Document toolboxDocument toolbox

app.cisco

Owned by Juan Tomás Alonso Nieto (Deactivated)
May 08, 2023
1 min read
[ 1 Introduction ] [ 2 Valid tags and data tables  ] [ 3 Table structure ]

Introduction

The tags beginning with app.cisco identify events generated by Cisco applications.

Valid tags and data tables 

The full tag must have 4 levels. The first two are fixed as app.cisco. The third level identifies the type of events sent. The fourth level indicates the event subtype.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

Product / Service

Tags

Data tables

Cisco Unified Communications Manager

app.cisco.cucm.audit

app.cisco.cucm.audit

For more information, read more About Devo tags.

Table structure

These are the fields displayed in this table:

Field

Type

Field transformation

Source field name

Extra fields

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

 

hostname

str

 

 

 

internal_id

str

 

 

 

timestamp

timestamp

parsedate(timestamp_string, dateformat("MMM DD YYYY HH:mm:ss.SSS [UTC]", "UTC", "en-US"))

timestamp_string

 

event

str

 

 

 

user_id

str

 

 

 

client_address

ip4

 

 

 

severity

str

 

 

 

event_type

str

 

 

 

resource_accessed

str

 

 

 

event_status

str

 

 

 

compulsory_event

str

 

 

 

audit_category

str

 

 

 

component_id

str

 

 

 

correlation_id

str

 

 

 

audit_details

str

 

 

 

app_id

str

 

 

 

cluster_id

str

 

 

 

node_id

str

 

 

 

description

str

 

 

 

hostchain

str

 

 

✓

tag

str

 

 

✓

rawMessage

str

 

 

✓

Â