Page Comparison

Table of Contents

minLevel	2
maxLevel	2
outline	false
type	flat
printable	false
separator	brackets

...

Valid tags and data tables

The full tag must have 4 levels. The first two are fixed ascdn.akamai. The third level identifies the type of events sent, and the fourth level indicates the event subtype.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service	Tags	Data tables
Akamai CDN	`cdn.akamai.access`	`cdn.akamai.access`
	`cdn.akamai.audit`	`cdn.akamai.audit`
	`cdn.akamai.auditExtended`	`cdn.akamai.auditExtended`
	`cdn.akamai.cloudmonitor`	`cdn.akamai.cloudmonitor`
	`cdn.akamai.cloudmonitor2`	`cdn.akamai.cloudmonitor2`
	`cdn.akamai.cloudmonitor3`	`cdn.akamai.cloudmonitor3`
	`cdn.akamai.eventviewer`	`cdn.akamai.eventviewer`
`cdn.akamai.monitor`	`cdn.akamai.monitor`
`cdn.akamai.siem`	`cdn.akamai.siem`

...

For more information, read more about Devo tags.

How is the data sent to Devo?

Cloud Monitor sends event data in JSON format via HTTPs POST requests. For complete instructions, see the vendor documentation online.

...

Rw ui tabs macro

Rw tab

title	1-54

cdn.akamai.access
cdn.akamai.audit
cdn.akamai.auditExtended
cdn.akamai.cloudmonitor cdn.akamai.cloudmonitor2

Anchor
tag1
tag1
cdn.akamai.access

Field	Type	Source field name	Extra fields
eventdate	`timestamp`
hits	`str`
fecha	`str`
titulo	`str`
autor	`str`
programa	`str`
emisora	`str`
tema	`str`
idRef	`str`
duracion	`str`
horas	`str`
urlAudio	`str`
urlAkamai	`str`
tipo	`str`
fuente	`str`
hostchain	`str`		✓
tag	`str`		✓
rawMessage	`str`	rawSource	✓

Anchor
tag2
tag2
cdn.akamai.audit

Field	Type	Extra fields
eventdate	`timestamp`
clientIp	`ip4`
srcIdentd	`str`
user	`str`
date	`str`
httpMethod	`str`
arlStem	`str`
protocol	`str`
statusCode	`str`
totalBytes	`int8`
referrer	`str`
userAgent	`str`
cookie	`str`
hostchain	`str`	✓
tag	`str`	✓
rawMessage	`str`	✓

Anchor
tag3
tag3
cdn.akamai.auditExtended

Field	Type	Extra fields
eventdate	`timestamp`
startTime	`timestamp`
csIp	`ip4`
csMethod	`str`
sslVersion	`str`
csUri	`str`
scStatus	`int4`
scContentBytes	`int8`
scTotalBytes	`int8`
sObjectSize	`int8`
sUncompressedSize	`int8`
httpOverheadBytes	`int8`
csReferer	`str`
csUserAgent	`str`
csCookie	`str`
csHost	`str`
scContentType	`str`
xTimeSslOverhead	`str`
xTimeTurnAround	`int4`
xTimeTransfer	`int4`
xRequestId	`str`
xMaxAge	`int8`
xCacheStatus	`str`
xCacheRefreshSrc	`str`
xLastByte	`int4`
xNoStoreFlag	`int4`
edgeIp	`ip4`
hostchain	`str`	✓
tag	`str`	✓
rawMessage	`str`	✓

Anchor
tag4
tag4
cdn.akamai.cloudmonitor

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

type

str

format

str

version

str

id

str

timestamp_epoch

str

timestamp

timestamp

cp

str

network_networkType

str

network_edgeIP

ip4

network_edgeIP2

network_asnum

int4

Code Block
int4(network_asnum2)

network_asnum2

network_network

str

reqHdr_referer

str

reqHdr_cookie

str

AnalysisUserId

str

bm_sv

str

ak_bmsc

str

akamai_ro

str

reqHdr_accEnc

str

reqHdr_accLang

str

reqHdr_conn

str

reqHdr_basic_username

str

reqHdr_authHash

str

reqHdr_auth

str

reqHdr_DNT

str

reqHdr_cacheCtl

str

reqHdr_expect

str

reqHdr_ifMod

str

reqHdr_ifNone

str

reqHdr_ifRange

str

reqHdr_range

str

reqHdr_te

str

reqHdr_upgrade

str

reqHdr_via

str

reqHdr_xFrwdFor

str

reqHdr_xReqWith

str

reqHdr_jwt

str

reqHdr_jwt_kid

str

reqHdr_jwt_trust

int8

reqHdr_jwt_iat

int8

reqHdr_jwt_exp

int8

reqHdr_jwt_iss

str

reqHdr_jwt_jti

str

reqHdr_jwt_lat

int8

reqHdr_jwt_aud

str

reqHdr_jwt_sub

str

reqHdr_jwt_sbt

str

reqHdr_jwt_source

str

reqHdr_cookies_length

int4

reqHdr_cookies_count

int4

reqHdr_cookies_items_anonymousId

str

reqHdr_jwt_scp_str

str

Code Block
join(reqHdr_jwt_scp, ',')

reqHdr_jwt_scp

reqHdr_jwt_prn

str

reqHdr_jwt_prt

str

geo_lat

float8

Code Block
float8(geo_lat2)

geo_lat2

geo_country

str

geo_region

str

geo_long

float8

Code Block
float8(geo_long2)

geo_long2

geo_city

str

netPerf_asnum

int4

Code Block
int4(netPerf_asnum2)

netPerf_asnum2

netPerf_cacheStatus

int4

Code Block
int4(netPerf_cacheStatus2)

netPerf_cacheStatus2

netPerf_lastMileRTT

int4

Code Block
int4(netPerf_lastMileRTT2)

netPerf_lastMileRTT2

netPerf_downloadTime

int4

Code Block
int4(netPerf_downloadTime2)

netPerf_downloadTime2

netPerf_edgeIP

ip4

netPerf_edgeIP2

netPerf_lastByte

int4

Code Block
int4(netPerf_lastByte2)

netPerf_lastByte2

netPerf_firstByte

int4

Code Block
int4(netPerf_firstByte2)

netPerf_firstByte2

netPerf_midMileLatency

int4

Code Block
int4(netPerf_midMileLatency2)

netPerf_midMileLatency2

netPerf_midMileRTT

int4

Code Block
int4(netPerf_midMileRTT2)

netPerf_midMileRTT2

netPerf_netOriginLatency

int4

Code Block
int4(netPerf_netOriginLatency2)

netPerf_netOriginLatency2

respHdr_contEnc

str

respHdr_cacheCtl

str

respHdr_contLang

str

respHdr_server

str

respHdr_date

str

respHdr_setCookie

str

respHdr_conn

str

respHdr_Sampled

str

respHdr_UA

str

respHdr_accRange

str

respHdr_acs_tput

str

respHdr_allow

str

respHdr_allowOrigin

str

respHdr_application

str

respHdr_asnum

str

respHdr_bytes

str

respHdr_cache_frags

str

respHdr_city

str

respHdr_cliIP

str

respHdr_clientTLSSNIName

str

respHdr_contDisp

str

respHdr_contRange

str

respHdr_denyData

str

respHdr_denyRules

str

respHdr_eTag

str

respHdr_edgeIP

str

respHdr_expires

str

respHdr_fwdHost

str

respHdr_fwd_bytes

str

respHdr_lastByte

str

respHdr_lastMod

str

respHdr_lat

str

respHdr_long

str

respHdr_network

str

respHdr_networkType

str

respHdr_parent_tput

str

respHdr_peer_tput

str

respHdr_reqHost

str

respHdr_reqMethod

str

respHdr_reqPath

str

respHdr_reqPort

str

respHdr_respCT

str

respHdr_retry

str

respHdr_sslVer

str

respHdr_status

str

respHdr_vary

str

respHdr_wafDenyData

str

respHdr_wafDenyRules

str

respHdr_wwwAuth

str

respHdr_xPwrdBy

str

message_status

int4

Code Block
int4(message_status2)

message_status2

message_cliIP

ip4

message_cliIP2

message_cliIPStr

str

message_protoVer

float4

Code Block
float4(message_protoVer2)

message_protoVer2

message_proto

str

message_respCT

str

message_reqQuery

str

message_bytes

int4

Code Block
int4(message_bytes2)

message_bytes2

message_reqPath

str

message_respLen

int4

Code Block
int4(message_respLen2)

message_respLen2

message_reqPort

int4

Code Block
int4(message_reqPort2)

message_reqPort2

message_reqHost

str

message_reqMethod

str

message_sslVer

str

message_UA

str

message_fwdHost

str

message_redirURL

str

message_reqCT

str

message_reqLen

int8

message_URL

str

Code Block
message_proto + "://" + message_reqHost + ":" + message_reqPort + message_reqPath

message_reqPath

message_reqPort

message_proto

message_reqHost

waf_denyData

str

waf_denyRules

str

waf_denyDor

str

waf_model

str

waf_oft

str

waf_pAction

str

waf_pRate

str

waf_policy

str

waf_riskGroups

str

waf_riskScores

str

waf_riskTuples

str

waf_rsr

str

waf_ruleSet

str

waf_ver

str

waf_warnData

str

waf_warnRules

str

waf_warnTags

str

waf_warnSlrs

str

Custom_warnData_Username

str

content_Custom_BOT_ANOMALY_BEHAVIOR

str

content_Custom_warnDataEmail

str

content_Custom_warnDataEmpID

str

content_Custom_warnDataFirstName

str

content_Custom_warnDataHireDate

str

content_Custom_warnDataLastName

str

content_Reputation

str

content_trace_ParentSpanId

str

content_trace_Sampled

str

content_trace_SpanId

str

content_trace_SpanName

str

content_trace_TraceId

str

content_trace_application

str

content_Custom_Log_Reference_Error

str

content_Custom_Log_Custom_FirstName

str

content_Custom_Log_Custom_LastName

str

content_Custom_Log_Custom_Email

str

content_Custom_Log_Custom_Username

str

content_Custom_Log_Custom_Phone

str

originalJson

str

rawMessage

hostchain

str

✓

tag

str

✓

rawMessage

str

✓

anchor

Rw tab

tag5

title

tag5

5-7

cdn.akamai.

cloudmonitor2

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

type

str

format

str

version

str

id

str

timestamp_epoch

str

timestamp

timestamp

cp

str

network_networkType

str

network_edgeIP

ip4

network_edgeIP2

network_asnum

int4

Code Block
int4(network_asnum2)

network_asnum2

network_network

str

reqHdr_referer

str

reqHdr_cookie

str

AnalysisUserId

str

bm_sv

str

ak_bmsc

str

akamai_ro

str

reqHdr_accEnc

str

reqHdr_accLang

str

reqHdr_conn

str

reqHdr_auth

str

reqHdr_DNT

str

reqHdr_cacheCtl

str

reqHdr_expect

str

reqHdr_ifMod

str

reqHdr_ifNone

str

reqHdr_ifRange

str

reqHdr_range

str

reqHdr_te

str

reqHdr_upgrade

str

reqHdr_via

str

reqHdr_xFrwdFor

str

reqHdr_xReqWith

str

geo_lat

float8

Code Block
float8(geo_lat2)

geo_lat2

geo_country

str

geo_region

str

geo_long

float8

Code Block
float8(geo_long2)

geo_long2

geo_city

str

netPerf_asnum

int4

Code Block
int4(netPerf_asnum2)

netPerf_asnum2

netPerf_cacheStatus

int4

Code Block
int4(netPerf_cacheStatus2)

netPerf_cacheStatus2

netPerf_lastMileRTT

int4

Code Block
int4(netPerf_lastMileRTT2)

netPerf_lastMileRTT2

netPerf_downloadTime

int4

Code Block
int4(netPerf_downloadTime2)

netPerf_downloadTime2

netPerf_edgeIP

ip4

netPerf_edgeIP2

netPerf_lastByte

int4

Code Block
int4(netPerf_lastByte2)

netPerf_lastByte2

netPerf_firstByte

int4

Code Block
int4(netPerf_firstByte2)

netPerf_firstByte2

netPerf_midMileLatency

int4

Code Block
int4(netPerf_midMileLatency2)

netPerf_midMileLatency2

netPerf_midMileRTT

int4

Code Block
int4(netPerf_midMileRTT2)

netPerf_midMileRTT2

netPerf_netOriginLatency

int4

Code Block
int4(netPerf_netOriginLatency2)

netPerf_netOriginLatency2

respHdr_contEnc

str

respHdr_cacheCtl

str

respHdr_contLang

str

respHdr_server

str

respHdr_date

str

respHdr_setCookie

str

respHdr_conn

str

respHdr_Sampled

str

respHdr_UA

str

respHdr_accRange

str

respHdr_acs_tput

str

respHdr_allow

str

respHdr_allowOrigin

str

respHdr_application

str

respHdr_asnum

str

respHdr_bytes

str

respHdr_cache_frags

str

respHdr_city

str

respHdr_cliIP

str

respHdr_clientTLSSNIName

str

respHdr_contDisp

str

respHdr_contRange

str

respHdr_denyData

str

respHdr_denyRules

str

respHdr_eTag

str

respHdr_edgeIP

str

respHdr_expires

str

respHdr_fwdHost

str

respHdr_fwd_bytes

str

respHdr_lastByte

str

respHdr_lastMod

str

respHdr_lat

str

respHdr_long

str

respHdr_network

str

respHdr_networkType

str

respHdr_parent_tput

str

respHdr_peer_tput

str

respHdr_reqHost

str

respHdr_reqMethod

str

respHdr_reqPath

str

respHdr_reqPort

str

respHdr_respCT

str

respHdr_retry

str

respHdr_sslVer

str

respHdr_status

str

respHdr_vary

str

respHdr_wafDenyData

str

respHdr_wafDenyRules

str

respHdr_wwwAuth

str

respHdr_xPwrdBy

str

message_status

int4

Code Block
int4(message_status2)

message_status2

message_cliIP

ip4

message_cliIP2

message_protoVer

float4

Code Block
float4(message_protoVer2)

message_protoVer2

message_proto

str

message_respCT

str

message_reqQuery

str

message_bytes

int4

Code Block
int4(message_bytes2)

message_bytes2

message_reqPath

str

message_respLen

int4

Code Block
int4(message_respLen2)

message_respLen2

message_reqPort

int4

Code Block
int4(message_reqPort2)

message_reqPort2

message_reqHost

str

message_reqMethod

str

message_sslVer

str

message_UA

str

message_fwdHost

str

message_redirURL

str

message_reqCT

str

message_reqLen

int8

message_URL

str

Code Block
message_proto + "://" + message_reqHost + ":" + message_reqPort + message_reqPath

message_proto

message_reqPort

message_reqPath

message_reqHost

waf_denyData

str

waf_denyRules

str

waf_denyDor

str

waf_model

str

waf_oft

str

waf_pAction

str

waf_pRate

str

waf_policy

str

waf_riskGroups

str

waf_riskScores

str

waf_riskTuples

str

waf_rsr

str

waf_ruleSet

str

waf_ver

str

waf_warnData

str

waf_warnRules

str

waf_warnTags

str

waf_warnSlrs

str

Custom_warnData_Username

str

content_Custom_BOT_ANOMALY_BEHAVIOR

str

content_Custom_warnDataEmail

str

content_Custom_warnDataEmpID

str

content_Custom_warnDataFirstName

str

content_Custom_warnDataHireDate

str

content_Custom_warnDataLastName

str

content_Reputation

str

content_trace_ParentSpanId

str

content_trace_Sampled

str

content_trace_SpanId

str

content_trace_SpanName

str

content_trace_TraceId

str

content_trace_application

str

originalJson

str

rawMessage

hostchain

str

✓

tag

str

✓

rawMessage

str

✓

Rw tab

title	6-9

cdn.akamai.cloudmonitor3
cdn.akamai.eventviewer
cdn.akamai.monitor
cdn.akamai.siem

Anchortag6tag6cdn.akamai.cloudmonitor3
Field
Type
Field transformation
Source field name
Extra fields
eventdate
timestamp

type
str

format
str

version
str

id
str

timestamp_epoch
str

timestamp
timestamp

cp
str

network_networkType
str

network_edgeIP
ip4

network_edgeIP2
network_asnum
int4
Code Block
int4(network_asnum2)
network_asnum2
network_network
str

reqHdr_referer
str

reqHdr_cookie
str

AnalysisUserId
str

bm_sv
str

ak_bmsc
str

akamai_ro
str

reqHdr_accEnc
str

reqHdr_accLang
str

reqHdr_conn
str

reqHdr_auth
str

reqHdr_DNT
str

reqHdr_cacheCtl
str

reqHdr_expect
str

reqHdr_ifMod
str

reqHdr_ifNone
str

reqHdr_ifRange
str

reqHdr_range
str

reqHdr_te
str

reqHdr_upgrade
str

reqHdr_via
str

reqHdr_xFrwdFor
str

reqHdr_xReqWith
str

geo_lat
float8
Code Block
float8(geo_lat2)
geo_lat2
geo_country
str

geo_region
str

geo_long
float8
Code Block
float8(geo_long2)
geo_long2
geo_city
str

netPerf_asnum
int4
Code Block
int4(netPerf_asnum2)
netPerf_asnum2
netPerf_cacheStatus
int4
Code Block
int4(netPerf_cacheStatus2)
netPerf_cacheStatus2
netPerf_lastMileRTT
int4
Code Block
int4(netPerf_lastMileRTT2)
netPerf_lastMileRTT2
netPerf_downloadTime
int4
Code Block
int4(netPerf_downloadTime2)
netPerf_downloadTime2
netPerf_edgeIP
ip4

netPerf_edgeIP2
netPerf_lastByte
int4
Code Block
int4(netPerf_lastByte2)
netPerf_lastByte2
netPerf_firstByte
int4
Code Block
int4(netPerf_firstByte2)
netPerf_firstByte2
netPerf_midMileLatency
int4
Code Block
int4(netPerf_midMileLatency2)
netPerf_midMileLatency2
netPerf_midMileRTT
int4
Code Block
int4(netPerf_midMileRTT2)
netPerf_midMileRTT2
netPerf_netOriginLatency
int4
Code Block
int4(netPerf_netOriginLatency2)
netPerf_netOriginLatency2
respHdr_contEnc
str

respHdr_cacheCtl
str

respHdr_contLang
str

respHdr_server
str

respHdr_date
str

respHdr_setCookie
str

respHdr_conn
str

respHdr_Sampled
str

respHdr_UA
str

respHdr_accRange
str

respHdr_acs_tput
str

respHdr_allow
str

respHdr_allowOrigin
str

respHdr_application
str

respHdr_asnum
str

respHdr_bytes
str

respHdr_cache_frags
str

respHdr_city
str

respHdr_cliIP
str

respHdr_clientTLSSNIName
str

respHdr_contDisp
str

respHdr_contRange
str

respHdr_denyData
str

respHdr_denyRules
str

respHdr_eTag
str

respHdr_edgeIP
str

respHdr_expires
str

respHdr_fwdHost
str

respHdr_fwd_bytes
str

respHdr_lastByte
str

respHdr_lastMod
str

respHdr_lat
str

respHdr_long
str

respHdr_network
str

respHdr_networkType
str

respHdr_parent_tput
str

respHdr_peer_tput
str

respHdr_reqHost
str

respHdr_reqMethod
str

respHdr_reqPath
str

respHdr_reqPort
str

respHdr_respCT
str

respHdr_retry
str

respHdr_sslVer
str

respHdr_status
str

respHdr_vary
str

respHdr_wafDenyData
str

respHdr_wafDenyRules
str

respHdr_wwwAuth
str

respHdr_xPwrdBy
str

message_status
int4
Code Block
int4(message_status2)
message_status2
message_cliIP
ip4

message_cliIP2
message_protoVer
float4
Code Block
float4(message_protoVer2)
message_protoVer2
message_proto
str

message_respCT
str

message_reqQuery
str

message_bytes
int4
Code Block
int4(message_bytes2)
message_bytes2
message_reqPath
str

message_respLen
int4
Code Block
int4(message_respLen2)
message_respLen2
message_reqPort
int4
Code Block
int4(message_reqPort2)
message_reqPort2
message_reqHost
str

message_reqMethod
str

message_sslVer
str

message_UA
str

message_fwdHost
str

message_redirURL
str

message_reqCT
str

message_reqLen
int8

message_URL
str
Code Block
message_proto + "://" + message_reqHost + ":" + message_reqPort + message_reqPath
message_proto
message_reqHost
message_reqPort
message_reqPath
waf_denyData
str

waf_denyRules
str

waf_denyDor
str

waf_model
str

waf_oft
str

waf_pAction
str

waf_pRate
str

waf_policy
str

waf_riskGroups
str

waf_riskScores
str

waf_riskTuples
str

waf_rsr
str

waf_ruleSet
str

waf_ver
str

waf_warnData
str

waf_warnRules
str

waf_warnTags
str

waf_warnSlrs
str

Custom_warnData_Username
str

content_Custom_BOT_ANOMALY_BEHAVIOR
str

content_Custom_warnDataEmail
str

content_Custom_warnDataEmpID
str

content_Custom_warnDataFirstName
str

content_Custom_warnDataHireDate
str

content_Custom_warnDataLastName
str

content_Reputation
str

content_trace_ParentSpanId
str

content_trace_Sampled
str

content_trace_SpanId
str

content_trace_SpanName
str

content_trace_TraceId
str

content_trace_application
str

originalJson
str

rawMessage
hostchain
str

✓
tag
str

✓
rawMessage
str

✓
eventviewer
cdn.akamai.monitor
cdn.akamai.siem
Anchor
tag7
tag7
cdn.akamai.eventviewer
Field
Type
Extra fields
eventdate
timestamp

event_data
str

event_id
str

event_time
timestamp

event_type__event_definition__event_definition_id
str

event_type__event_definition__event_description
str

event_type__event_definition__event_name
str

event_type__event_type_id
str

event_type__event_type_name
str

impersonator
bool

username
str

hostchain
str
✓
tag
str
✓
rawMessage
str
✓
Anchor
tag8
tag8
cdn.akamai.monitor
Field
Type
Field transformation
Source field name
Extra fields
eventdate
timestamp

type
str

format
str

version
str

id
str
Code Block
nvl(reqId_tmp, id_tmp)
id_tmp
reqId_tmp
reqId
str
Code Block
nvl(id_tmp, reqId_tmp)
id_tmp
reqId_tmp
timestamp
timestamp
Code Block
nvl(timestamp_tmp, timestamp2_tmp)
timestamp_tmp
timestamp2_tmp
timestamp_epoch
str
Code Block
nvl(timestamp_epoch_tmp, timestamp2_epoch_tmp)
timestamp2_epoch_tmp
timestamp_epoch_tmp
reqTimeSec
str

timestamp_epoch
cp
str

network_networkType
str

network_edgeIP
ip4
Code Block
nvl(ip4(edgeIP2), ip4(network_edgeIP2))
network_edgeIP2
edgeIP2
edgeIP
ip4
Code Block
nvl(ip4(edgeIP2), ip4(network_edgeIP2))
network_edgeIP2
edgeIP2
network_edgeIPStr
str
Code Block
nvl(str(edgeIPStr2), str(network_edgeIPStr2))
network_edgeIPStr2
edgeIPStr2
edgeIPStr
str
Code Block
nvl(str(edgeIPStr2), str(network_edgeIPStr2))
network_edgeIPStr2
edgeIPStr2
network_asnum
int4
Code Block
int4(network_asnum2)
network_asnum2
network_network
str

reqHdr_referer
str

reqHdr_cookie
str

AnalysisUserId
str

bm_sv
str

ak_bmsc
str

akamai_ro
str

reqHdr_accEnc
str

reqHdr_accLang
str

reqHdr_conn
str

reqHdr_basic_username
str

reqHdr_authHash
str

reqHdr_auth
str

reqHdr_DNT
str

reqHdr_cacheCtl
str

reqHdr_expect
str

reqHdr_ifMod
str

reqHdr_ifNone
str

reqHdr_ifRange
str

reqHdr_range
str

reqHdr_te
str

reqHdr_upgrade
str

reqHdr_via
str

reqHdr_xFrwdFor
str

reqHdr_xReqWith
str

reqHdr_jwt
str

reqHdr_jwt_kid
str

reqHdr_jwt_trust
int8

reqHdr_jwt_iat
int8

reqHdr_jwt_exp
int8

reqHdr_jwt_iss
str

reqHdr_jwt_jti
str

reqHdr_jwt_lat
int8

reqHdr_jwt_aud
str

reqHdr_jwt_sub
str

reqHdr_jwt_sbt
str

reqHdr_jwt_source
str

reqHdr_cookies_length
int4

reqHdr_cookies_count
int4

reqHdr_cookies_items_anonymousId
str

reqHdr_jwt_scp_str
str
Code Block
join(reqHdr_jwt_scp, ',')
reqHdr_jwt_scp
reqHdr_jwt_prn
str

reqHdr_jwt_prt
str

geo_lat
float8
Code Block
float8(geo_lat2)
geo_lat2
geo_country
str

country
str

geo_country
geo_region
str

geo_long
float8
Code Block
float8(geo_long2)
geo_long2
geo_city
str

city
str

geo_city
netPerf_asnum
int4
Code Block
int4(netPerf_asnum2)
netPerf_asnum2
netPerf_cacheStatus
int4
Code Block
int4(netPerf_cacheStatus2)
netPerf_cacheStatus2
cacheStatus
int4

netPerf_cacheStatus
netPerf_lastMileRTT
int4
Code Block
int4(netPerf_lastMileRTT2)
netPerf_lastMileRTT2
netPerf_downloadTime
int4
Code Block
int4(netPerf_downloadTime2)
netPerf_downloadTime2
netPerf_edgeIP
ip4

netPerf_edgeIP2
netPerf_lastByte
int4
Code Block
int4(netPerf_lastByte2)
netPerf_lastByte2
netPerf_firstByte
int4
Code Block
int4(netPerf_firstByte2)
netPerf_firstByte2
netPerf_midMileLatency
int4
Code Block
int4(netPerf_midMileLatency2)
netPerf_midMileLatency2
netPerf_midMileRTT
int4
Code Block
int4(netPerf_midMileRTT2)
netPerf_midMileRTT2
netPerf_netOriginLatency
int4
Code Block
int4(netPerf_netOriginLatency2)
netPerf_netOriginLatency2
respHdr_contEnc
str

respHdr_cacheCtl
str

respHdr_contLang
str

respHdr_server
str

respHdr_date
str

respHdr_setCookie
str

respHdr_conn
str

respHdr_Sampled
str

respHdr_UA
str

respHdr_accRange
str

respHdr_acs_tput
str

respHdr_allow
str

respHdr_allowOrigin
str

respHdr_application
str

respHdr_asnum
str

respHdr_bytes
str

respHdr_cache_frags
str

respHdr_city
str

respHdr_cliIP
str

respHdr_clientTLSSNIName
str

respHdr_contDisp
str

respHdr_contRange
str

respHdr_denyData
str

respHdr_denyRules
str

respHdr_eTag
str

respHdr_edgeIP
str

respHdr_expires
str

respHdr_fwdHost
str

respHdr_fwd_bytes
str

respHdr_lastByte
str

respHdr_lastMod
str

respHdr_lat
str

respHdr_long
str

respHdr_network
str

respHdr_networkType
str

respHdr_parent_tput
str

respHdr_peer_tput
str

respHdr_reqHost
str

respHdr_reqMethod
str

respHdr_reqPath
str

respHdr_reqPort
str

respHdr_respCT
str

respHdr_retry
str

respHdr_sslVer
str

respHdr_status
str

respHdr_vary
str

respHdr_wafDenyData
str

respHdr_wafDenyRules
str

respHdr_wwwAuth
str

respHdr_xPwrdBy
str

message_status
int4
Code Block
nvl(int4(message_status2), int4(statusCode_tmp))
message_status2
statusCode_tmp
statusCode
int4
Code Block
nvl(int4(statusCode_tmp), int4(message_status2))
message_status2
statusCode_tmp
message_cliIP
ip4

message_cliIP2
cliIP
ip4

message_cliIP
message_cliIPStr
str

message_protoVer
float4
Code Block
float4(message_protoVer2)
message_protoVer2
proto
str

message_proto
str

message_respCT
str
Code Block
nvl(message_respCT_tmp, rspContentType_tmp)
message_respCT_tmp
rspContentType_tmp
rspContentType
str
Code Block
nvl(rspContentType_tmp, message_respCT_tmp)
message_respCT_tmp
rspContentType_tmp
message_reqQuery
str
Code Block
nvl(message_reqQuery_tmp, queryStr_tmp)
queryStr_tmp
message_reqQuery_tmp
queryStr
str
Code Block
nvl(message_reqQuery_tmp, queryStr_tmp)
queryStr_tmp
message_reqQuery_tmp
message_bytes
int4
Code Block
int4(message_bytes2)
message_bytes2
bytes
int4

message_bytes
message_reqPath
str

reqPath
str

message_reqPath
message_respLen
int4
Code Block
nvl(int4(message_respLen2), int4(rspContentLen_tmp))
message_respLen2
rspContentLen_tmp
rspContentLen
int4
Code Block
nvl(int4(rspContentLen_tmp), int4(message_respLen2))
message_respLen2
rspContentLen_tmp
message_reqPort
int4
Code Block
int4(message_reqPort2)
message_reqPort2
reqPort
int4

message_reqPort
message_reqHost
str

reqHost
str

message_reqHost
message_reqMethod
str

reqMethod
str

message_reqMethod
message_sslVer
str
Code Block
nvl(message_sslVer_tmp, tlsVersion_tmp)
tlsVersion_tmp
message_sslVer_tmp
tlsVersion
str
Code Block
nvl(message_sslVer_tmp, tlsVersion_tmp)
tlsVersion_tmp
message_sslVer_tmp
message_UA
str

UA
str

message_UA
message_fwdHost
str

message_redirURL
str

message_reqCT
str

message_reqLen
int8

waf_denyData
str

waf_denyRules
str

waf_denyDor
str

waf_model
str

waf_oft
str

waf_pAction
str

waf_pRate
str

waf_policy
str

waf_riskGroups
str

waf_riskScores
str

waf_riskTuples
str

waf_rsr
str

waf_ruleSet
str

waf_ver
str

waf_warnData
str

waf_warnRules
str

waf_warnTags
str

waf_warnSlrs
str

Custom_warnData_Username
str

content_Custom_BOT_ANOMALY_BEHAVIOR
str

content_Custom_warnDataEmail
str

content_Custom_warnDataEmpID
str

content_Custom_warnDataFirstName
str

content_Custom_warnDataHireDate
str

content_Custom_warnDataLastName
str

content_Reputation
str

content_trace_ParentSpanId
str

content_trace_Sampled
str

content_trace_SpanId
str

content_trace_SpanName
str

content_trace_TraceId
str

content_trace_application
str

content_Custom_Log_Reference_Error
str

content_Custom_Log_Custom_FirstName
str

content_Custom_Log_Custom_LastName
str

content_Custom_Log_Custom_Email
str

content_Custom_Log_Custom_Username
str

content_Custom_Log_Custom_Phone
str

tlsOverheadTimeMSec
int4
Code Block
int4(tlsOverheadTimeMSec_tmp)
tlsOverheadTimeMSec_tmp
objSize
int8
Code Block
int8(objSize_tmp)
objSize_tmp
uncompressedSize
int8
Code Block
int8(uncompressedSize_tmp)
uncompressedSize_tmp
overheadBytes
int8
Code Block
int8(overheadBytes_tmp)
overheadBytes_tmp
totalBytes
int8
Code Block
int8(totalBytes_tmp)
totalBytes_tmp
accLang
str

cookie
str

range
str

referer
str

xForwardedFor
str

maxAgeSec
int4
Code Block
int4(maxAgeSec_tmp)
maxAgeSec_tmp
reqEndTimeMSec
int4
Code Block
int4(reqEndTimeMSec_tmp)
reqEndTimeMSec_tmp
errorCode
str

customField
str

state
str

turnAroundTimeMSec
int4
Code Block
int4(turnAroundTimeMSec_tmp)
turnAroundTimeMSec_tmp
transferTimeMSec
int4
Code Block
int4(transferTimeMSec_tmp)
transferTimeMSec_tmp
dnsLookupTimeMSec
int4
Code Block
int4(dnsLookupTimeMSec_tmp)
dnsLookupTimeMSec_tmp
billingRegion
str

serverCountry
str

streamId
str

breadcrumbs
str

lastByte
str

edgeWorkers_usage
str

edgeWorkers_execution
str

securityRules
str

originalJson
str

rawMessage
hostchain
str

✓
tag
str

✓
rawMessage
str

✓
Anchor
tag9
tag9
cdn.akamai.siem
Field
Type
Field transformation
Source field name
Extra fields
eventdate
timestamp
type
str
format
str
version
str
attackData_configId
str
attackData_policyId
str
attackData_clientIP
ip4
attackData_rules
str
attackData_ruleVersions
str
attackData_ruleMessages
str
attackData_ruleTags
str
attackData_ruleData
str
attackData_ruleSelectors
str
attackData_ruleActions
str
attackData_ruleValues_rules
str
Code Block
join(attackData_ruleValues_rules_array, ';')
attackData_ruleValues_rules_array
attackData_ruleValues_ruleVersions
str
Code Block
join(attackData_ruleValues_ruleVersions_array, ';')
attackData_ruleValues_ruleVersions_array
attackData_ruleValues_ruleMessages
str
Code Block
join(attackData_ruleValues_ruleMessages_array, ';')
attackData_ruleValues_ruleMessages_array
attackData_ruleValues_ruleTags
str
Code Block
join(attackData_ruleValues_ruleTags_array, ';')
attackData_ruleValues_ruleTags_array
attackData_ruleValues_ruleData
str
Code Block
join(attackData_ruleValues_ruleData_array, ';')
attackData_ruleValues_ruleData_array
attackData_ruleValues_ruleSelectors
str
Code Block
join(attackData_ruleValues_ruleSelectors_array, ';')
attackData_ruleValues_ruleSelectors_array
attackData_ruleValues_ruleActions
str
Code Block
join(attackData_ruleValues_ruleActions_array, ';')
attackData_ruleValues_ruleActions_array
attackData_clientReputation
str
httpMessage_requestId
str
httpMessage_start
str
httpMessage_protocol
str
httpMessage_method
str
httpMessage_host
str
httpMessage_port
str
httpMessage_path
str
httpMessage_requestHeaders
str
httpMessage_status
str
httpMessage_bytes
str
httpMessage_responseHeaders
str
geo_continent
str
geo_country
str
geo_city
str
geo_regionCode
str
geo_asn
str
hostchain
str
✓
tag
str
✓
rawMessage
str
✓

Versions Compared

Old Version 5

New Version Current

Key

Valid tags and data tables

How is the data sent to Devo?

Anchor
tag1
tag1
cdn.akamai.access

Anchor
tag2
tag2
cdn.akamai.audit

Anchor
tag3
tag3
cdn.akamai.auditExtended

Anchor
tag4
tag4
cdn.akamai.cloudmonitor

Anchor
tag7
tag7
cdn.akamai.eventviewer

Anchor
tag8
tag8
cdn.akamai.monitor

Anchor
tag9
tag9
cdn.akamai.siem

Field	Type	Extra fields
eventdate	`timestamp`
event_data	`str`
event_id	`str`
event_time	`timestamp`
event_type__event_definition__event_definition_id	`str`
event_type__event_definition__event_description	`str`
event_type__event_definition__event_name	`str`
event_type__event_type_id	`str`
event_type__event_type_name	`str`
impersonator	`bool`
username	`str`
hostchain	`str`	✓
tag	`str`	✓
rawMessage	`str`	✓

Page Comparison

Versions Compared

Old Version 5

New Version Current

Key

Valid tags and data tables

How is the data sent to Devo?

Anchortag1tag1cdn.akamai.access

Anchortag2tag2cdn.akamai.audit

Anchortag3tag3cdn.akamai.auditExtended

Anchortag4tag4cdn.akamai.cloudmonitor

Anchortag7tag7cdn.akamai.eventviewer

Anchortag8tag8cdn.akamai.monitor

Anchortag9tag9cdn.akamai.siem

Anchor
tag1
tag1
cdn.akamai.access

Anchor
tag2
tag2
cdn.akamai.audit

Anchor
tag3
tag3
cdn.akamai.auditExtended

Anchor
tag4
tag4
cdn.akamai.cloudmonitor

Anchor
tag7
tag7
cdn.akamai.eventviewer

Anchor
tag8
tag8
cdn.akamai.monitor

Anchor
tag9
tag9
cdn.akamai.siem