Parsers and Generated Fields
Tag Fields Created by Parser dell-isilon
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser dell-isilon
| Source Field | CPS Field | Description | Mapping |
|---|---|---|---|
| @rawstring | @timestamp | Event timestamp | Parsed from syslog timestamp using parseTimestamp() |
| client.ip | client.address | Client address | Copied from client.ip |
| Vendor.clientIPAddr | client.ip | Client IP address | Copied from Vendor.clientIPAddr |
| None | ecs.version | ECS schema version | Static value: 9.1.0 |
| Vendor.operation | event.action | File system operation performed | Copied from Vendor.operation (converted to lowercase) |
| None | event.category[] | Event category classification | Array populated with static value "file" |
| None | event.kind | Event kind classification | Static value: event |
| None | event.module | Module name | Static value: isilon |
| Vendor.ntStatus | event.outcome | Operation result status | Mapped based on Vendor.ntStatus conditions |
| None | event.type[] | Event type classification | Array populated with static value "info" |
| Vendor.inode | file.inode | File inode number | Copied from Vendor.inode |
| Vendor.filename | file.path | File path | Copied from Vendor.filename |
| Vendor.syslog.app | log.syslog.appname | Syslog application name | Copied from Vendor.syslog.app |
| Vendor.syslog.host | log.syslog.hostname | Syslog hostname | Copied from Vendor.syslog.host |
| Vendor.syslog.priority | log.syslog.priority | Syslog priority value | Copied from Vendor.syslog.priority |
| Vendor.syslog.pid | log.syslog.procid | Syslog process ID | Copied from Vendor.syslog.pid |
| Vendor.protocol | network.protocol | Network protocol used | Copied from Vendor.protocol (converted to lowercase) |
| Vendor.userSID | user.id | User security identifier | Copied from Vendor.userSID |
| Vendor.username | user.name | Username | Copied from Vendor.username |