Parsers and Generated Fields
Tag Fields Created by Parser dell-isilon
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser dell-isilon
| Vendor Field | CPS Field | Description |
|---|---|---|
| `event.category[]` | Array | None |
| `event.type[]` | Array | None |
| `client.address` | Copied | client.ip |
| `client.ip` | Copied | Vendor.clientIPAddr |
| `event.action` | Copied | Vendor.operation |
| `file.inode` | Copied | Vendor.inode |
| `file.path` | Copied | Vendor.filename |
| `log.syslog.appname` | Copied | Vendor.syslog.app |
| `log.syslog.hostname` | Copied | Vendor.syslog.host |
| `log.syslog.priority` | Copied | Vendor.syslog.priority |
| `log.syslog.procid` | Copied | Vendor.syslog.pid |
| `network.protocol` | Copied | Vendor.protocol |
| `user.id` | Copied | Vendor.userSID |
| `user.name` | Copied | Vendor.username |
| `event.outcome` | Mapped | Vendor.ntStatus |
| `@timestamp` | Parsed | @rawstring |
| `ecs.version` | Static | None |
| `event.kind` | Static | None |
| `event.module` | Static | None |
| client.ip | client.address | |
| Vendor.clientIPAddr | client.ip | |
| Vendor.inode | file.inode | |
| Vendor.filename | file.path | |
| Vendor.syslog.app | log.syslog.appname | |
| Vendor.syslog.host | log.syslog.hostname | |
| Vendor.syslog.priority | log.syslog.priority | |
| Vendor.syslog.pid | log.syslog.procid | |
| Vendor.userSID | user.id | |
| Vendor.username | user.name |