Parsers and Generated Fields

Tag Fields Created by Parser aws-waf

  • #Cps.version

  • #Vendor

  • #ecs.version

  • #event.dataset

  • #event.kind

  • #event.module

  • #event.outcome

  • #observer.type

Fields Identified by Parser aws-waf
Vendor FieldCPS FieldDescription
`event.category[]`ArrayNone
`event.type[]`ArrayVendor.action
`event.action`CopiedVendor.action
`http.request.id`CopiedVendor.httpRequest.requestId
`http.request.method`CopiedVendor.httpRequest.httpMethod
`rule.id`CopiedVendor.terminatingRuleId
`rule.ruleset`CopiedVendor.terminatingRuleType
`source.geo.country_iso_code`CopiedVendor.httpRequest.country
`source.ip`CopiedVendor.httpRequest.clientIp
`url.path`CopiedVendor.httpRequest.uri
`url.query`CopiedVendor.httpRequest.args
`http.version`ExtractedVendor.httpRequest.httpVersion
`network.protocol`ExtractedVendor.httpRequest.httpVersion
`@timestamp`ParsedVendor.timestamp
`ecs.version`StaticNone
`event.kind`StaticNone
`event.module`StaticNone
`network.transport`Staticnetwork.protocol
Vendor.actionevent.action 
Vendor.httpRequest.requestIdhttp.request.id 
Vendor.httpRequest.httpMethodhttp.request.method 
Vendor.terminatingRuleIdrule.id 
Vendor.terminatingRuleTyperule.ruleset 
Vendor.httpRequest.countrysource.geo.country_iso_code 
Vendor.httpRequest.clientIpsource.ip 
Vendor.httpRequest.uriurl.path 
Vendor.httpRequest.argsurl.query