Parsers and Generated Fields | Integrations | LogScale Documentation

Skip to content

LogScale Documentation Full Library Knowledge Base Release Notes Integrations Query Examples Training API GraphQL API Contacting Support

Reading time: 1 minutes

Parsers and Generated Fields

Tag Fields Created by Parser fortinet-fortigate

#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type

Fields Identified by Parser fortinet-fortigate

Vendor Field	CPS Field	Description
Vendor.eventtime	@timestamp	Primary timestamp field
source.ip	client.ip
source.port	client.port
Vendor.daddr	destination.address
Vendor.dst_host	destination.address
Vendor.rcvdbyte	destination.bytes
Vendor.dstcity	destination.geo.city_name
Vendor.dstcountry	destination.geo.country_name
Vendor.dstregion	destination.geo.region_name
Vendor.dstip	destination.ip	Destination IP address
Vendor.dstip	destination.ip
Vendor.tranip	destination.nat.ip
Vendor.tranport	destination.nat.port
Vendor.rcvdpkt	destination.packets
Vendor.dstport	destination.port	Destination port
Vendor.dst_port	destination.port
Vendor.dstport	destination.port
Vendor.remport	destination.port
Vendor.dstuser	destination.user.name
Vendor.xid	dns.id
Vendor.qclass	dns.question.class
Vendor.qname	dns.question.name
Vendor.qtype	dns.question.type
Vendor.subject	email.subject
Vendor.error_num	error.code	Error code
Vendor.error_num	error.code
Vendor.error	error.message	Error message
Vendor.error	error.message
Vendor.action	event.action	For traffic and event types
Vendor.eventtype	event.action	For UTM type events
Vendor.action	event.action
Vendor.eventtype	event.action
Vendor.sess_duration	event.duration	Session duration
Vendor.sess_duration	event.duration
Vendor.event_id	event.id
Vendor.eventid	event.id
Vendor.reason	event.reason	Event reason
Vendor.ref	event.reference	Event reference
Vendor.ref	event.reference
Vendor.severity	event.severity	Maps severity levels to numeric values (critical=90, high=70, medium=50, low=30, info=10)
Vendor.filetype	file.extension
Vendor.infectedfiletype	file.extension
Vendor.matchedfiletype	file.extension
Vendor.filename	file.name
Vendor.infectedfilename	file.name
Vendor.matchedfilename	file.name
Vendor.file	file.path
Vendor.filesize	file.size
Vendor.infectedfilesize	file.size
Vendor.srcname	host.name
Vendor.crlevel	host.risk.calculated_level
Vendor.crscore	host.risk.calculated_score
Vendor.httpmethod	http.request.method	HTTP method for UTM events
Vendor.method	http.request.method	For REST API events
Vendor.status	http.response.status_code	For REST API events
Vendor.status;	http.response.status_code
Vendor.level	log.level
source.bytes	network.bytes
Vendor.proto	network.iana_number
source.packets	network.packets
Vendor.dst_int	observer.egress.interface.name
Vendor.dstintf	observer.egress.interface.name
Vendor.dstintfrole	observer.egress.zone	Destination interface role
Vendor.dstintfrole	observer.egress.zone
Vendor.src_int	observer.ingress.interface.name
Vendor.srcintf	observer.ingress.interface.name
Vendor.srcintfrole	observer.ingress.zone	Source interface role
Vendor.srcintfrole	observer.ingress.zone
Vendor.devname	observer.name	Device name
Vendor.devname	observer.name
Vendor.device_id	observer.serial_number	Alternative device ID
Vendor.devid	observer.serial_number	Device ID
Vendor.devid	observer.serial_number
Vendor.app	process.name
Vendor.catdesc	rule.category
Vendor.msg;	rule.description
Vendor.comment	rule.description
Vendor.logdesc	rule.description
Vendor.policyid	rule.id
Vendor.policyid	rule.id
Vendor.policyname	rule.name
Vendor.applist	rule.ruleset
Vendor.policytype	rule.ruleset
Vendor.profile	rule.ruleset
Vendor.poluuid	rule.uuid
destination.ip	server.ip
destination.port	server.port
Vendor.sentbyte	source.bytes
Vendor.srccountry	source.geo.country_name	Source country (if not "Reserved")
Vendor.srccountry;	source.geo.country_name
Vendor.remip	source.ip	Alternative source IP field
Vendor.srcip	source.ip	Source IP address
Vendor.locip	source.ip
Vendor.remip	source.ip
Vendor.srcip	source.ip
Vendor.transip	source.nat.ip
Vendor.transport	source.nat.port
Vendor.sentpkt	source.packets
Vendor.srcport	source.port	Source port
Vendor.locport	source.port
Vendor.src_port	source.port
Vendor.srcport	source.port
Vendor.group	source.user.group.name
Vendor.unauthuser	source.user.name
Vendor.user	source.user.name
Vendor.ccertissuer	tls.client.issuer
tls.client.issuer	tls.client.x509.issuer.common_name[0]
Vendor.scertissuer	tls.server.issuer
tls.server.issuer	tls.server.x509.issuer.common_name[0]
Vendor.scertcname	tls.server.x509.subject.common_name[0]
Vendor.hostname	url.domain	URL domain name
Vendor.url	url.original	Original URL
Vendor.url	url.original
top_ld	url.top_level_domain
source.user.name	user.name
Vendor.agent	user_agent.original
Vendor.dtype	vulnerability.category[0]

Enter search term