Parsers and Generated Fields | Integrations | LogScale Documentation

Skip to content

LogScale Documentation Full Library Knowledge Base Release Notes Integrations Query Examples Training API GraphQL API Contacting Support

Parsers and Generated Fields

Tag Fields Created by Parser aruba-clearpass

#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type

Fields Identified by Parser aruba-clearpass

Vendor Field	CPS Field	Description
Vendor.Description	Vendor.NAD	Extracts Network Access Device information
Vendor.Description	Vendor.device	Extracts device information for ReadDeviceInfo events
Vendor.Description	Vendor.session_id	Extracts session ID from Description field for session events
Vendor.Description	client.ip	Extracts client IP from Description field for login events
Vendor.Endpoint.IP-Address	client.ip	Client IP address using format function
Vendor.Endpoint.MAC-Address	client.mac	Client MAC address using format function
Vendor.Description	error.message	Extracts error messages for failed events
Vendor.Action	event.action	Action taken in the event
Vendor.eventId	event.id	Direct mapping of event identifier
Vendor.Description	file.name	Extracts filename for backup events
Vendor.RADIUS.Acct-NAS-IP-Address	observer.ip	Observer IP address from RADIUS accounting
Vendor.RADIUS.Acct-NAS-Port	observer.port	Observer port from RADIUS accounting
Vendor.swVersion	observer.version	Observer software version
Vendor.Description	server.address	Extracts server address for AD connection events
Vendor.CppmNode.CPPM-Node	server.ip	Server IP address using format function
Vendor.RADIUS.Acct-Framed-IP-Address	source.ip	Source IP address from RADIUS accounting
Vendor.TACACS.Request-Type	source.ip	Source IP address from TACACS when available
Vendor.WEBAUTH.Host-IP-Address	source.ip	Source IP address from web authentication
Vendor.Description	source.ip,	Extracts source IP and port for trap events
Vendor.Common.Username;	user.name
Vendor.Description	user.name	Extracts username from Description field for login events
Vendor.Endpoint.Username	user.name	Username from endpoint when RADIUS not available
Vendor.Endpoint.Username;	user.name
Vendor.RADIUS.Acct-Username	user.name	Username from RADIUS accounting when available
Vendor.Common.Username	user.name,	Extracts domain and username when in format domain/username
Vendor.Description	user.role	Extracts user role from Description field for login events

Enter search term