Parsers and Generated Fields

Tag Fields Created by Parser aruba-clearpass

  • #Cps.version

  • #Vendor

  • #ecs.version

  • #event.dataset

  • #event.kind

  • #event.module

  • #event.outcome

  • #observer.type

Fields Identified by Parser aruba-clearpass
Vendor FieldCPS FieldDescription
`event.category[]`ArrayVendor.Category
`event.type[]`ArrayVendor.Action, Vendor.Category
`observer.ip[]`ArrayVendor.RADIUS.Acct-NAS-IP-Address
`event.action`CopiedVendor.Action
`event.code`CopiedVendor.eventId
`observer.version`CopiedVendor.swVersion
`event.outcome`DeterminedVendor.Action
`client.address`ExtractedVendor.Endpoint.IP-Address
`client.mac`ExtractedVendor.Endpoint.MAC-Address
`error.message`ExtractedVendor.Description
`file.name`ExtractedVendor.Description
`log.syslog.appname`Extracted@rawstring
`log.syslog.hostname`Extracted@rawstring
`log.syslog.msgid`Extracted@rawstring
`log.syslog.priority`Extracted@rawstring
`log.syslog.procid`Extracted@rawstring
`log.syslog.version`Extracted@rawstring
`observer.port`ExtractedVendor.RADIUS.Acct-NAS-Port
`server.address`ExtractedVendor.CppmNode.CPPM-Node
`source.address`ExtractedVendor.RADIUS.Acct-Framed-IP-Address, Vendor.TACACS.Request-Type, Vendor.WEBAUTH.Host-IP-Address
`source.port`ExtractedVendor.Description
`user.domain`ExtractedVendor.Common.Username
`user.name`ExtractedVendor.RADIUS.Acct-Username, Vendor.Endpoint.Username, Vendor.Common.Username, Vendor.Description
`user.role`ExtractedVendor.Description
`@timestamp`Parsed@timestamp
`client.domain`Setclient.address
`client.ip`Setclient.address
`server.domain`Setserver.address
`server.ip`Setserver.address
`source.domain`Setsource.address
`source.ip`Setsource.address
`ecs.version`StaticNone
`event.kind`StaticNone
`event.module`StaticNone
Vendor.Actionevent.action 
Vendor.eventIdevent.code 
Vendor.swVersionobserver.version