Parsers and Generated Fields | Integrations | LogScale Documentation

Skip to content

LogScale Documentation Full Library Knowledge Base Release Notes Integrations Query Examples Training API GraphQL API Search Archives Contacting Support

Parsers and Generated Fields

Tag Fields Created by Parser aruba-clearpass

#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type

Fields Identified by Parser aruba-clearpass

Source Field	CPS Field	Description	Mapping
@timestamp	@timestamp	Event timestamp in ISO 8601 format	Parsed from timestamp field using parseTimestamp function
Vendor.Endpoint.IP-Address	client.address	Client address	Extracted from endpoint IP address field
client.address	client.domain	Client domain name	Set when client.address is not valid IP
client.address	client.ip	Client IP address	Set when client.address is valid IP using CIDR validation
Vendor.Endpoint.MAC-Address	client.mac	Client MAC address	Extracted and formatted with dash separators and uppercase
None	ecs.version	ECS schema version	Static value: 9.2.0
Vendor.Description	error.message	Error message for failed operations	Extracted from Description field for failed events
Vendor.Action	event.action	Action performed in the event	Copied from Vendor.Action
Vendor.Category	event.category[]	Event categorization array	Array populated based on event type and category
Vendor.eventId	event.code	Unique event identifier	Copied from Vendor.eventId
None	event.kind	Event categorization	Static value: event
None	event.module	Module name for event source	Static value: clearpass
Vendor.Action	event.outcome	Event outcome (success/failure)	Determined based on event action
Vendor.Action, Vendor.Category	event.type[]	Event type classification array	Array populated based on event action and category
Vendor.Description	file.name	Filename for file operations	Extracted from Description field for backup events
@rawstring	log.syslog.appname	Syslog application name	Extracted from syslog header
@rawstring	log.syslog.hostname	Syslog hostname	Extracted from syslog header
@rawstring	log.syslog.msgid	Syslog message ID	Extracted from syslog header
@rawstring	log.syslog.priority	Syslog priority value	Extracted from syslog header
@rawstring	log.syslog.procid	Syslog process ID	Extracted from syslog header
@rawstring	log.syslog.version	Syslog version	Extracted from syslog header
Vendor.RADIUS.Acct-NAS-IP-Address	observer.ip[]	Observer IP address array	Array populated from RADIUS NAS IP address
Vendor.RADIUS.Acct-NAS-Port	observer.port	Observer port number	Extracted from RADIUS NAS port field
Vendor.swVersion	observer.version	Observer software version	Copied from Vendor.swVersion
Vendor.CppmNode.CPPM-Node	server.address	Server address	Extracted from CPPM node field
server.address	server.domain	Server domain name	Set when server.address is not valid IP
server.address	server.ip	Server IP address	Set when server.address is valid IP using CIDR validation
Vendor.RADIUS.Acct-Framed-IP-Address, Vendor.TACACS.Request-Type, Vendor.WEBAUTH.Host-IP-Address	source.address	Source address	Extracted from multiple RADIUS and authentication sources
source.address	source.domain	Source domain name	Set when source.address is not valid IP
source.address	source.ip	Source IP address	Set when source.address is valid IP using CIDR validation
Vendor.Description	source.port	Source port number	Extracted from Description field using regex
Vendor.Common.Username	user.domain	User domain	Extracted when username contains domain format
Vendor.RADIUS.Acct-Username, Vendor.Endpoint.Username, Vendor.Common.Username, Vendor.Description	user.name	Username	Extracted from multiple sources with domain parsing
Vendor.Description	user.role	User role	Extracted from Description field using regex

Enter search term