Parsers and Generated Fields | Integrations | LogScale Documentation

Skip to content

LogScale Documentation Full Library Knowledge Base Release Notes Integrations Training API GraphQL API Contacting Support

Parsers and Generated Fields

Tag Fields Created by Parser paloalto-ngfw

#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type

Fields Identified by Parser paloalto-ngfw

Source Field	CPS Field
Vendor.FUTUREUSE2	Vendor.ConfigVersion
Vendor.BytesReceived	destination.bytes
Vendor.DestinationAddress	destination.ip
Vendor.DestinationDeviceMac	destination.mac
Vendor.NATDestination	destination.nat.ip
Vendor.NATDestinationPort	destination.nat.port
Vendor.PacketsReceived	destination.packets
Vendor.DestinationPort	destination.port
Vendor.DestinationPort;	destination.port
Vendor.Recipient	destination.user.email
Vendor.DestinationUser;	destination.user.name
Vendor.Description	event.action
Vendor.ReceiveTime	event.created
Vendor.ElapsedTime	event.duration
Vendor.SessionDuration	event.duration
Vendor.Status	event.outcome
Vendor.Reason	event.reason
Vendor.StartTime	event.start
Vendor.FileType	file.type
Vendor.HostID	host.id
Vendor.DeviceMacAddress	host.mac[0]
Vendor.MachineName	host.name
Vendor.SourceDeviceOS	host.os.family
Vendor.OperatingSystem;	host.os.full
Vendor.SourceDeviceOSVersion	host.os.full
Vendor.HTTPMethod	http.request.method
Vendor.Severity	log.level
Vendor.Application	network.application
Vendor.Bytes	network.bytes
Vendor.XForwardedFor	network.forwarded_ip
Vendor.Packets	network.packets
Vendor.IpProtocol	network.transport
Vendor.Protocol	network.transport
Vendor.TunnelInspectionRule	rule.name
Vendor.RuleUUID	rule.uuid
Vendor.BytesSent	source.bytes
Vendor.IPV6PrivateAddress;	source.ip
Vendor.IPv6SystemAddress;	source.ip
Vendor.PrivateAddress;	source.ip
Vendor.SourceAddress	source.ip
Vendor.SourceAddress;	source.ip
Vendor.SourceDeviceMac	source.mac
Vendor.IPV6PublicAddress;	source.nat.ip
Vendor.NATSource	source.nat.ip
Vendor.PublicAddress;	source.nat.ip
Vendor.NATSourcePort	source.nat.port
Vendor.PacketsSent	source.packets
Vendor.SourcePort	source.port
Vendor.Sender	source.user.email
Vendor.NormalizeUser;	source.user.name
Vendor.SourceUser;	source.user.name
Vendor.User	source.user.name
Vendor.UserBySource	source.user.name
Vendor.EncryptionAlgorithm	tls.cipher
Vendor.CertificateEndDate	tls.client.not_after
Vendor.CertificateStartDate	tls.client.not_before
Vendor.ServerNameIndication	tls.client.server_name
Vendor.IssuerCommonName;	tls.client.x509.issuer.common_name
Vendor.CertificateSize	tls.client.x509.public_key_size
Vendor.ChainStatus	tls.client.x509.serial_number
Vendor.SubjectCommonName;	tls.client.x509.subject.common_name
Vendor.CertificateVersion	tls.client.x509.version_number
Vendor.EllipticCurve	tls.curve

Enter search term