Parsers and Generated Fields | Integrations | LogScale Documentation

Skip to content

LogScale Documentation Full Library Knowledge Base Release Notes Integrations Training API GraphQL API Contacting Support

Parsers and Generated Fields

Tag Fields Created by Parser cloudflare-one

#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type

Fields Identified by Parser cloudflare-one

Source Field	LogScale Repository Field
Vendor.ClientRequestUserAgent	agent.original
Vendor.UserAgent	agent.original
Vendor.ClientVersion	agent.version
Vendor.ClientASN	as.number
Vendor.ClientRequestHost	client.domain
Vendor.ClientIP	client.ip
Vendor.IPAddress	client.ip
Vendor.ClientSrcPort	client.port
Vendor.ClientCountry	code
Vendor.Country	code
Vendor.HTTPStatusCode	code
Vendor.BytesReceived	destination.bytes
Vendor.DestinationIP	destination.ip
Vendor.DstIP	destination.ip
Vendor.IPDestinationAddress	destination.ip
Vendor.OriginIP	destination.ip
Vendor.DestinationPort	destination.port
Vendor.DstPort	destination.port
Vendor.OriginPort	destination.port
host.id	device.id
host.name	device.model.identifier
Vendor.RData[0].data	dns.answers[0].data
Vendor.RData[0].type	dns.answers[0].type
Vendor.RData[1].data	dns.answers[1].data
Vendor.RData[1].type	dns.answers[1].type
Vendor.RData[2].data	dns.answers[2].data
Vendor.RData[2].type	dns.answers[2].type
Vendor.RData[3].data	dns.answers[3].data
Vendor.RData[3].type	dns.answers[3].type
Vendor.RData[4].data	dns.answers[4].data
Vendor.RData[4].type	dns.answers[4].type
Vendor.QueryName	dns.question.name
Vendor.QueryTypeName	dns.question.type
Vendor.event.subject	email.subject
Vendor.event.to[0]	email.to.address[0]
Vendor.event.to[1]	email.to.address[1]
Vendor.event.to[2]	email.to.address[2]
Vendor.event.to[3]	email.to.address[3]
Vendor.event.to[4]	email.to.address[4]
Vendor.Action	event.action
Vendor.ActionType	event.action
Vendor.ConnectionCloseReason	event.action
Vendor.SessionID	event.id
Vendor.Interface	event.provider
Vendor.PurposeJustificationPrompt	event.reason
Vendor.event.alert	event.reason
Vendor.BlockedFileName	file.name
Vendor.BlockedFileSize	file.size
Vendor.DeviceID	host.id
Vendor.DeviceName	host.name
Vendor.DeviceType	host.os.family
Vendor.OSVersion	host.os.version
Vendor.ClientRequestMethod	http.request.method
Vendor.HTTPMethod	http.request.method
Vendor.ClientRequestReferer	http.request.referrer
Vendor.Referer	http.request.referrer
Vendor.HTTPVersion	http.version
Vendor.Offramp	interface.name
Vendor.SignatureMessage	message
Vendor.ColoCity	name
Vendor.ColoCode	name
Vendor.SNI	name
Vendore.Direction	network.direction
Vendor.Protocol	network.protocol
Vendor.Protocol	network.transport
Vendor.Transport	network.transport
Vendor.VirtualNetworkID	network.vlan.id
Vendor.ClientSSLProtocol	protocol
Vendor.PostureCheckType	rule.category
Vendor.PolicyID	rule.id
Vendor.PostureCheckName	rule.name
Vendor.WAFAttackScore	score
Vendor.AppUUID	service.id
Vendor.BytesSent	source.bytes
Vendor.ActorIP	source.ip
Vendor.IPSourceAddress	source.ip
Vendor.SourceIP	source.ip
Vendor.SrcIP	source.ip
Vendor.SourcePort	source.port
Vendor.SrcPort	source.port
Vendor.ClientSSLCipher	tls.cipher
Vendor.ClientTLSCipher	tls.cipher
Vendor.OriginTLSCertificateIssuer	tls.server.issuer
Vendor.ClientTLSVersion	tls.version
Vendor.CreatedAt	ts
Vendor.Datetime	ts
Vendor.DetectedTimestamp	ts
Vendor.EdgeStartTimestamp	ts
Vendor.SessionStartTime	ts
Vendor.Timestamp	ts
Vendor.When	ts
Vendor.time	ts
Vendor.AssetLink	url.original
Vendor.URL	url.original
Vendor.ActorEmail	user.email
Vendor.Email	user.email
Vendor.ActorID	user.id
Vendor.UserID	user.id
Vendor.UserUID	user.id
Vendor.FindingTypeDisplayName	vulnerability.description
Vendor.FindingTypeSeverity	vulnerability.severity

Enter search term