Parsers and Generated Fields
Tag Fields Created by Parser aws-s3serveraccess
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser aws-s3serveraccess
| Vendor Field | CPS Field | Description |
|---|---|---|
| `cloud.target.Resource.id[]` | Array | Vendor.bucket |
| `cloud.target.Resource.type[]` | Array | None |
| `event.category[]` | Array | None |
| `event.type[]` | Array | None |
| `event.outcome` | Conditional | Vendor.error_code |
| `client.ip` | Copied | Vendor.remote_ip |
| `client.user.id` | Copied | Vendor.requester |
| `cloud.Storage.bucket_name` | Copied | Vendor.bucket |
| `error.code` | Copied | Vendor.error_code |
| `event.action` | Copied | Vendor.operation |
| `event.duration` | Copied | Vendor.total_time |
| `event.id` | Copied | Vendor.request_id |
| `host.id` | Copied | Vendor.host_id |
| `http.request.referrer` | Copied | Vendor.referrer |
| `http.response.body.bytes` | Copied | Vendor.bytes_sent |
| `http.response.status_code` | Copied | Vendor.http_status |
| `tls.cipher` | Copied | Vendor.cipher_suite |
| `url.original` | Copied | Vendor.request_uri |
| `user_agent.original` | Copied | Vendor.user_agent |
| `http.request.method` | Extracted | Vendor.request_uri |
| `http.version` | Extracted | Vendor.request_uri |
| `tls.version_protocol` | Extracted | Vendor.tls_version |
| `tls.version` | Extracted | Vendor.tls_version |
| `client.address` | Lowercase | Vendor.remote_ip |
| `@timestamp` | Parsed | Vendor timestamp |
| `cloud.provider` | Static | None |
| `ecs.version` | Static | None |
| `event.kind` | Static | None |
| `event.module` | Static | None |
| Vendor.remote_ip | client.ip | |
| Vendor.requester | client.user.id | |
| Vendor.bucket | cloud.Storage.bucket_name | |
| Vendor.operation | event.action | |
| Vendor.total_time | event.duration | |
| Vendor.request_id | event.id | |
| Vendor.host_id | host.id | |
| Vendor.referrer | http.request.referrer | |
| Vendor.bytes_sent | http.response.body.bytes | |
| Vendor.http_status | http.response.status_code | |
| Vendor.cipher_suite | tls.cipher | |
| Vendor.request_uri | url.original | |
| Vendor.user_agent | user_agent.original |