box.unix_cloudwatch
- Juan Tomás Alonso Nieto (Deactivated)
Introduction
The tag box.unix_cloudwatch identifies events generated by CloudWatch on UNIX.
Valid tags and data tables
These are the valid tags and corresponding data tables that will receive the parsers' data:
Product / Service | Tags | Data tables |
|---|---|---|
CloudWatch logs on UNIX |
|
|
Table structure
These are the fields displayed in this table:
box.unix_cloudwatch
Field | Type | Field transformation | Source field name | Extra fields |
|---|---|---|---|---|
eventdate |
|
|
|
|
machine |
|
|
|
|
machineIp |
|
|
|
|
srceventdate |
|
|
|
|
facility |
|
|
|
|
level |
|
| vlevel |
|
id |
|
|
|
|
timestamp |
|
|
|
|
unix_message |
|
|
|
|
application |
| split(tag, ".", 2) | tag |
|
aws_region |
| split(tag, ".", 3) | tag |
|
appName |
|
|
|
|
processId |
|
|
|
|
owner |
|
|
|
|
logGroup |
|
|
|
|
logStream |
|
|
|
|
message |
|
|
|
|
auditType |
|
|
|
|
type |
|
|
|
|
action |
|
|
|
|
user |
|
|
|
|
srcUser |
|
|
|
|
srcIp |
|
|
|
|
srcPort |
|
|
|
|
logname |
|
|
|
|
logLevel |
|
|
|
|
eventType |
|
|
|
|
product |
|
|
|
|
category |
|
|
|
|
productVersion |
|
|
|
|
eventId |
|
|
|
|
eventName |
|
|
|
|
severity |
|
|
|
|
utc |
|
|
|
|
centrifyEventID |
|
|
|
|
status |
|
|
|
|
server |
|
|
|
|
msg |
|
|
|
|
obj |
|
|
|
|
pid |
|
|
|
|
uid |
|
|
|
|
euid |
|
|
|
|
auid |
|
|
|
|
audit_pid |
|
|
|
|
ses |
|
|
|
|
tty |
|
|
|
|
ruser |
|
|
|
|
rhost |
|
|
|
|
pwd |
|
|
|
|
cmd |
|
|
|
|
attempt |
|
|
|
|
device |
|
|
|
|
arch |
|
|
|
|
syscall |
|
|
|
|
success |
|
|
|
|
exit |
|
|
|
|
op |
|
|
|
|
comm |
|
|
|
|
msg2 |
|
|
|
|
hostchain |
|
|
| ✓ |
tag |
|
|
| ✓ |
rawMessage |
|
| rawSource | ✓ |