Introduction
The tags beginning with network.vmware
identify events generated by VMware.
Tag structure
Therefore, the only valid tag and table is:
network.vmware.airwatch.events
The full tag must have four levels. The first two are fixed asnetwork.vmware
. The third level identifies the type of event sent, and it is fixed as airwatch. Then, the fourth level identifies the subtype and is fixed as events.
...
Technology
...
Brand
...
Type
...
Subtype
...
network
...
vmware
...
airwatch
...
events
.
These are the valid tags and corresponding data tables that will receive the parsers' data:
Product / Service | Tags | Data tables |
---|
VMware AirWatch | network.vmware.airwatch.events
| network.vmware.airwatch.events
|
VMware NSX Advanced Load Balancer (Avi Networks) | network.vmware.nsx_avi.generic_event
| network.vmware.nsx_avi.generic_event
|
VMware NSX Controller | network.vmware.nsx_controller
| network.vmware.nsx_controller
|
network.vmware.nsx_controller.falcon
| network.vmware.nsx_controller.falcon
|
VMware NSX Edge | network.vmware.nsx_edge
| network.vmware.nsx_edge
|
network.vmware.nsx_edge.datapathd
| network.vmware.nsx_edge.datapathd
|
network.vmware.nsx_edge.integrity_checker
| network.vmware.nsx_edge.integrity_checker
|
VMware NSX SHA | network.vmware.nsx_edge.nsx_sha
| network.vmware.nsx_edge.nsx_sha
|
VMware NSX Manager | network.vmware.nsx_manager
| network.vmware.nsx_manager
|
network.vmware.nsx_manager.appl_proxy
| network.vmware.nsx_manager.appl_proxy
|
network.vmware.nsx_manager.ccp
| network.vmware.nsx_manager.ccp
|
network.vmware.nsx_manager.node_mgmt
| network.vmware.nsx_manager.node_mgmt
|
network.vmware.nsx_manager.nsx_sha
| network.vmware.nsx_manager.nsx_sha
|
VMware NSX’s other events | network.vmware.nsx_other
| network.vmware.nsx_other
|
VMware Unified Access Gateway | network.vmware.uag.events
| network.vmware.uag.events
|
For more information, read more About Devo tags.
How is the data sent to Devo?
To send events to Devo using this tag, you can use the Devo Relay and tag the events with network.vmware.airwatch.events.Logs must be sent to the Devo platform via the Devo Relay to secure communication. See the required relay rules below:
network.vmware.nsx_controller.falcon
Source port - Any available port
Target tag - network.vmware.nsx_controller.falcon
Source message - comp=\"nsx-controller\" subcomp=\"falcon\"
Stop processing - ✓
network.vmware.nsx_edge.datapathd
Source port - Any available port
Target tag - network.vmware.nsx_edge.datapathd
Source message - comp=\"nsx-edge\" subcomp=\"datapathd\"
Stop processing - ✓
network.vmware.nsx_edge-integrity_checker
Source port - Any available port
Target tag - network.vmware.nsx_edge-integrity_checker
Source message - comp=\"nsx-edge\" subcomp=\"integrity-checker\"
Stop processing - ✓
network.vmware.nsx_manager.appl_proxy
Source port - Any available port
Target tag - network.vmware.nsx_manager.appl_proxy
Source message - comp=\"nsx-manager\" subcomp=\"appl-proxy\"
Stop processing - ✓
network.vmware.nsx_manager.ccp
Source port - Any available port
Target tag - network.vmware.nsx_manager.ccp
Source message - comp=\"nsx-manager\" subcomp=\"ccp\"
Stop processing - ✓
network.vmware.nsx_manager.node_mgmt
Source port - Any available port
Target tag - network.vmware.nsx_manager.node_mgmt
Source message - comp=\"nsx-manager\" subcomp=\"node-mgmt\"
Stop processing - ✓
network.vmware.nsx_manager.nsx_sha
Source port - Any available port
Target tag - network.vmware.nsx_manager.nsx_sha
Source message - .comp=\"nsx-manager\" subcomp=\"nsx-sha\"
Stop processing - ✓
network.vmware.nsx_other
Source port - Any available port
Target tag - network.vmware.nsx_other
Source message - comp=\"nsx-
Stop processing - ✓
Table structure
These are the fields displayed in these tables:
Rw ui tabs macro |
---|
network.vmware.airwatch.eventsField | Type | Source field name | Extra fields |
---|
eventdate | timestamp
| | | host | str
| vhost | | event_type | str
| | | event | str
| | | user | str
| | | event_source | str
| | | event_module | str
| | | event_category | str
| | | event_data | str
| | | event_timestamp | str
| | | hostchain | str
| | ✓ | tag | str
| | ✓ | rawMessage | str
| | |
network.vmware.nsx_avi.generic_eventField | Type | Field transformation | Source field name | Extra fields |
---|
eventdate | timestamp
| | | | host | str
| | vhost | | service_name | str
| | | | log_level | str
| | | | resource_name | str
| | | | reason | str
| | | | timestamp | timestamp
| Code Block |
---|
parsedate(timestamp_tmp, dateformat("YYYY-MM-DD HH:mm:ssZZ", "UTC")) |
| timestamp_tmp | | event_type | str
| | | | event_subtype | str
| | | | object_name | str
| | | | tenant_name | str
| | | | username | str
| | | | process_name | str
| | | | pid | str
| | | | user_ip | ip4
| | | | server_ip | ip4
| | | | server_internal_ip | ip4
| | | | server_port | str
| | | | vip_ip | ip4
| | | | avg_uptime | float8
| | | | hit_threshold | float8
| | | | message | str
| | | | hostchain | str
| | | ✓ | tag | str
| | | ✓ | rawMessage | str
| | | ✓ |
network.vmware.nsx_controllerField | Type | Source field name | Extra fields |
---|
eventdate | timestamp
| | | host | str
| vhost | | subtype | str
| vsubtype | | proc_id | str
| | | msg_id | str
| | | sd_id | str
| | | component | str
| | | subcomponent | str
| | | severity | str
| | | message | str
| | | transaction_id | str
| | | hostchain | str
| | ✓ | tag | str
| | ✓ | rawMessage | str
| | ✓ |
network.vmware.nsx_controller.falconField | Type | Source field name | Extra fields |
---|
eventdate | timestamp
| | | host | str
| vhost | | proc_id | str
| | | msg_id | str
| | | sd_id | str
| | | component | str
| | | subcomponent | str
| | | severity | str
| | | message | str
| | | transaction_id | str
| | | hostchain | str
| | ✓ | tag | str
| | ✓ | rawMessage | str
| | ✓ |
network.vmware.nsx_edgeField | Type | Source field name | Extra fields |
---|
eventdate | timestamp
| | | host | str
| vhost | | subtype | str
| vsubtype | | proc_id | str
| | | msg_id | str
| | | sd_id | str
| | | component | str
| | | subcomponent | str
| | | user_name | str
| | | severity | str
| | | s2comp | str
| | | message | str
| | | action | str
| | | reason | str
| | | name | str
| | | hostchain | str
| | ✓ | tag | str
| | ✓ | rawMessage | str
| | ✓ |
network.vmware.nsx_edge.datapathdField | Type | Source field name | Extra fields |
---|
eventdate | timestamp
| | | host | str
| vhost | | proc_id | str
| | | msg_id | str
| | | sd_id | str
| | | component | str
| | | subcomponent | str
| | | s2comp | str
| | | severity | str
| | | message | str
| | | name | str
| | | vrf_id | str
| | | UUID | str
| | | adress_family | str
| | | reason | str
| | | action | str
| | | rule_id | str
| | | direction | str
| | | packet_lenght | str
| | | protocol_number | str
| | | protocol | str
| | | source_ip_port | str
| | | destination_ip_port | str
| | | TCP_flags | str
| | | hostchain | str
| | ✓ | tag | str
| | ✓ | rawMessage | str
| | ✓ |
network.vmware.nsx_edge.integrity_checkerField | Type | Source field name | Extra fields |
---|
eventdate | timestamp
| | | host | str
| vhost | | proc_id | str
| | | msg_id | str
| | | sd_id | str
| | | component | str
| | | subcomponent | str
| | | user_name | str
| | | severity | str
| | | message | str
| | | action | str
| | | reason | str
| | | name | str
| | | hostchain | str
| | ✓ | tag | str
| | ✓ | rawMessage | str
| | ✓ |
network.vmware.nsx_esx.nsx_shaField | Type | Source field name | Extra fields |
---|
eventdate | timestamp
| | | host | str
| vhost | | proc_id | str
| | | msg_id | str
| | | sd_id | str
| | | component | str
| | | subcomponent | str
| | | user_name | str
| | | severity | str
| | | s2comp | str
| | | message | str
| | | repeats_number | str
| | | repeats_in | str
| | | message_body | str
| | | hostchain | str
| | ✓ | tag | str
| | ✓ | rawMessage | str
| | ✓ |
network.vmware.nsx_managerField | Type | Source field name | Extra fields |
---|
eventdate | timestamp
| | | host | str
| vhost | | subtype | str
| vsubtype | | proc_id | str
| | | msg_id | str
| | | sd_id | str
| | | component | str
| | | subcomponent | str
| | | user_name | str
| | | severity | str
| | | s2comp | str
| | | tid | str
| | | message | str
| | | hostchain | str
| | ✓ | tag | str
| | ✓ | rawMessage | str
| | ✓ |
network.vmware.nsx_manager.appl_proxyField | Type | Source field name | Extra fields |
---|
eventdate | timestamp
| | | host | str
| vhost | | proc_id | str
| | | msg_id | str
| | | sd_id | str
| | | component | str
| | | subcomponent | str
| | | user_name | str
| | | severity | str
| | | s2comp | str
| | | tid | str
| | | message | str
| | | forwarding_engine | str
| | | hostchain | str
| | ✓ | tag | str
| | ✓ | rawMessage | str
| | ✓ |
network.vmware.nsx_manager.ccpField | Type | Source field name | Extra fields |
---|
eventdate | timestamp
| | | host | str
| vhost | | proc_id | str
| | | msg_id | str
| | | sd_id | str
| | | component | str
| | | subcomponent | str
| | | user_name | str
| | | severity | str
| | | s2comp | str
| | | message | str
| | | transport_node | str
| | | transaction | str
| | | received_from | str
| | | items_size | str
| | | full_sync | str
| | | hostchain | str
| | ✓ | tag | str
| | ✓ | rawMessage | str
| | ✓ |
network.vmware.nsx_manager.node_mgmtField | Type | Source field name | Extra fields |
---|
eventdate | timestamp
| | | host | str
| vhost | | proc_id | str
| | | msg_id | str
| | | sd_id | str
| | | component | str
| | | subcomponent | str
| | | user_name | str
| | | severity | str
| | | s2comp | str
| | | message | str
| | | hostchain | str
| | ✓ | tag | str
| | ✓ | rawMessage | str
| | ✓ |
network.vmware.nsx_manager.nsx_shaField | Type | Source field name | Extra fields |
---|
eventdate | timestamp
| | | host | str
| vhost | | proc_id | str
| | | msg_id | str
| | | sd_id | str
| | | component | str
| | | subcomponent | str
| | | user_name | str
| | | severity | str
| | | s2comp | str
| | | message | str
| | | repeats_number | str
| | | repeats_in | str
| | | message_body | str
| | | hostchain | str
| | ✓ | tag | str
| | ✓ | rawMessage | str
| | ✓ |
network.vmware.nsx_otherField | Type | Source field name | Extra fields |
---|
eventdate | timestamp
| | | host | str
| vhost | | subtype | str
| vsubtype | | message | str
| rawMessage | | hostchain | str
| | ✓ | tag | str
| | ✓ | rawMessage | str
| | ✓ |
network.vmware.uag.eventsField | Type | Source field name | Extra fields |
---|
eventdate | timestamp
| | | host | str
| vhost | | type | str
| | | action | str
| | | srcDate | timestamp
| | | id | str
| | | device | str
| | | srcIp | str
| | | src | str
| | | dstIp | str
| | | dstPort | str
| | | dst | str
| | | node | str
| | | arguments | str
| | | runtime | str
| | | procedure | str
| | | errorCode | str
| | | profile | str
| | | authChain | str
| | | language | str
| | | skin | str
| | | target | str
| | | identity | str
| | | reason | str
| | | authUser | str
| | | effectiveUser | str
| | | OTPLogin | str
| | | message | str
| | | rawMessage | str
| | ✓ | hostchain | str
| | ✓ | tag | str
| | ✓ |
|