Parsers and Generated Fields

Tag Fields Created by Parser purestorage-flasharray

  • #Cps.version

  • #Vendor

  • #ecs.version

  • #event.dataset

  • #event.kind

  • #event.module

  • #event.outcome

  • #observer.type

Fields Identified by Parser purestorage-flasharray
Source FieldCPS FieldDescriptionMapping
Vendor.syslog.timestamp@timestampEvent timestampParsed from syslog timestamp using MMM [ ]d HH:mm:ss format
Noneecs.versionECS schema versionStatic value: 9.3.0
Vendor.Codeerror.codeError codeCopied from Vendor.Code
Vendor.ErrorMessageerror.messageError message contentCopied from Vendor.ErrorMessage
Vendor.Actionevent.actionAction performedCopied from Vendor.Action
log.loggerevent.category[]Event category classificationArray populated based on log.logger conditions
Vendor.UTCTimeevent.createdEvent creation timestampCopied from Vendor.UTCTime
Vendor.MessageIDevent.idUnique event identifierCopied from Vendor.MessageID
Noneevent.kindEvent classificationStatic value: event
Noneevent.moduleModule identifierStatic value: flasharray
Vendor.ErrorMessage, Vendor.AlertIDevent.reasonEvent reasonCoalesced from error.message or Vendor.AlertID
Vendor.SeverityTextevent.severityEvent severity levelMapped from Vendor.SeverityText using severity levels
event.actionevent.type[]Event type classificationArray populated based on event.action conditions
log.syslog.hostnamehost.hostnameHost identifierLowercase conversion of log.syslog.hostname
@rawstringlog.loggerLogger nameExtracted from syslog message using regex
@rawstringlog.syslog.hostnameSyslog hostnameExtracted from syslog message using regex
@rawstringlog.syslog.prioritySyslog priorityExtracted from syslog message using regex
@rawstringlog.syslog.procidProcess IDExtracted from syslog message using regex
Vendor.Host, Vendor.ArrayNameobserver.hostnameObserver hostnameCoalesced from Vendor.Host or Vendor.ArrayName
Vendor.Useruser.nameUsernameCopied from Vendor.User