Parsers and Generated Fields
Tag Fields Created by Parser veeam-veeamdataplatform
#Cps.version
#Vendor
#ecs.version
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser veeam-veeamdataplatform
| Source Field | CPS Field | Description | Mapping |
|---|---|---|---|
| ts | @timestamp | Event timestamp | Parsed from ts field using parseTimestamp() |
| None | ecs.version | ECS schema version | Static value: 9.2.0 |
| Vendor.Operation | event.action | Action performed in the event | Direct assignment from Vendor.Operation |
| event.id | event.category[] | Event categorization | Array populated based on event.id conditions |
| Vendor.instanceId, Vendor.predefined_alarm_id | event.id | Unique event identifier | Conditional assignment from Vendor.instanceId or Vendor.predefined_alarm_id |
| Vendor.predefined_alarm_id | event.kind | Event kind classification | Conditional assignment based on Vendor.predefined_alarm_id presence |
| Vendor.predefined_alarm_id | event.module | Source module | Conditional assignment: vbr or veeamone |
| Vendor.JobResultCode | event.outcome | Event outcome status | Mapped from Vendor.JobResultCode values |
| Vendor.Severity | event.severity | Event severity level | Mapped from Vendor.Severity values |
| None | event.type[] | Event type classification | Array with static value: info |
| Vendor.VbrHostName, log.syslog.hostname | host.name | Host name | Conditional assignment from Vendor.VbrHostName or log.syslog.hostname |
| @rawstring | log.syslog.appname | Syslog application name | Extracted from syslog header using regex |
| @rawstring | log.syslog.hostname | Syslog hostname | Extracted from syslog header using regex |
| @rawstring | log.syslog.msgid | Syslog message ID | Extracted from syslog header using regex |
| @rawstring | log.syslog.priority | Syslog priority | Extracted from syslog header using regex |
| @rawstring | log.syslog.procid | Syslog process ID | Extracted from syslog header using regex |
| @rawstring | log.syslog.structured_data | Syslog structured data | Extracted from syslog header using regex |
| @rawstring | log.syslog.version | Syslog version | Extracted from syslog header using regex |
| Vendor.Description, Vendor.alarm_details | message | Event message | Conditional assignment from Vendor.Description or Vendor.alarm_details |
| None | observer.type | Observer type | Static value: dataprotection |
| Vendor.FullUserName | user.domain | User domain | Extracted from Vendor.FullUserName using regex |
| Vendor.FullUserName | user.name | Username | Extracted from Vendor.FullUserName using regex or direct assignment |