
|
| |||
respHdr_status |
|
|
| |||
respHdr_vary |
|
|
| |||
respHdr_wafDenyData |
|
|
| |||
respHdr_wafDenyRules |
|
|
| |||
respHdr_wwwAuth |
|
|
| |||
respHdr_xPwrdBy |
|
|
| |||
message_status |
|
| message_status2 statusCode_tmp | |||
statusCode |
|
| message_status2 statusCode_tmp | |||
message_cliIP |
|
| message_cliIP2 | |||
cliIP |
|
| message_cliIP | |||
message_cliIPStr |
|
|
| |||
message_protoVer |
|
| message_protoVer2 | |||
proto |
|
|
| |||
message_proto |
|
|
| |||
message_respCT |
|
| message_respCT_tmp rspContentType_tmp | |||
rspContentType |
|
| message_respCT_tmp rspContentType_tmp | |||
message_reqQuery |
|
| queryStr_tmp message_reqQuery_tmp | |||
queryStr |
|
| queryStr_tmp message_reqQuery_tmp | |||
message_bytes |
|
| message_bytes2 | |||
bytes |
|
| message_bytes | |||
message_reqPath |
|
|
| |||
reqPath |
|
| message_reqPath | |||
message_respLen |
|
| message_respLen2 rspContentLen_tmp | |||
rspContentLen |
|
| message_respLen2 rspContentLen_tmp | |||
message_reqPort |
|
| message_reqPort2 | |||
reqPort |
|
| message_reqPort | |||
message_reqHost |
|
|
| |||
reqHost |
|
| message_reqHost | |||
message_reqMethod |
|
|
| |||
reqMethod |
|
| message_reqMethod | |||
message_sslVer |
|
| tlsVersion_tmp message_sslVer_tmp | |||
tlsVersion |
|
| tlsVersion_tmp message_sslVer_tmp | |||
message_UA |
|
|
| |||
UA |
|
| message_UA | |||
message_fwdHost |
|
|
| |||
message_redirURL |
|
|
| |||
message_reqCT |
|
|
| |||
message_reqLen |
|
|
| |||
waf_denyData |
|
|
| |||
waf_denyRules |
|
|
| |||
waf_denyDor |
|
|
| |||
waf_model |
|
|
| |||
waf_oft |
|
|
| |||
waf_pAction |
|
|
| |||
waf_pRate |
|
|
| |||
waf_policy |
|
|
| |||
waf_riskGroups |
|
|
| |||
waf_riskScores |
|
|
| |||
waf_riskTuples |
|
|
| |||
waf_rsr |
|
|
| |||
waf_ruleSet |
|
|
| |||
waf_ver |
|
|
| |||
waf_warnData |
|
|
| |||
waf_warnRules |
|
|
| |||
waf_warnTags |
|
|
| |||
waf_warnSlrs |
|
|
| |||
Custom_warnData_Username |
|
|
| |||
content_Custom_BOT_ANOMALY_BEHAVIOR |
|
|
| |||
content_Custom_warnDataEmail |
|
|
| |||
content_Custom_warnDataEmpID |
|
|
| |||
content_Custom_warnDataFirstName |
|
|
| |||
content_Custom_warnDataHireDate |
|
|
| |||
content_Custom_warnDataLastName |
|
|
| |||
content_Reputation |
|
|
| |||
content_trace_ParentSpanId |
|
|
| |||
content_trace_Sampled |
|
|
| |||
content_trace_SpanId |
|
|
| |||
content_trace_SpanName |
|
|
| |||
content_trace_TraceId |
|
|
| |||
content_trace_application |
|
|
| |||
content_Custom_Log_Reference_Error |
|
|
| |||
content_Custom_Log_Custom_FirstName |
|
|
| |||
content_Custom_Log_Custom_LastName |
|
|
| |||
content_Custom_Log_Custom_Email |
|
|
| |||
content_Custom_Log_Custom_Username |
|
|
| |||
content_Custom_Log_Custom_Phone |
|
|
| |||
tlsOverheadTimeMSec |
|
| tlsOverheadTimeMSec_tmp | |||
objSize |
|
| objSize_tmp | |||
uncompressedSize |
|
| uncompressedSize_tmp | |||
overheadBytes |
|
| overheadBytes_tmp | |||
totalBytes |
|
| totalBytes_tmp | |||
accLang |
|
|
| |||
cookie |
|
|
| |||
range |
|
|
| |||
referer |
|
|
| |||
xForwardedFor |
|
|
| |||
maxAgeSec |
|
| maxAgeSec_tmp | |||
reqEndTimeMSec |
|
| reqEndTimeMSec_tmp | |||
errorCode |
|
|
| |||
customField |
|
|
| |||
state |
|
|
| |||
turnAroundTimeMSec |
|
| turnAroundTimeMSec_tmp | |||
transferTimeMSec |
|
| transferTimeMSec_tmp | |||
dnsLookupTimeMSec |
|
| dnsLookupTimeMSec_tmp | |||
billingRegion |
|
|
| |||
serverCountry |
|
|
| |||
streamId |
|
|
| |||
breadcrumbs |
|
|
| |||
lastByte |
|
|
| |||
edgeWorkers_usage |
|
|
| |||
edgeWorkers_execution |
|
|
| |||
securityRules |
|
|
| |||
originalJson |
|
| rawMessage | |||
hostchain |
|
|
| ✓ | ||
tag |
|
|
| ✓ | ||
rawMessage |
|
|
| ✓ |
Anchor | ||||
---|---|---|---|---|
|
Field | Type | Field transformation | Source field name | Extra fields | ||
---|---|---|---|---|---|---|
eventdate |
| |||||
type |
| |||||
format |
| |||||
version |
| |||||
attackData_configId |
| |||||
attackData_policyId |
| |||||
attackData_clientIP |
| |||||
attackData_rules |
| |||||
attackData_ruleVersions |
| |||||
attackData_ruleMessages |
| |||||
attackData_ruleTags |
| |||||
attackData_ruleData |
| |||||
attackData_ruleSelectors |
| |||||
attackData_ruleActions |
| |||||
attackData_ruleValues_rules |
|
| attackData_ruleValues_rules_array | |||
attackData_ruleValues_ruleVersions |
|
| attackData_ruleValues_ruleVersions_array | |||
attackData_ruleValues_ruleMessages |
|
| attackData_ruleValues_ruleMessages_array | |||
attackData_ruleValues_ruleTags |
|
| attackData_ruleValues_ruleTags_array | |||
attackData_ruleValues_ruleData |
|
| attackData_ruleValues_ruleData_array | |||
attackData_ruleValues_ruleSelectors |
|
| attackData_ruleValues_ruleSelectors_array | |||
attackData_ruleValues_ruleActions |
|
| attackData_ruleValues_ruleActions_array | |||
attackData_clientReputation |
| |||||
httpMessage_requestId |
| |||||
httpMessage_start |
| |||||
httpMessage_protocol |
| |||||
httpMessage_method |
| |||||
httpMessage_host |
| |||||
httpMessage_port |
| |||||
httpMessage_path |
| |||||
httpMessage_requestHeaders |
| |||||
httpMessage_status |
| |||||
httpMessage_bytes |
| |||||
httpMessage_responseHeaders |
| |||||
geo_continent |
| |||||
geo_country |
| |||||
geo_city |
| |||||
geo_regionCode |
| |||||
geo_asn |
| |||||
hostchain |
| ✓ | ||||
tag |
| ✓ | ||||
rawMessage |
| ✓ |