Parsers and Generated Fields

Tag Fields Created by Parser microsoft-windows-dhcp-client

  • #Cps.version

  • #Vendor

  • #ecs.version

  • #event.dataset

  • #event.kind

  • #event.module

  • #event.outcome

  • #observer.type

Fields Identified by Parser microsoft-windows-dhcp-client
Vendor FieldCPS FieldDescription
`event.category[]`ArrayNone
`event.type[]`ArrayNone
`source.address`CoalescedVendor.EventData.IP_Name, Vendor.EventData.FQDNName
`network.type`ConditionalVendor.ProviderName
`client.address`CopiedVendor.EventData.IP_Name, Vendor.EventData.FQDNName (indirect)
`client.domain`CopiedVendor.EventData.FQDNName (indirect)
`client.ip`CopiedVendor.EventData.IP_Name (indirect)
`error.code`CopiedVendor.EventData.ErrorType
`error.message`CopiedVendor.EventData.operation
`event.code`CopiedVendor.EventID
`event.created`CopiedVendor.TimeCreated
`event.id`CopiedVendor.EventRecordId
`event.provider`CopiedVendor.ProviderName
`host.name`CopiedVendor.Computer
`process.pid`CopiedVendor.ProcessID
`process.thread.id`CopiedVendor.ThreadID
`source.ip`CopiedVendor.EventData.IP_Name
`user.id`CopiedVendor.UserID
`@timestamp`InheritedNone
`host.hostname`LowercaseVendor.Computer
`source.domain`LowercaseVendor.EventData.FQDNName
`event.severity`MappedVendor.Level
`ecs.version`StaticNone
`event.dataset`StaticNone
`event.kind`StaticNone
`event.module`StaticNone
`network.protocol`StaticNone
source.addressclient.address 
source.domainclient.domain 
source.ipclient.ip 
Vendor.EventData.ErrorTypeerror.code 
Vendor.EventData.operationerror.message 
Vendor.EventIDevent.code 
Vendor.TimeCreatedevent.created 
Vendor.EventRecordIdevent.id 
Vendor.ProviderNameevent.provider 
Vendor.Computerhost.name 
Vendor.ProcessIDprocess.pid 
Vendor.ThreadIDprocess.thread.id 
Vendor.EventData.IP_Namesource.ip 
Vendor.UserIDuser.id