...
The tags beginning with network.vmware identify events generated by VMware.
Tag structure
The full tag must have four levels. The first two are fixed asnetwork.vmware. The third level identifies the type of event sent, and the fourth level identifies the subtype.
These are the valid tags and corresponding data tables that will receive the parsers' data:
Product / Service | Tags | Data tables |
|---|
VMware AirWatch | network.vmware.airwatch.events
| network.vmware.airwatch.events
|
VMware NSX Advanced Load Balancer (Avi Networks) | network.vmware.nsx_avi.generic_event
| network.vmware.nsx_avi.generic_event
|
VMware NSX Controller | network.vmware.nsx_controller
| network.vmware.nsx_controller
|
network.vmware.nsx_controller.falcon
| network.vmware.nsx_controller.falcon
|
VMware NSX Edge | network.vmware.nsx_edge
| network.vmware.nsx_edge
|
network.vmware.nsx_edge.datapathd
| network.vmware.nsx_edge.datapathd
|
network.vmware.nsx_edge.integrity_checker
| network.vmware.nsx_edge.integrity_checker
|
VMware NSX SHA | network.vmware.nsx_edge.nsx_sha
| network.vmware.nsx_edge.nsx_sha
|
VMware NSX Manager | network.vmware.nsx_manager
| network.vmware.nsx_manager
|
network.vmware.nsx_manager.appl_proxy
| network.vmware.nsx_manager.appl_proxy
|
network.vmware.nsx_manager.ccp
| network.vmware.nsx_manager.ccp
|
network.vmware.nsx_manager.node_mgmt
| network.vmware.nsx_manager.node_mgmt
|
network.vmware.nsx_manager.nsx_sha
| network.vmware.nsx_manager.nsx_sha
|
VMware NSX’s other events | network.vmware.nsx_other
| network.vmware.nsx_other
|
VMware Unified Access Gateway | network.vmware.uag.events
| network.vmware.uag.events
|
...
Source port - Any available port
Target tag - network.vmware.nsx_controller.falcon
Source message - .*comp=\"nsx-controller\" . subcomp=\"falcon\".*
Stop processing - ✓
network.vmware.nsx_edge.datapathd
Source port - Any available port
Target tag - network.vmware.nsx_edge.datapathd
Source message - .*comp=\"nsx-edge\" . subcomp=\"datapathd\".*
Stop processing - ✓
network.vmware.nsx_edge-integrity_checker
Source port - Any available port
Target tag - network.vmware.nsx_edge-integrity_checker
Source message - .*comp=\"nsx-edge\" .* subcomp=\"integrity-checker\".*
Stop processing - ✓
network.vmware.nsx_manager.appl_proxy
Source port - Any available port
Target tag - network.vmware.nsx_manager.appl_proxy
Source message - .*comp=\"nsx-manager\" . subcomp=\"appl-proxy\".*
Stop processing - ✓
network.vmware.nsx_manager.ccp
Source port - Any available port
Target tag - network.vmware.nsx_manager.ccp
Source message - .*comp=\"nsx-manager\" .* subcomp=\"ccp\".*
Stop processing - ✓
network.vmware.nsx_manager.node_mgmt
Source port - Any available port
Target tag - network.vmware.nsx_manager.node_mgmt
Source message - .*comp=\"nsx-manager\" .* subcomp=\"node-mgmt\".*
Stop processing - ✓
network.vmware.nsx_manager.nsx_sha
Source port - Any available port
Target tag - network.vmware.nsx_manager.nsx_sha
Source message - .*comp=\"nsx-manager\" .* subcomp=\"nsx-sha\".*
Stop processing - ✓
network.vmware.nsx_other
Source port - Any available port
Target tag - network.vmware.nsx_other
Source message - .*comp=\"nsx- .*
Stop processing - ✓
Table structure
...
| Rw ui tabs macro |
|---|
network.vmware.airwatch.eventsField | Type | Source field name | Extra fields |
|---|
eventdate | timestamp
| | | host | str
| vhost | | event_type | str
| | | event | str
| | | user | str
| | | event_source | str
| | | event_module | str
| | | event_category | str
| | | event_data | str
| | | event_timestamp | str
| | | hostchain | str
| | ✓ | tag | str
| | ✓ | rawMessage | str
| | |
Field | Type | Field transformation | Source field name | Extra fields |
|---|
eventdate | timestamp
| | | | host | str
| | vhost | | service_name | str
| | | | log_level | str
| | | | resource_name | str
| | | | reason | str
| | | | timestamp | timestamp
| | Code Block |
|---|
parsedate(timestamp_tmp, dateformat("YYYY-MM-DD HH:mm:ssZZ", "UTC")) |
| timestamp_tmp | | event_type | str
| | | | event_subtype | str
| | | | object_name | str
| | | | tenant_name | str
| | | | username | str
| | | | process_name | str
| | | | pid | str
| | | | user_ip | ip4
| | | | server_ip | ip4
| | | | server_internal_ip | ip4
| | | | server_port | str
| | | | vip_ip | ip4
| | | | avg_uptime | float8
| | | | hit_threshold | float8
| | | | message | str
| | | | hostchain | str
| | | ✓ | tag | str
| | | ✓ | rawMessage | str
| | | ✓ |
Field | Type | Source field name | Extra fields |
|---|
eventdate | timestamp
| | | host | str
| vhost | | subtype | str
| vsubtype | | proc_id | str
| | | msg_id | str
| | | sd_id | str
| | | component | str
| | | subcomponent | str
| | | severity | str
| | | message | str
| | | transaction_id | str
| | | hostchain | str
| | ✓ | tag | str
| | ✓ | rawMessage | str
| | ✓ |
Field | Type | Source field name | Extra fields |
|---|
eventdate | timestamp
| | | host | str
| vhost | | proc_id | str
| | | msg_id | str
| | | sd_id | str
| | | component | str
| | | subcomponent | str
| | | severity | str
| | | message | str
| | | transaction_id | str
| | | hostchain | str
| | ✓ | tag | str
| | ✓ | rawMessage | str
| | ✓ |
Field | Type | Source field name | Extra fields |
|---|
eventdate | timestamp
| | | host | str
| vhost | | subtype | str
| vsubtype | | proc_id | str
| | | msg_id | str
| | | sd_id | str
| | | component | str
| | | subcomponent | str
| | | user_name | str
| | | severity | str
| | | s2comp | str
| | | message | str
| | | action | str
| | | reason | str
| | | name | str
| | | hostchain | str
| | ✓ | tag | str
| | ✓ | rawMessage | str
| | ✓ |
Field | Type | Source field name | Extra fields |
|---|
eventdate | timestamp
| | | host | str
| vhost | | proc_id | str
| | | msg_id | str
| | | sd_id | str
| | | component | str
| | | subcomponent | str
| | | s2comp | str
| | | severity | str
| | | message | str
| | | name | str
| | | vrf_id | str
| | | UUID | str
| | | adress_family | str
| | | reason | str
| | | action | str
| | | rule_id | str
| | | direction | str
| | | packet_lenght | str
| | | protocol_number | str
| | | protocol | str
| | | source_ip_port | str
| | | destination_ip_port | str
| | | TCP_flags | str
| | | hostchain | str
| | ✓ | tag | str
| | ✓ | rawMessage | str
| | ✓ |
Field | Type | Source field name | Extra fields |
|---|
eventdate | timestamp
| | | host | str
| vhost | | proc_id | str
| | | msg_id | str
| | | sd_id | str
| | | component | str
| | | subcomponent | str
| | | user_name | str
| | | severity | str
| | | message | str
| | | action | str
| | | reason | str
| | | name | str
| | | hostchain | str
| | ✓ | tag | str
| | ✓ | rawMessage | str
| | ✓ |
Field | Type | Source field name | Extra fields |
|---|
eventdate | timestamp
| | | host | str
| vhost | | proc_id | str
| | | msg_id | str
| | | sd_id | str
| | | component | str
| | | subcomponent | str
| | | user_name | str
| | | severity | str
| | | s2comp | str
| | | message | str
| | | repeats_number | str
| | | repeats_in | str
| | | message_body | str
| | | hostchain | str
| | ✓ | tag | str
| | ✓ | rawMessage | str
| | ✓ |
Field | Type | Source field name | Extra fields |
|---|
eventdate | timestamp
| | | host | str
| vhost | | subtype | str
| vsubtype | | proc_id | str
| | | msg_id | str
| | | sd_id | str
| | | component | str
| | | subcomponent | str
| | | user_name | str
| | | severity | str
| | | s2comp | str
| | | tid | str
| | | message | str
| | | hostchain | str
| | ✓ | tag | str
| | ✓ | rawMessage | str
| | ✓ |
Field | Type | Source field name | Extra fields |
|---|
eventdate | timestamp
| | | host | str
| vhost | | proc_id | str
| | | msg_id | str
| | | sd_id | str
| | | component | str
| | | subcomponent | str
| | | user_name | str
| | | severity | str
| | | s2comp | str
| | | tid | str
| | | message | str
| | | forwarding_engine | str
| | | hostchain | str
| | ✓ | tag | str
| | ✓ | rawMessage | str
| | ✓ |
Field | Type | Source field name | Extra fields |
|---|
eventdate | timestamp
| | | host | str
| vhost | | proc_id | str
| | | msg_id | str
| | | sd_id | str
| | | component | str
| | | subcomponent | str
| | | user_name | str
| | | severity | str
| | | s2comp | str
| | | message | str
| | | transport_node | str
| | | transaction | str
| | | received_from | str
| | | items_size | str
| | | full_sync | str
| | | hostchain | str
| | ✓ | tag | str
| | ✓ | rawMessage | str
| | ✓ |
Field | Type | Source field name | Extra fields |
|---|
eventdate | timestamp
| | | host | str
| vhost | | proc_id | str
| | | msg_id | str
| | | sd_id | str
| | | component | str
| | | subcomponent | str
| | | user_name | str
| | | severity | str
| | | s2comp | str
| | | message | str
| | | hostchain | str
| | ✓ | tag | str
| | ✓ | rawMessage | str
| | ✓ |
Field | Type | Source field name | Extra fields |
|---|
eventdate | timestamp
| | | host | str
| vhost | | proc_id | str
| | | msg_id | str
| | | sd_id | str
| | | component | str
| | | subcomponent | str
| | | user_name | str
| | | severity | str
| | | s2comp | str
| | | message | str
| | | repeats_number | str
| | | repeats_in | str
| | | message_body | str
| | | hostchain | str
| | ✓ | tag | str
| | ✓ | rawMessage | str
| | ✓ |
Field | Type | Source field name | Extra fields |
|---|
eventdate | timestamp
| | | host | str
| vhost | | subtype | str
| vsubtype | | message | str
| rawMessage | | hostchain | str
| | ✓ | tag | str
| | ✓ | rawMessage | str
| | ✓ |
Field | Type | Source field name | Extra fields |
|---|
eventdate | timestamp
| | | host | str
| vhost | | type | str
| | | action | str
| | | srcDate | timestamp
| | | id | str
| | | device | str
| | | srcIp | str
| | | src | str
| | | dstIp | str
| | | dstPort | str
| | | dst | str
| | | node | str
| | | arguments | str
| | | runtime | str
| | | procedure | str
| | | errorCode | str
| | | profile | str
| | | authChain | str
| | | language | str
| | | skin | str
| | | target | str
| | | identity | str
| | | reason | str
| | | authUser | str
| | | effectiveUser | str
| | | OTPLogin | str
| | | message | str
| | | rawMessage | str
| | ✓ | hostchain | str
| | ✓ | tag | str
| | ✓ |
|
