Parsers and Generated Fields | Integrations | LogScale Documentation

Skip to content

LogScale Documentation Full Library Knowledge Base Release Notes Integrations Query Examples Training API GraphQL API Contacting Support

Parsers and Generated Fields

Tag Fields Created by Parser juniper-srx

#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type

Fields Identified by Parser juniper-srx

Vendor Field	CPS Field	Description
`event.category[]`	Array	log.syslog.appname, log.syslog.msgid
`event.type[]`	Array	log.syslog.msgid, Vendor.action
`user.roles[]`	Array	Vendor.class-name
`network.bytes`	Calculated	source.bytes, destination.bytes
`network.packets`	Calculated	client.packets, server.packets
`event.dataset`	Conditional	log.syslog.appname
`event.outcome`	Conditional	log.syslog.priority, event context
`client.bytes`	Copied	source.bytes
`client.ip`	Copied	source.ip
`client.nat.ip`	Copied	source.nat.ip
`client.nat.port`	Copied	source.nat.port
`client.packets`	Copied	source.packets
`client.port`	Copied	source.port
`destination.address`	Copied	Vendor.destination-address, Vendor.dst-addr, Vendor.remote-address
`destination.bytes`	Copied	Vendor.bytes-from-server, Vendor.inbound-bytes
`destination.nat.ip`	Copied	Vendor.nat-destination-address, Vendor.nat-remote-address
`destination.nat.port`	Copied	Vendor.nat-destination-port
`destination.packets`	Copied	Vendor.packets-from-server, Vendor.inbound-packets
`destination.port`	Copied	Vendor.destination-port, Vendor.dst-port
`event.reason`	Copied	Vendor.reason
`event.risk_score`	Copied	Vendor.application-risk, Vendor.urlcategory-risk
`file.hash.sha256`	Copied	Vendor.sample-sha256
`file.name`	Copied	Vendor.filename, Vendor.file-name
`network.iana_number`	Copied	Vendor.protocol-id
`network.protocol`	Copied	Vendor.protocol
`observer.egress.interface.name`	Copied	Vendor.destination-interface-name
`observer.egress.zone`	Copied	Vendor.destination-zone-name
`observer.ingress.interface.name`	Copied	Vendor.source-interface-name, Vendor.packet-incoming-interface, Vendor.interface-name
`observer.ingress.zone`	Copied	Vendor.source-zone-name
`process.pid`	Copied	Vendor.pid
`rule.name`	Copied	Vendor.policy-name, Vendor.rule-name, Vendor.rulebase-name
`server.bytes`	Copied	destination.bytes
`server.ip`	Copied	destination.ip
`server.nat.ip`	Copied	destination.nat.ip
`server.nat.port`	Copied	destination.nat.port
`server.packets`	Copied	destination.packets
`server.port`	Copied	destination.port
`service.type`	Copied	Vendor.client-mode
`source.address`	Copied	Vendor.source-address, Vendor.src-addr, Vendor.src-ip-str, Vendor.local-address
`source.bytes`	Copied	Vendor.bytes-from-client, Vendor.outbound-bytes
`source.domain`	Copied	Vendor.hostname
`source.nat.ip`	Copied	Vendor.nat-source-address, Vendor.nat-local-address
`source.nat.port`	Copied	Vendor.nat-source-port
`source.packets`	Copied	Vendor.packets-from-client, Vendor.outbound-packets, Vendor.packets-num
`source.port`	Copied	Vendor.source-port, Vendor.src-port
`source.user.name`	Copied	Vendor.username
`url.domain`	Copied	Vendor.url, Vendor.http-host
`url.path`	Copied	Vendor.obj
`user.name`	Copied	source.user.name, Vendor.username
`log.level`	Derived	log.syslog.priority
`network.transport`	Derived	network.iana_number, Vendor.protocol-name, Vendor.packet-protocol
`event.action`	Extracted	Vendor.action, log.syslog.msgid
`host.name`	Extracted	@rawstring
`log.syslog.appname`	Extracted	@rawstring
`log.syslog.hostname`	Extracted	@rawstring
`log.syslog.msgid`	Extracted	@rawstring
`log.syslog.priority`	Extracted	@rawstring
`log.syslog.procid`	Extracted	@rawstring
`log.syslog.structured_data`	Extracted	@rawstring
`log.syslog.version`	Extracted	@rawstring
`process.command_line`	Extracted	message
`event.severity`	Mapped	Vendor.threat-severity
`@timestamp`	Parsed	@timestamp
`ecs.version`	Static	None
`event.kind`	Static	None
`event.module`	Static	None
`observer.product`	Static	None
`observer.type`	Static	None
`destination.ip`	Validated	destination.address
`source.ip`	Validated	source.address
source.bytes	client.bytes
source.ip	client.ip
source.nat.ip	client.nat.ip
source.nat.port	client.nat.port
source.packets	client.packets
source.port	client.port
Vendor.action	event.action
Vendor.reason	event.reason
Vendor.filename	file.name
source.bytes	network.bytes
client.packets	network.packets
Vendor.protocol	network.protocol
Vendor.pid	process.pid
destination.bytes	server.bytes
destination.ip	server.ip
destination.nat.ip	server.nat.ip
destination.nat.port	server.nat.port
destination.packets	server.packets
destination.port	server.port
Vendor.username	source.user.name
Vendor.obj	url.path
Vendor.username	user.name

Enter search term