Parsers and Generated Fields
Tag Fields Created by Parser infoblox-nios
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser infoblox-nios
| Vendor Field | CPS Field | Description |
|---|---|---|
| Vendor.audit.apparently_via | - | Audit log via field |
| Vendor.audit.auth | - | Authentication type |
| Vendor.audit.group | - | User group |
| Vendor.audit.ip | - | Source IP for audit events |
| Vendor.audit.message | - | Audit message details |
| Vendor.audit.object.name | - | Object name in audit events |
| Vendor.audit.to | - | Target of audit action |
| Vendor.dhcp.client_hostname | - | DHCP client hostname |
| Vendor.dhcp.decline.message | - | DHCP decline message |
| Vendor.dhcp.discover.message | - | DHCP discover message |
| Vendor.dhcp.duid | - | DHCP unique identifier |
| Vendor.dhcp.inform.message | - | DHCP inform message |
| Vendor.dhcp.interface.ip | - | DHCP interface IP |
| Vendor.dhcp.interface.name | - | DHCP interface name |
| Vendor.dhcp.lease.duration | - | DHCP lease duration |
| Vendor.dhcp.lease.message | - | DHCP lease message |
| Vendor.dhcp.message | - | General DHCP message |
| Vendor.dhcp.network | - | DHCP network |
| Vendor.dhcp.offered.duration | - | DHCP offered duration |
| Vendor.dhcp.relay.interface.ip | - | DHCP relay interface IP |
| Vendor.dhcp.relay.interface.name | - | DHCP relay interface name |
| Vendor.dhcp.release.info | - | DHCP release information |
| Vendor.dhcp.router.ip | - | DHCP router IP |
| Vendor.dhcp.trans_id | - | DHCP transaction ID |
| Vendor.dhcp.uid | - | DHCP unique ID |
| Vendor.dns.after_query | - | DNS query after rewrite |
| Vendor.dns.answers_policy | - | DNS response policy |
| Vendor.dns.category | - | DNS message category |
| Vendor.dns.header_flags | - | DNS header flags |
| Vendor.dns.message | - | DNS message details |
| Vendor.dns.version | - | DNS server version |
| Vendor.dns.view_name | - | DNS view name |
| client.domain | - | Client domain name |
| client.ip | - | Client IP address |
| client.mac | - | Client MAC address |
| client.port | - | Client port number |
| dns.answers[].class | - | DNS answer class |
| dns.answers[].data | - | DNS answer data |
| dns.answers[].name | - | DNS answer name |
| dns.answers[].ttl | - | DNS answer TTL |
| dns.answers[].type | - | DNS answer type |
| dns.question.class | - | DNS question class |
| dns.question.name | - | DNS question name |
| dns.question.response_code | - | DNS response code |
| dns.question.type | - | DNS question type |
| dns.resolved_ip[] | - | Array of resolved IP addresses |
| interface.name | - | Network interface name |
| network.transport | - | Transport protocol |
| process.id | - | Process ID |
| server.ip | - | Server IP address |
| user.name | - | Username from audit logs |
| host.domain | host.ip[] | When host.domain is an IP address |