Parsers and Generated Fields

Tag Fields Created by Parser f5networks-bigip

  • #Cps.version

  • #Vendor

  • #ecs.version

  • #event.dataset

  • #event.kind

  • #event.module

  • #event.outcome

  • #observer.type

Fields Identified by Parser f5networks-bigip
Vendor FieldCPS FieldDescription
Vendor.ip_clientclient.address  
client.addressclient.ip 
destination.addressclient.ip 
server.addressclient.ip 
source.addressclient.ip 
Vendor.dest_ipdestination.address  
Vendor.dest_portdestination.port  
Vendor.device_iddevice.id  
Vendor.hosthost.ip[0]  
Vendor.reqhttp.request.body.content  
Vendor.methodhttp.request.method  
Vendor.http_classhttp.request.referrer  
Vendor.resphttp.response.body.content  
Vendor.resp_codehttp.response.status_code  
log.syslog.severity.namelog.level 
Vendor.severitylog.level  
log.syslog.prioritylog.syslog.facility.code 
Vendor.bytes_innetwork.bytes 
Vendor.x_fwd_hdr_valnetwork.forwarded_ip  
Vendor.manage_ip_addrobserver.ip[0]  
Vendor.violationsrule.name  
Vendor.enforced_byrule.ruleset  
Vendor.src_ipsource.address  
Vendor.geo_infosource.geo.country_iso_code  
Vendor.src_portsource.port  
Vendor.threat_campaign_namesthreat.group.alias  
Vendor.attack_typethreat.technique.name  
Vendor.sig_idsthreat.technique.subtechnique.id  
Vendor.sig_namesthreat.technique.subtechnique.name  
Vendor.usernameuser.name