Parsers and Generated Fields
Tag Fields Created by Parser cisco-meraki
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser cisco-meraki
| Vendor Field | CPS Field | Description |
|---|---|---|
| message | Vendor.message | Original message |
| Vendor.client_ip | client.ip | |
| Vendor.client_ip; | client.ip | |
| client_ip | client.ip | Client IP address |
| Vendor.client_mac | client.mac | |
| Vendor.client_mac; | client.mac | |
| client_mac | client.mac | Client MAC address |
| Vendor.dst | destination.ip | |
| Vendor.translated_dst_ip | destination.ip | |
| dst | destination.ip | Destination IP address |
| translated_dst_ip | destination.ip | Translated destination IP for NAT events |
| Vendor.dst | destination.mac | |
| Vendor.dport | destination.port | |
| Vendor.dport; | destination.port | |
| Vendor.translated_port; | destination.port | |
| dport | destination.port | Destination port number |
| Vendor.type | event_subtype | |
| log.syslog.appname | event_subtype | |
| sha256 | file.hash.sha256 | SHA256 hash for files |
| Vendor.name | file.name | |
| name | file.name | File name for security events |
| Vendor.http_method | http.request.method | |
| http_method | http.request.method | HTTP method used |
| Vendor.direction | network.direction | |
| direction | network.direction | Traffic direction |
| Vendor.forwarded_ip | network.forwarded_ip | |
| forwarded_ip | network.forwarded_ip | Forwarded IP address |
| Vendor.ssid | network.name | |
| ssid | network.name | Network SSID |
| Vendor.protocol | network.protocol | |
| protocol | network.protocol | Protocol used |
| Vendor.vlan_id; | network.vlan.id | |
| vlan_id | network.vlan.id | VLAN ID |
| Vendor.url.host | server.address | |
| url.host | server.address | Server hostname from URL |
| Vendor.original_server_ip; | server.ip | |
| Vendor.server | server.ip | |
| server | server.ip | Server IP address |
| Vendor.original_server_mac | server.mac | |
| Vendor.server_mac | server.mac | |
| Vendor.server_mac; | server.mac | |
| server_mac | server.mac | Server MAC address |
| Vendor.serverport | server.port | |
| serverport | server.port | Server port number |
| Vendor.src | source.ip | |
| Vendor.translated_src_ip | source.ip | |
| src | source.ip | Source IP address |
| translated_src_ip | source.ip | Translated source IP for NAT events |
| Vendor.mac | source.mac | |
| Vendor.src | source.mac | |
| mac | source.mac | Source MAC address |
| Vendor.sport | source.port | |
| Vendor.sport; | source.port | |
| Vendor.translated_port; | source.port | |
| sport | source.port | Source port number |
| translated_port | source.port/destination.port | Translated port for NAT events |
| Vendor.url | url.original | |
| url | url.original | Original URL |
| Vendor.username | user.name | |
| username | user.name | Username |
| Vendor.agent | user_agent.original | |
| agent | user_agent.original | User agent string |