Parsers and Generated Fields
Tag Fields Created by Parser microsoft-windows-dhcp-client
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser microsoft-windows-dhcp-client
| Vendor Field | CPS Field | Description |
|---|---|---|
| N/A | event.category[0] | Static assignment to "network" |
| N/A | event.category[1] | Static assignment to "configuration" |
| Vendor.EventRecordId | event.id | Maps event record ID to standard event ID field |
| N/A | event.kind | Static assignment to "event" |
| N/A | event.type[0] | Static assignment to "info" |
| N/A | network.protocol | Static assignment to "dhcp" |
| Vendor.ProviderName | network.type | Sets to "ipv6" if provider name contains "-Dhcpv6-" |
| Vendor.ProcessID | process.pid | Maps process ID to standard process ID field |
| Vendor.UserID | user.id | Maps user ID to standard user ID field |
Tag Fields Created by Parser windows-dhcp-client
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser windows-dhcp-client
| Vendor Field | CPS Field | Description |
|---|---|---|
| Vendor.EventRecordId | event.id | |
| Vendor.ProcessID | process.pid | |
| Vendor.UserID | user.id |