Parsers and Generated Fields | Integrations | LogScale Documentation

Skip to content

LogScale Documentation Full Library Knowledge Base Release Notes Integrations Training API GraphQL API Contacting Support

Parsers and Generated Fields

Tag Fields Created by Parser fortinet-fortigate

#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type

Fields Identified by Parser fortinet-fortigate

Source Field	CPS Field
Vendor.rcvdbyte	destination.bytes
Vendor.dstcity	destination.geo.city_name
Vendor.dstcountry;	destination.geo.country_name
Vendor.dstregion	destination.geo.region_name
Vendor.dstip	destination.ip
Vendor.remip;	destination.ip
Vendor.tranip	destination.nat.ip
Vendor.tranport	destination.nat.port
Vendor.rcvdpkt	destination.packets
Vendor.dst_port	destination.port
Vendor.dstport	destination.port
Vendor.dstport;	destination.port
Vendor.remport;	destination.port
Vendor.dstuser	destination.user.name
Vendor.xid	dns.id
Vendor.qclass	dns.question.class
Vendor.qname	dns.question.name
Vendor.qtype	dns.question.type
Vendor.subject	email.subject
Vendor.error_num	error.code
Vendor.action;	event.action
Vendor.eventtype;	event.action
Vendor.sess_duration	event.duration
Vendor.event_id;	event.id
Vendor.eventid;	event.id
Vendor.error	event.message
Vendor.ref	event.reference
Vendor.extension	file.extension
Vendor.infectedfiletype;	file.extension
Vendor.matchedfiletype;	file.extension
Vendor.filename	file.name
Vendor.infectedfilename;	file.name
Vendor.matchedfilename;	file.name
Vendor.file	file.path
Vendor.filesize	file.size
Vendor.infectedfilesize;	file.size
Vendor.filetype	file.type
Vendor.srcname	host.name
Vendor.level	log.level
Vendor.app	network.application
source.bytes	network.bytes
Vendor.proto	network.iana_number
source.packets	network.packets
Vendor.dst_int;	observer.egress.interface.name
Vendor.dstintf;	observer.egress.interface.name
Vendor.dstintfrole	observer.egress.zone
Vendor.src_int;	observer.ingress.interface.name
Vendor.srcintf;	observer.ingress.interface.name
Vendor.srcintfrole	observer.ingress.zone
Vendor.devname	observer.name
event.module	observer.product
Vendor.devid	observer.serial_number
Vendor.app	process.name
Vendor.crlevel	risk.calculated_level
Vendor.crscore	risk.calculated_score
Vendor.appcat	rule.category
Vendor.catdesc;	rule.category
Vendor.comment;	rule.description
Vendor.logdesc;	rule.description
Vendor.msg;	rule.description
Vendor.policyid	rule.id
Vendor.policyid;	rule.id
Vendor.policyname	rule.name
Vendor.applist	rule.ruleset
Vendor.policytype;	rule.ruleset
Vendor.profile;	rule.ruleset
Vendor.poluuid	rule.uuid
Vendor.sentbyte	source.bytes
source.ip	source.geo
Vendor.locip;	source.ip
Vendor.srcip	source.ip
Vendor.transip	source.nat.ip
Vendor.transport	source.nat.port
Vendor.sentpkt	source.packets
Vendor.locport	source.port
Vendor.locport;	source.port
Vendor.src_port;	source.port
Vendor.srcport	source.port
Vendor.srcport;	source.port
Vendor.group	source.user.group.name
Vendor.unauthuser;	source.user.name
Vendor.user;	source.user.name
Vendor.ccertissuer	tls.client.issuer
tls.client.issuer	tls.client.x509.issuer.common_name[0]
Vendor.scertissuer	tls.server.issuer
tls.server.issuer	tls.server.x509.issuer.common_name[0]
Vendor.scertcname	tls.server.x509.subject.common_name[0]
Vendor.url	url.path
source.user.name	user.name
Vendor.agent	user_agent.original
Vendor.dtype	vulnerability.category

Enter search term