Introduction
The tags beginning with cloud.aws.configlogs
identify events generated by AWS Config.
Valid tags and data tables
The full tag must have 4 levels. The first 3 are fixed as cloud.aws.configlogs
. The fourth level indicates the event subtype.
These are the valid tags and corresponding data tables that will receive the parsers' data:
Product / Service | Tags | Data tables |
---|---|---|
{Service name} |
|
|
For more information, read more About Devo tags.
Table structure
These are the fields displayed in this table:
Field | Type | Field transformation | Source field name | Extra fields |
---|---|---|---|---|
eventdate |
|
|
| |
fileVersion |
|
|
| |
configurationItems_str |
| stringify(json(configurationItems)) | configurationItems | |
configurationItemDiff_changedProperties_Relationships0_previousValue_resourceId |
|
|
| |
configurationItemDiff_changedProperties_Relationships0_previousValue_resourceType |
|
|
| |
configurationItemDiff_changedProperties_Relationships0_previousValue_name |
|
|
| |
configurationItemDiff_changedProperties_Relationships0_updatedValue_resourceId |
|
|
| |
configurationItemDiff_changedProperties_Relationships0_updatedValue_resourceType |
|
|
| |
configurationItemDiff_changedProperties_Relationships0_updatedValue_name |
|
|
| |
configurationItemDiff_changedProperties_Relationships0_changeType |
|
|
| |
configurationItemDiff_changedProperties_Relationships1_previousValue_resourceId |
|
|
| |
configurationItemDiff_changedProperties_Relationships1_previousValue_resourceType |
|
|
| |
configurationItemDiff_changedProperties_Relationships1_previousValue_name |
|
|
| |
configurationItemDiff_changedProperties_Relationships1_updatedValue_resourceId |
|
|
| |
configurationItemDiff_changedProperties_Relationships1_updatedValue_resourceType |
|
|
| |
configurationItemDiff_changedProperties_Relationships1_updatedValue_name |
|
|
| |
configurationItemDiff_changedProperties_Relationships1_changeType |
|
|
| |
configurationItemDiff_changedProperties_Relationships2_previousValue_resourceId |
|
|
| |
configurationItemDiff_changedProperties_Relationships2_previousValue_resourceType |
|
|
| |
configurationItemDiff_changedProperties_Relationships2_previousValue_name |
|
|
| |
configurationItemDiff_changedProperties_Relationships2_updatedValue_resourceId |
|
|
| |
configurationItemDiff_changedProperties_Relationships2_updatedValue_resourceType |
|
|
| |
configurationItemDiff_changedProperties_Relationships2_updatedValue_name |
|
|
| |
configurationItemDiff_changedProperties_Relationships2_changeType |
|
|
| |
configurationItemDiff_changeType |
|
|
| |
configurationItem_relatedEvents |
|
|
| |
configurationItem_relationships_resourceId_str |
| replace(replace(stringify(json(configurationItem_relationships_resourceId)), "[", ""), "]", "") | configurationItem_relationships_resourceId | |
configurationItem_relationships_resourceName_str |
| replace(replace(stringify(json(configurationItem_relationships_resourceName)), "[", ""), "]", "") | configurationItem_relationships_resourceName | |
configurationItem_relationships_resourceType_str |
| replace(replace(stringify(json(configurationItem_relationships_resourceType)), "[", ""), "]", "") | configurationItem_relationships_resourceType | |
configurationItem_relationships_name_str |
| replace(replace(stringify(json(configurationItem_relationships_name)), "[", ""), "]", "") | configurationItem_relationships_name | |
configurationItem_configuration_description |
|
|
| |
configurationItem_configuration_groupName |
|
|
| |
configurationItem_configuration_ipPermissions_ipProtocol_str |
| replace(replace(stringify(json(configurationItem_configuration_ipPermissions_ipProtocol)), "[", ""), "]", "") | configurationItem_configuration_ipPermissions_ipProtocol | |
configurationItem_configuration_ipPermissions_ipv6Ranges_str |
| replace(replace(stringify(json(configurationItem_configuration_ipPermissions_ipv6Ranges)), "[", ""), "]", "") | configurationItem_configuration_ipPermissions_ipv6Ranges | |
configurationItem_configuration_ipPermissions_prefixListIds_str |
| replace(replace(stringify(json(configurationItem_configuration_ipPermissions_prefixListIds)), "[", ""), "]", "") | configurationItem_configuration_ipPermissions_prefixListIds | |
configurationItem_configuration_ipPermissions_userIdGroupPairs_str |
| replace(replace(stringify(json(configurationItem_configuration_ipPermissions_userIdGroupPairs)), "[", ""), "]", "") | configurationItem_configuration_ipPermissions_userIdGroupPairs | |
configurationItem_configuration_ipPermissions_ipv4Ranges_str |
| replace(replace(stringify(json(configurationItem_configuration_ipPermissions_ipv4Ranges)), "[", ""), "]", "") | configurationItem_configuration_ipPermissions_ipv4Ranges | |
configurationItem_configuration_ipPermissions_ipRanges_str |
| replace(replace(stringify(json(configurationItem_configuration_ipPermissions_ipRanges)), "[", ""), "]", "") | configurationItem_configuration_ipPermissions_ipRanges | |
configurationItem_configuration_ownerId |
|
|
| |
configurationItem_configuration_groupId |
|
|
| |
configurationItem_configuration_ipPermissionsEgress_ipProtocol_str |
| replace(replace(stringify(json(configurationItem_configuration_ipPermissionsEgress_ipProtocol)), "[", ""), "]", "") | configurationItem_configuration_ipPermissionsEgress_ipProtocol | |
configurationItem_configuration_ipPermissionsEgress_ipv6Ranges_str |
| replace(replace(stringify(json(configurationItem_configuration_ipPermissionsEgress_ipv6Ranges)), "[", ""), "]", "") | configurationItem_configuration_ipPermissionsEgress_ipv6Ranges | |
configurationItem_configuration_ipPermissionsEgress_prefixListIds_str |
| replace(replace(stringify(json(configurationItem_configuration_ipPermissionsEgress_prefixListIds)), "[", ""), "]", "") | configurationItem_configuration_ipPermissionsEgress_prefixListIds | |
configurationItem_configuration_ipPermissionsEgress_userIdGroupPairs_str |
| replace(replace(stringify(json(configurationItem_configuration_ipPermissionsEgress_userIdGroupPairs)), "[", ""), "]", "") | configurationItem_configuration_ipPermissionsEgress_userIdGroupPairs | |
configurationItem_configuration_ipPermissionsEgress_ipv4Ranges_str |
| replace(replace(stringify(json(configurationItem_configuration_ipPermissionsEgress_ipv4Ranges)), "[", ""), "]", "") | configurationItem_configuration_ipPermissionsEgress_ipv4Ranges | |
configurationItem_configuration_ipPermissionsEgress_ipRanges_str |
| replace(replace(stringify(json(configurationItem_configuration_ipPermissionsEgress_ipRanges)), "[", ""), "]", "") | configurationItem_configuration_ipPermissionsEgress_ipRanges | |
configurationItem_configuration_tags |
|
|
| |
configurationItem_configuration_vpcId |
|
|
| |
configurationItem_supplementaryConfiguration |
|
|
| |
configurationItem_supplementaryConfiguration__EnableTerminationProtection |
|
|
| |
configurationItem_supplementaryConfiguration_StackResourceSummaries_updateReplacePolicy_str |
| join(configurationItem_supplementaryConfiguration_StackResourceSummaries_updateReplacePolicy, ',') | configurationItem_supplementaryConfiguration_StackResourceSummaries_updateReplacePolicy | |
configurationItem_supplementaryConfiguration_StackResourceSummaries_deletionPolicy_str |
| join(configurationItem_supplementaryConfiguration_StackResourceSummaries_deletionPolicy, ',') | configurationItem_supplementaryConfiguration_StackResourceSummaries_deletionPolicy | |
configurationItem_supplementaryConfiguration_StackResourceSummaries_logicalResourceId_str |
| join(configurationItem_supplementaryConfiguration_StackResourceSummaries_logicalResourceId, ',') | configurationItem_supplementaryConfiguration_StackResourceSummaries_logicalResourceId | |
configurationItem_supplementaryConfiguration_StackResourceSummaries_physicalResourceId_str |
| join(configurationItem_supplementaryConfiguration_StackResourceSummaries_physicalResourceId, ',') | configurationItem_supplementaryConfiguration_StackResourceSummaries_physicalResourceId | |
configurationItem_supplementaryConfiguration_StackResourceSummaries_resourceType_str |
| join(configurationItem_supplementaryConfiguration_StackResourceSummaries_resourceType, ',') | configurationItem_supplementaryConfiguration_StackResourceSummaries_resourceType | |
configurationItem_supplementaryConfiguration_StackResourceSummaries_lastUpdatedTimestamp_str |
| join(configurationItem_supplementaryConfiguration_StackResourceSummaries_lastUpdatedTimestamp, ',') | configurationItem_supplementaryConfiguration_StackResourceSummaries_lastUpdatedTimestamp | |
configurationItem_supplementaryConfiguration_StackResourceSummaries_resourceStatus_str |
| join(configurationItem_supplementaryConfiguration_StackResourceSummaries_resourceStatus, ',') | configurationItem_supplementaryConfiguration_StackResourceSummaries_resourceStatus | |
configurationItem_supplementaryConfiguration_StackResourceSummaries_driftInformation_stackResourceDriftStatus_str |
| join(configurationItem_supplementaryConfiguration_StackResourceSummaries_driftInformation_stackResourceDriftStatus, ',') | configurationItem_supplementaryConfiguration_StackResourceSummaries_driftInformation_stackResourceDriftStatus | |
supplementaryConfiguration_unsupportedResources |
|
|
| |
configurationItem_tags |
|
|
| |
configurationItem_configurationItemVersion |
|
|
| |
configurationItem_configurationItemCaptureTime |
|
|
| |
configurationItem_configurationStateId |
|
|
| |
configurationItem_awsAccountId |
|
|
| |
configurationItem_configurationItemStatus |
|
|
| |
configurationItem_resourceType |
|
|
| |
configurationItem_resourceId |
|
|
| |
configurationItem_resourceName |
|
|
| |
configurationItem_ARN |
|
|
| |
configurationItem_awsRegion |
|
|
| |
configurationItem_availabilityZone |
|
|
| |
configurationItem_configurationStateMd5Hash |
|
|
| |
configurationItem_resourceCreationTime |
|
|
| |
configurationItem_fileVersion |
|
|
| |
configurationItem_configSnapshotId |
|
|
| |
configurationItem_eventTimestamp |
|
|
| |
configurationItem_configuration_stackId |
|
|
| |
configurationItem_configuration_stackName |
|
|
| |
configurationItem_configuration_creationTime |
| ifthenelse(startswith(configurationItem_configuration_creationTime_tmp, '"') and endswith(configurationItem_configuration_creationTime_tmp, '"'), replaceall(configurationItem_configuration_creationTime_tmp, '"', ""), configurationItem_configuration_creationTime_tmp) | configurationItem_configuration_creationTime_tmp | |
configurationItem_configuration_lastUpdatedTime |
|
|
| |
configurationItem_configuration_stackStatus |
|
|
| |
configurationItem_configuration_disableRollback |
|
|
| |
configurationItem_configuration_notificationARNs_str |
| replace(replace(stringify(json(configurationItem_configuration_notificationARNs)), "[", ""), "]", "") | configurationItem_configuration_notificationARNs | |
configurationItem_configuration_capabilities_str |
| replace(replace(stringify(json(configurationItem_configuration_capabilities)), "[", ""), "]", "") | configurationItem_configuration_capabilities | |
configurationItem_configuration_outputs_str |
| replace(replace(stringify(json(configurationItem_configuration_outputs)), "[", ""), "]", "") | configurationItem_configuration_outputs | |
configurationItem_configuration_driftInformation_stackDriftStatus |
|
|
| |
notificationCreationTime |
|
|
| |
messageType |
|
|
| |
recordVersion |
|
|
| |
`timestamp` |
|
| configurationItem_configurationItemCaptureTime | |
ACCID |
|
|
| |
REGION |
|
|
| |
hostchain |
|
|
| ✓ |
tag |
|
|
| ✓ |
rawMessage |
|
|
| ✓ |