Parsers and Generated Fields
Tag Fields Created by Parser microsoft-windows-dhcp-server
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser microsoft-windows-dhcp-server
| Vendor Field | CPS Field | Description |
|---|---|---|
| `event.category[]` | Array | Vendor.ID |
| `event.type[]` | Array | Vendor.ID |
| `event.outcome` | Conditional | Vendor.ID, Vendor.Description |
| `client.address` | Copied | source.address |
| `client.ip` | Copied | source.ip |
| `client.mac` | Copied | source.mac |
| `error.code` | Copied | Vendor.Error_Code, Vendor.DnsRegError |
| `event.id` | Copied | Vendor.ID |
| `source.address` | Copied | source.ip, source.domain |
| `source.domain` | Copied | Vendor.Host_Name |
| `source.ip` | Copied | Vendor.IP_Address, Vendor.IPv6_Address |
| `source.mac` | Copied | Vendor.Mac_Address |
| `user.name` | Copied | Vendor.User_Name, Vendor.UserClass_Ascii |
| `@timestamp` | Parsed | Vendor.Date, Vendor.Time |
| `ecs.version` | Static | None |
| `event.action` | Static | Vendor.ID |
| `event.dataset` | Static | None |
| `event.kind` | Static | None |
| `event.module` | Static | None |
| `event.reason` | Static | Vendor.ID |
| `network.protocol` | Static | network.type |
| `network.transport` | Static | None |
| `network.type` | Static | None |
| source.address | client.address | |
| source.ip | client.ip | |
| source.mac | client.mac | |
| Vendor.DnsRegError | error.code | |
| Vendor.Error_Code | error.code | |
| Vendor.ID | event.id |