Parsers and Generated Fields
Tag Fields Created by Parser aws-vpcflow
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser aws-vpcflow
| Vendor Field | CPS Field | Description |
|---|---|---|
| `event.category[]` | Array | None |
| `event.type[]` | Array | Vendor.action |
| `destination.address` | Copied | Vendor.dstaddr |
| `destination.ip` | Copied | Vendor.dstaddr (indirect) |
| `destination.port` | Copied | Vendor.dstport |
| `event.action` | Copied | Vendor.action |
| `event.end` | Copied | Vendor.end |
| `event.start` | Copied | Vendor.start |
| `network.bytes` | Copied | Vendor.bytes |
| `network.iana_number` | Copied | Vendor.protocol |
| `network.packets` | Copied | Vendor.packets |
| `source.address` | Copied | Vendor.srcaddr |
| `source.ip` | Copied | Vendor.srcaddr (indirect) |
| `source.port` | Copied | Vendor.srcport |
| `cloud.account.id` | Formatted | Vendor.account-id |
| `observer.ingress.interface.id` | Formatted | Vendor.interface-id |
| `error.message` | Lowercase | Vendor.log-status |
| `event.outcome` | Mapped | Vendor.action |
| `@timestamp` | Parsed | Vendor.start |
| `ecs.version` | Static | None |
| `event.kind` | Static | None |
| `event.module` | Static | None |
| Vendor.dstaddr | destination.address | |
| destination.address | destination.ip | |
| Vendor.dstport | destination.port | |
| Vendor.action | event.action | |
| Vendor.end | event.end | |
| Vendor.start | event.start | |
| Vendor.bytes | network.bytes | |
| Vendor.protocol | network.iana_number | |
| Vendor.packets | network.packets | |
| Vendor.type | network.type | |
| Vendor.srcaddr | source.address | |
| source.address | source.ip | |
| Vendor.srcport | source.port |