Parsers and Generated Fields
Tag Fields Created by Parser haproxy
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser haproxy
| Vendor Field | CPS Field | Description |
|---|---|---|
| `event.category[]` | Array | None |
| `event.type[]` | Array | Vendor.status_code, Vendor.bind_name |
| `event.dataset` | Conditionally | Vendor.bind_name, Vendor.status_code, Vendor.client_ip |
| `event.outcome` | Conditionally | Vendor.status_code, Vendor.bind_name |
| `client.address` | Copied | Vendor.client_ip (indirect) |
| `client.ip` | Copied | Vendor.client_ip (indirect) |
| `client.port` | Copied | Vendor.client_port (indirect) |
| `destination.bytes` | Copied | Vendor.BytesRead |
| `error.message` | Copied | Vendor.message |
| `host.name` | Copied | log.syslog.hostname |
| `http.request.method` | Copied | Vendor.method |
| `http.response.bytes` | Copied | Vendor.bytes_read |
| `http.response.status_code` | Copied | Vendor.status_code |
| `observer.name` | Copied | log.syslog.hostname |
| `process.name` | Copied | log.syslog.appname |
| `process.pid` | Copied | log.syslog.procid |
| `server.bytes` | Copied | Vendor.BytesRead (indirect) |
| `service.name` | Copied | Vendor.frontend |
| `source.address` | Copied | Vendor.client_ip |
| `source.ip` | Copied | Vendor.client_ip (indirect) |
| `source.port` | Copied | Vendor.client_port |
| `error.code` | Extracted | Vendor.message |
| `http.version` | Extracted | Vendor.protocol |
| `log.syslog.appname` | Extracted | None |
| `log.syslog.hostname` | Extracted | None |
| `log.syslog.priority` | Extracted | None |
| `log.syslog.procid` | Extracted | None |
| `message` | Extracted | None |
| `network.protocol` | Extracted | Vendor.protocol |
| `tls.version_protocol` | Extracted | Vendor.ssl_version |
| `tls.version` | Extracted | Vendor.ssl_version |
| `@timestamp` | Parsed | None |
| `url.domain` | Parsed | Vendor.path |
| `url.path` | Parsed | Vendor.path |
| `url.query` | Parsed | Vendor.path |
| `tls.established` | Set | Vendor.tls |
| `ecs.version` | Static | None |
| `event.kind` | Static | None |
| `event.module` | Static | None |
| Vendor.http.actconn | Vendor.actconn | |
| Vendor.http.backend_queue | Vendor.backend_queue | |
| Vendor.http.beconn | Vendor.beconn | |
| Vendor.http.bytes_read | Vendor.bytes_read | |
| Vendor.http.feconn | Vendor.feconn | |
| Vendor.http.retries | Vendor.retries | |
| Vendor.http.src_conn | Vendor.src_conn | |
| Vendor.http.srv_queue | Vendor.srv_queue | |
| Vendor.http.termination_state | Vendor.termination_state | |
| source.address | client.address | |
| source.port | client.port | |
| Vendor.BytesRead | destination.bytes | |
| log.syslog.hostname | host.name | |
| Vendor.method | http.request.method | |
| Vendor.bytes_read | http.response.bytes | |
| Vendor.status_code | http.response.status_code | |
| log.syslog.hostname | observer.name | |
| log.syslog.appname | process.name | |
| log.syslog.procid | process.pid | |
| destination.bytes | server.bytes | |
| Vendor.frontend | service.name | |
| Vendor.client_port | source.port | |
| url.host | url.domain |