Document toolboxDocument toolbox

cloud.ibm

Owned by Juan Tomás Alonso Nieto (Deactivated), created
Last updated: Nov 02, 2023
1 min read
[ 1 Introduction ] [ 2 Valid tags and data tables  ] [ 3 Table structure ]

Introduction

The tags beginning with cloud.ibm identify events generated by cloud-related services belonging to IBM.

Valid tags and data tables 

The full tag must have 4 levels. The first two are fixed as cloud.ibm. The third level identifies the type of events sent. The fourth level indicates the event subtype.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

Product / Service

Tags

Data tables

IBM Cloud Activity Tracker

cloud.ibm.activity_tracker.audit

cloud.ibm.activity_tracker.audit

IBM SoftLayer

cloud.ibm.softlayer.event_log

cloud.ibm.softlayer.event_log

IBM Cloud Virtual Private Cloud (VPC)

cloud.ibm.vpc.flow_log

cloud.ibm.vpc.flow_log

For more information, read more About Devo tags.

Table structure

These are the fields displayed in these tables:

cloud.ibm.activity_tracker.audit

Field

Type

Field transformation

Source field name

Extra fields

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

 

hostname

str

 

 

 

account

str

 

 

 

cluster

str

 

 

 

host

str

 

 

 

ingester

str

 

 

 

logtype

str

 

 

 

file

str

 

 

 

line

str

 

 

 

rawline

str

 

 

 

ts

timestamp

 

 

 

platform

str

 

 

 

app

str

 

 

 

ip_v4

ip4

ip4(ip)

ip

 

ip_v6

ip6

ip6(ip)

ip

 

_key2

str

 

 

 

level2

str

 

 

 

bid

str

 

 

 

data_event

bool

 

 

 

log_source_crn

str

 

 

 

save_service_copy

bool

 

 

 

id

str

 

 

 

event_id

str

 

 

 

correlation_id

str

 

 

 

event_time

str

 

 

 

event_outcome

str

 

 

 

action

str

 

 

 

severity

str

 

 

 

message

str

 

 

 

mezmo_line_size

int4

 

 

 

observer__name

str

 

 

 

initiator__id

str

 

 

 

initiator__name

str

 

 

 

initiator__authn_id

str

 

 

 

initiator__authn_name

str

 

 

 

initiator__type_uri

str

 

 

 

initiator__host__agent

str

 

 

 

initiator__host__address_ip4

ip4

ip4(initiator__host__address)

initiator__host__address

 

initiator__host__address_vp6

ip6

initiator__host__address

 

initiator__host__address_type

str

 

 

 

initiator__credential__type

str

 

 

 

reason__reason_code

int4

 

 

 

reason__reason_type

str

 

 

 

destination_ip__id

str

 

 

 

destination_ip__type_uri

str

 

 

 

destination_ip__name

str

 

 

 

request_data__local_time

str

 

 

 

request_data__tag_type

str

 

 

 

request_data__body__tag_names

str

 

 

 

request_data__body__o_resources

str

 

 

 

response_data__results

str

 

 

 

at_devo_environment

str

 

 

 

at_devo_pulling_id

str

 

 

 

hostchain

str

 

 

✓

tag

str

 

 

✓

rawMessage

str

 

 

✓

cloud.ibm.softlayer.event_log

Field

Type

Field transformation

Source field name

Extra fields

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

 

hostname

str

 

 

 

account_id

int8

 

 

 

event_create_date

str

 

 

 

event_name

str

 

 

 

ipv4

ip4

ip

 

ipv6

ip6

ip

 

label

str

 

 

 

meta_data

str

 

 

 

object_id

int8

 

 

 

object_name

str

 

 

 

trace_id

str

 

 

 

user_id

int8

 

 

 

user_type

str

 

 

 

open_id_connect_user_name

str

 

 

 

username

str

 

 

 

at_devo_environment

str

 

 

 

at_devo_pulling_id

str

 

 

 

hostchain

str

 

 

✓

tag

str

 

 

✓

rawMessage

str

 

 

✓

cloud.ibm.vpc.flow_log

Field

Type

Field Transformation

Source field name

Extra fields

Field

Type

Field Transformation

Source field name

Extra fields

eventdate

timestamp

 

 

 

hostname

str

 

 

 

account

str

 

 

 

key

str

 

 

 

version

str

 

 

 

collector_crn

str

 

 

 

attached_endpoint_type

str

 

 

 

network_interface_id

str

 

 

 

instance_crn

str

 

 

 

vpc_crn

str

 

 

 

capture_end_time

timestamp

 

 

 

capture_start_time

timestamp

 

 

 

state

str

 

 

 

flow_log_start_time

timestamp

 

 

 

flow_log_end_time

timestamp

 

 

 

flow_log_direction

str

 

 

 

flow_log_action

str

 

 

 

flow_log_initiator_ip_v4

ip4

flow_log_initiator_ip

 

flow_log_initiator_ip_v6

ip6

flow_log_initiator_ip

 

flow_log_initiator_port

int4

 

 

 

flow_log_target_ip_v4

ip4

flow_log_target_ip

 

flow_log_target_ip_v6

ip6

flow_log_target_ip

 

flow_log_target_port

int4

 

 

 

flow_log_transport_protocol

int4

 

 

 

flow_log_ether_type

str

 

 

 

flow_log_was_initiated

bool

 

 

 

flow_log_was_terminated

bool

 

 

 

flow_log_bytes_from_initiator

int4

 

 

 

flow_log_packets_from_initiator

int4

 

 

 

flow_log_bytes_from_target

int4

 

 

 

flow_log_packets_from_target

int4

 

 

 

flow_log_cumulative_packets_from_initiator

int4

 

 

 

flow_log_cumulative_packets_from_target

int4

 

 

 

flow_log_cumulative_bytes_from_target

int8

 

 

 

flow_log_cumulative_bytes_from_initiator

int8

 

 

 

at_devo_environment

str

 

 

 

at_devo_pulling_id

str

 

 

 

hostchain

str

 

 

✓

tag

str

 

 

✓

rawMessage

str

 

 

✓