Parsers and Generated Fields | Integrations | LogScale Documentation

Skip to content

LogScale Documentation Full Library Knowledge Base Release Notes Integrations Query Examples Training API GraphQL API Contacting Support

Parsers and Generated Fields

Tag Fields Created by Parser cisco-meraki

#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type

Fields Identified by Parser cisco-meraki

Vendor Field	CPS Field	Description
Vendor.eventData.channel	Vendor.channel
Vendor.eventData.connection_status	Vendor.connection_status
Vendor.eventData.dns	Vendor.dns
Vendor.eventData.duration	Vendor.lease_duration
message	Vendor.message	Original message
Vendor.eventData.new_state	Vendor.new_state
Vendor.eventData.peer_contact	Vendor.peer_contact
Vendor.eventData.peer_type	Vendor.peer_type
Vendor.eventData.rssi	Vendor.signal_strength
Vendor.eventData.vpn_type	Vendor.vpn_type
Vendor.clientDescription	client.address
clientDescription	client.address	Client description
Vendor.client_ip	client.ip
Vendor.eventData.client_ip	client.ip
Vendor.eventData.ip	client.ip
client_ip	client.ip	Client IP address
eventData.client_ip	client.ip	Client IP from event data
Vendor.client_mac	client.mac
clientMac	client.mac	Client MAC address in JSON format
client_mac	client.mac	Client MAC address
Vendor.eventData.local_as	destination.as.number
eventData.local_as	destination.as.number	Local AS number
Vendor.destination	destination.ip
Vendor.dst	destination.ip
Vendor.eventData.peer_ip	destination.ip
Vendor.eventData.router	destination.ip
Vendor.translated_dst_ip	destination.ip
destIp	destination.ip	Destination IP with port extraction
dst	destination.ip	Destination IP address
eventData.router	destination.ip	Router IP address
translated_dst_ip	destination.ip	Translated destination IP for NAT events
Vendor.dst	destination.mac
Vendor.dport	destination.port
Vendor.port	destination.port
dport	destination.port	Destination port number
Vendor.eventData.error_code	error.code
eventData.error_code	error.code	Error code
Vendor.eventData.desc	error.message
eventData.desc	error.message	Error description
Vendor.action	event.action
Vendor.eventType	event.action
Vendor.type	event.action
Vendor.description	event.original
Vendor.message	event.original
_outcome	event.outcome	Authentication outcome based on success/failure patterns
blocked	event.outcome	Determines if event was blocked
priority	event.severity	Maps priority levels to severity values
Vendor.type	event_subtype
log.syslog.appname	event_subtype
fileHash	file.hash.sha256	File hash
sha256	file.hash.sha256	SHA256 hash for files
Vendor.name	file.name
name	file.name	File name for security events
Vendor.fileSizeBytes	file.size
fileSizeBytes	file.size	File size in bytes
Vendor.fileType	file.type
fileType	file.type	File type
Vendor.clientDescription	host.hostname
Vendor.clientName	host.hostname
Vendor.clientId	host.id
Vendor.http_method	http.request.method
http_method	http.request.method	HTTP method used
Vendor.application	network.application
Vendor.sent	network.bytes
Vendor.direction	network.direction
direction	network.direction	Traffic direction
Vendor.forwarded_ip	network.forwarded_ip
forwarded_ip	network.forwarded_ip	Forwarded IP address
Vendor.networkId	network.name
Vendor.ssid	network.name
networkId	network.name	Network identifier
ssid	network.name	Network SSID
Vendor.flows	network.packets
Vendor.protocol	network.protocol
protocol	network.protocol	Protocol used
network.transport	network.transport	Network transport protocol for VPN connections
Vendor.eventData.vlan	network.vlan.id
eventData.vlan	network.vlan.id	VLAN ID from event data
vlan_id	network.vlan.id	VLAN ID
Vendor.deviceName	observer.name
deviceName	observer.name	Device name
Vendor.deviceSerial	observer.serial_number
deviceSerial	observer.serial_number	Device serial number
Vendor.classification	rule.category
classification	rule.category	Alert classification
Vendor.message	rule.description
message	rule.description	Alert description
Vendor.signature	rule.id
signature	rule.id	Signature ID for IDS alerts
Vendor.message	rule.name
message	rule.name	Alert message
Vendor.ruleId	rule.reference
ruleId	rule.reference	Rule reference ID
Vendor.url.host	server.address
url.host	server.address	Server hostname from URL
Vendor.server	server.ip
server	server.ip	Server IP address
Vendor.original_server_mac	server.mac
Vendor.server_mac	server.mac
server_mac	server.mac	Server MAC address
Vendor.serverport	server.port
serverport	server.port	Server port number
Vendor.eventData.remote_as	source.as.number
eventData.remote_as	source.as.number	Remote AS number
Vendor.eventData.client_ip	source.ip
Vendor.eventData.ip	source.ip
Vendor.eventData.peer_ip	source.ip
Vendor.src	source.ip
Vendor.srcIp	source.ip
Vendor.translated_src_ip	source.ip
eventData.ip	source.ip	IP address from event data
eventData.peer_ip	source.ip	BGP peer IP address
src	source.ip	Source IP address
srcIp	source.ip	Source IP with port extraction
translated_src_ip	source.ip	Translated source IP for NAT events
Vendor.clientMac	source.mac
Vendor.mac	source.mac
Vendor.src	source.mac
mac	source.mac	Source MAC address
Vendor.sport	source.port
sport	source.port	Source port number
translated_port	source.port/destination.port	Translated port for NAT events
message	threat.indicator.description	Threat description
fileHash	threat.indicator.file.hash.sha256	Threat indicator file hash
destIp	threat.indicator.ip	Threat indicator IP
destination.ip	threat.indicator.ip
tls.version	tls.version	TLS version for VPN connections
Vendor.uri	url.original
Vendor.url	url.original
uri	url.original	Original URI
url	url.original	Original URL
Vendor.username	user.name
username	user.name	Username
Vendor.agent	user_agent.original
agent	user_agent.original	User agent string

Enter search term