Parsers and Generated Fields | Integrations | LogScale Documentation

Skip to content

LogScale Documentation Full Library Knowledge Base Release Notes Integrations Query Examples Training API GraphQL API Contacting Support

Parsers and Generated Fields

Tag Fields Created by Parser paloalto-prisma-sdwan

#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type

Fields Identified by Parser paloalto-prisma-sdwan

Vendor Field	CPS Field	Description
`event.category[]`	Array	Vendor.type, log.syslog.facility.name
`event.type[]`	Array	Vendor.flow_event, event.action, log.syslog.appname
`network.bytes`	Calculated	source.bytes, destination.bytes
`network.packets`	Calculated	source.packets, destination.packets
`event.outcome`	Conditional	msgType, log.syslog.appname
`destination.address`	Copied	Vendor.REMOTE_HOSTNAME, Vendor.CLOUDGENIX_HOST, observer.name
`destination.bytes`	Copied	Vendor.bytes_recvd, Vendor.BYTES_SENT
`destination.ip`	Copied	Vendor.dst_ip, Vendor.DST_IP, Vendor.REMOTE_IP
`destination.packets`	Copied	bytes_recvd, Vendor.PKTS_SENT
`destination.port`	Copied	Vendor.dst_port, Vendor.DST_PORT
`event.created`	Copied	Vendor.DEVICE_TIME
`event.id`	Copied	Vendor.IDENTIFIER
`event.reason`	Copied	Vendor.REASON, parsed from authentication messages
`event.severity`	Copied	Vendor.SEVERITY, Vendor.Severity
`host.name`	Copied	Vendor.CLOUDGENIX_HOST
`log.syslog.facility.name`	Copied	Vendor.FACILITY
`log.syslog.severity.name`	Copied	Vendor.SEVERITY
`network.protocol`	Copied	Vendor.PROTOCOL_NAME
`network.transport`	Copied	Vendor.protocol_name
`observer.hostname`	Copied	Vendor.CLOUDGENIX_HOST
`observer.name`	Copied	Vendor.ION_HOST, Vendor.DeviceName
`process.name`	Copied	Vendor.app_name, Vendor.PROCESS_NAME
`process.pid`	Copied	Vendor.ProcessID
`server.address`	Copied	Vendor.ION_HOST, observer.name
`source.address`	Copied	Vendor.NAME
`source.bytes`	Copied	Vendor.bytes_sent, Vendor.BYTES_RECVD
`source.ip`	Copied	Vendor.src_ip, Vendor.SRC_IP
`source.packets`	Copied	Vendor.pkts_sent, Vendor.PKTS_RECVD
`source.port`	Copied	Vendor.src_port, Vendor.SRC_PORT
`user.name`	Copied	Vendor.USER, Vendor.user
`event.action`	Extracted	Vendor.MSG, Vendor.flow_event, Vendor.zbfw_classification_rules
`host.ip`	Extracted	@rawstring
`log.level`	Extracted	@rawstring
`log.syslog.appname`	Extracted	@rawstring
`log.syslog.hostname`	Extracted	@rawstring
`log.syslog.priority`	Extracted	@rawstring
`log.syslog.procid`	Extracted	@rawstring
`log.syslog.version`	Extracted	@rawstring
`@timestamp`	Parsed	Vendor.event_time, ts, Vendor.DEVICE_TIME
`ecs.version`	Static	None
`event.kind`	Static	None
`event.module`	Static	None
Vendor.CLOUDGENIX_HOST	destination.address
Vendor.REMOTE_HOSTNAME	destination.address
observer.name	destination.address
Vendor.BYTES_SENT	destination.bytes
Vendor.bytes_recvd	destination.bytes
Vendor.DST_IP	destination.ip
Vendor.REMOTE_IP	destination.ip
Vendor.dst_ip	destination.ip
Vendor.PKTS_SENT	destination.packets
Vendor.DST_PORT	destination.port
Vendor.dst_port	destination.port
Vendor.MSG	event.action
Vendor.DEVICE_TIME	event.created
Vendor.IDENTIFIER	event.id
Vendor.REASON	event.reason
Vendor.SEVERITY	event.severity
Vendor.Severity	event.severity
Vendor.CLOUDGENIX_HOST	host.name
Vendor.FACILITY	log.syslog.facility.name
Vendor.SEVERITY	log.syslog.severity.name
source.bytes	network.bytes
source.packets	network.packets
Vendor.PROTOCOL_NAME	network.protocol
Vendor.protocol_name	network.transport
Vendor.DeviceName	observer.name
server.address	observer.name
Vendor.PROCESS_NAME	process.name
Vendor.ProcessID	process.pid
Vendor.ION_HOST	server.address
observer.name	server.address
Vendor.NAME	source.address
Vendor.BYTES_RECVD	source.bytes
Vendor.bytes_sent	source.bytes
Vendor.SRC_IP	source.ip
Vendor.src_ip	source.ip
Vendor.PKTS_RECVD	source.packets
Vendor.pkts_sent	source.packets
Vendor.SRC_PORT	source.port
Vendor.src_port	source.port
Vendor.USER	user.name
Vendor.user	user.name

Enter search term