Parsers and Generated Fields
Tag Fields Created by Parser paloalto-prisma-sdwan
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser paloalto-prisma-sdwan
| Vendor Field | CPS Field | Description |
|---|---|---|
| Vendor.CLOUDGENIX_HOST | destination.address | |
| Vendor.REMOTE_HOSTNAME | destination.address | |
| observer.name | destination.address | |
| Vendor.BYTES_SENT | destination.bytes | |
| Vendor.bytes_recvd | destination.bytes | |
| Vendor.DST_IP | destination.ip | |
| Vendor.REMOTE_IP | destination.ip | |
| Vendor.dst_ip | destination.ip | |
| Vendor.PKTS_SENT | destination.packets | |
| Vendor.DST_PORT | destination.port | |
| Vendor.dst_port | destination.port | |
| Vendor.MSG | event.action | |
| Vendor.DEVICE_TIME | event.created | |
| Vendor.IDENTIFIER | event.id | |
| Vendor.REASON | event.reason | |
| Vendor.SEVERITY | event.severity | |
| Vendor.Severity | event.severity | |
| Vendor.CLOUDGENIX_HOST | host.name | |
| Vendor.FACILITY | log.syslog.facility.name | |
| Vendor.SEVERITY | log.syslog.severity.name | |
| source.bytes | network.bytes | |
| source.packets | network.packets | |
| Vendor.PROTOCOL_NAME | network.protocol | |
| Vendor.protocol_name | network.transport | |
| Vendor.CLOUDGENIX_HOST; | observer.hostname | |
| Vendor.ION_HOS; | observer.hostname | |
| Vendor.DeviceName | observer.name | |
| server.address | observer.name | |
| Vendor.PROCESS_NAME | process.name | |
| Vendor.app_name; | process.name | |
| Vendor.ProcessID | process.pid | |
| Vendor.ION_HOST | server.address | |
| observer.name | server.address | |
| Vendor.NAME | source.address | |
| Vendor.BYTES_RECVD | source.bytes | |
| Vendor.bytes_sent | source.bytes | |
| Vendor.SRC_IP | source.ip | |
| Vendor.src_ip | source.ip | |
| Vendor.PKTS_RECVD | source.packets | |
| Vendor.pkts_sent | source.packets | |
| Vendor.SRC_PORT | source.port | |
| Vendor.src_port | source.port | |
| Vendor.USER | user.name | |
| Vendor.user | user.name |