Parsers and Generated Fields | Integrations | LogScale Documentation

Skip to content

LogScale Documentation Full Library Knowledge Base Release Notes Integrations Query Examples Training API GraphQL API Search Archives Contacting Support

Parsers and Generated Fields

Tag Fields Created by Parser microsoft-windows-dhcp-client

#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type

Fields Identified by Parser microsoft-windows-dhcp-client

Source Field	CPS Field	Description	Mapping
None	@timestamp	Event timestamp	Inherited from log ingestion
Vendor.EventData.IP_Name, Vendor.EventData.FQDNName (indirect)	client.address	Client address identifier	Copied from source.address
Vendor.EventData.FQDNName (indirect)	client.domain	Client domain name	Copied from source.domain
Vendor.EventData.IP_Name (indirect)	client.ip	Client IP address	Copied from source.ip
None	ecs.version	ECS schema version	Static value: "9.2.0"
Vendor.EventData.ErrorType	error.code	Error type code	Copied from Vendor.EventData.ErrorType
Vendor.EventData.operation	error.message	Error operation message	Copied from Vendor.EventData.operation
None	event.category[]	Event categories	Array populated with ["network","configuration"]
Vendor.EventID	event.code	Windows event ID	Copied from Vendor.EventID
Vendor.TimeCreated	event.created	Event creation timestamp	Copied from Vendor.TimeCreated
None	event.dataset	Dataset identifier	Static value: "windows.dhcp-client"
Vendor.EventRecordId	event.id	Unique event identifier	Copied from Vendor.EventRecordId
None	event.kind	Event categorization	Static value: "event"
None	event.module	Source module identifier	Static value: "windows"
Vendor.ProviderName	event.provider	Event provider name	Copied from Vendor.ProviderName
Vendor.Level	event.severity	Event severity level (0-95 scale)	Mapped from Vendor.Level using severity scale
None	event.type[]	Event type classification	Array populated with ["info"]
Vendor.Computer	host.hostname	Normalized hostname	Lowercase transformation of Vendor.Computer
Vendor.Computer	host.name	Host computer name	Copied from Vendor.Computer
None	network.protocol	Network protocol used	Static value: "dhcp"
Vendor.ProviderName	network.type	Network type (ipv4/ipv6)	Conditional based on Vendor.ProviderName pattern matching
Vendor.ProcessID	process.pid	Process identifier	Copied from Vendor.ProcessID
Vendor.ThreadID	process.thread.id	Process thread identifier	Copied from Vendor.ThreadID
Vendor.EventData.IP_Name, Vendor.EventData.FQDNName	source.address	Source address identifier	Coalesced from source.ip or source.domain
Vendor.EventData.FQDNName	source.domain	Source domain name	Lowercase transformation of Vendor.EventData.FQDNName
Vendor.EventData.IP_Name	source.ip	Source IP address	Copied from Vendor.EventData.IP_Name with validation
Vendor.UserID	user.id	User identifier	Copied from Vendor.UserID

Enter search term