Parsers and Generated Fields | Integrations | LogScale Documentation

Skip to content

LogScale Documentation Full Library Knowledge Base Release Notes Integrations Query Examples Training API GraphQL API Search Archives Contacting Support

Parsers and Generated Fields

Tag Fields Created by Parser cisco-ios

#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type

Fields Identified by Parser cisco-ios

Source Field	CPS Field	Description	Mapping
_ts, _tz	@timestamp	Event timestamp	Parsed from _ts field using various timestamp formats
message	client.address	Client address	Extracted from message using regex patterns
client.address	client.ip	Client IP address	Copied from client.address after CIDR validation
message	client.mac	Client MAC address	Extracted and normalized from message
message	destination.address	Destination address	Extracted from message using regex patterns
destination.address	destination.ip	Destination IP address	Copied from destination.address after CIDR validation
message	destination.mac	Destination MAC address	Extracted and normalized from message
message	destination.port	Destination port number	Extracted from message using regex patterns
None	ecs.version	ECS schema version	Static value: 9.2.0
message	error.code	Error code	Set based on error type
message	error.message	Error message	Extracted from error events
message, Vendor.eventAction	event.action	Action performed	Extracted from message or set based on event type
Vendor.eventCode	event.category[]	Event categorization	Array populated based on event type conditions
event.module, Vendor.ios.facility	event.dataset	Dataset identifier	Formatted from event.module and Vendor.ios.facility
None	event.kind	Event kind classification	Static value: event
None	event.module	Module identifier	Static value: ios
Vendor.eventCode, message patterns	event.outcome	Event outcome status	Set based on event success/failure conditions
message	event.reason	Reason for event	Extracted from message using regex patterns
Vendor.ios.message_count, Vendor.ios.sequence	event.sequence	Event sequence number	Copied from Vendor.ios.message_count or Vendor.ios.sequence
Vendor.eventCode	event.type[]	Event type classification	Array populated based on event conditions
message	file.name	File name	Extracted from file-related error messages
message	host.mac[]	Host MAC addresses	Array populated from normalized MAC address
log.syslog.severity.code	log.level	Log severity level	Mapped from log.syslog.severity.code
@rawstring	log.syslog.hostname	Syslog hostname	Extracted from syslog header
@rawstring	log.syslog.priority	Syslog priority value	Extracted from syslog header
@rawstring	log.syslog.severity.code	Syslog severity code	Extracted from syslog priority with alphanumeric remapping
source.ip, destination.ip, network.transport, source.port, destination.port	network.community_id	Network community ID	Generated using communityId function
message	network.iana_number	IANA protocol number	Extracted from message using regex patterns
source.packets	network.packets	Total network packets	Copied from source.packets
message	network.protocol	Network protocol	Extracted from message for specific event types
message	network.transport	Network transport protocol	Extracted from message and normalized to lowercase
source.address, client.address	network.type	Network type	Set based on IP address format (ipv4/ipv6)
message	network.vlan.id	VLAN identifier	Extracted from message using regex patterns
message, Vendor.ingress_interface	observer.ingress.interface.name	Ingress interface name	Extracted from message or copied from Vendor field
@rawstring	observer.ip[0]	Observer IP address	Extracted from specific log patterns
None	observer.product	Observer product name	Static value: ios
message	process.command_line	Executed command line	Extracted from CFGLOG_LOGGEDCMD events
message	process.name	Process name	Extracted from SYSTEM_MSG events
message	process.pid	Process ID	Extracted from SYSTEM_MSG events
Vendor.sgacl_name	rule.name	Rule name	Copied from Vendor.sgacl_name
message	server.address	Server address	Extracted from message using regex patterns
server.address	server.ip	Server IP address	Copied from server.address after CIDR validation
message	server.port	Server port number	Extracted from message using regex patterns
message	source.address	Source address	Extracted from message using regex patterns
source.address	source.ip	Source IP address	Copied from source.address after CIDR validation
Vendor.mac	source.mac	Source MAC address	Normalized from Vendor.mac field
message	source.packets	Number of source packets	Extracted from message using regex patterns
message	source.port	Source port number	Extracted from message using regex patterns
user.name	source.user.name	Source username	Copied from user.name
message	user.name	Username	Extracted from message using regex patterns
message	vlan.id	VLAN identifier	Extracted from message using regex patterns

Enter search term