Parsers and Generated Fields
Tag Fields Created by Parser veeam-veeamdataplatform
#Cps.version
#Vendor
#ecs.version
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser veeam-veeamdataplatform
| Vendor Field | CPS Field | Description |
|---|---|---|
| Vendor.InitiatorName | Vendor.FullUserName | For event ID 36013 |
| Vendor.ModifiedUserInfo._fullName | Vendor.FullUserName | Extracted from XML data in various fields |
| Vendor.UserName | Vendor.FullUserName | For various event IDs related to user actions |
| Vendor.param6 | Vendor.FullUserName | For event IDs 23090, 23420, 41402 |
| Vendor.JobResult | Vendor.JobResultCode | Default mapping for job result code |
| Vendor.Result | Vendor.JobResultCode | For event IDs 198, 290, 40290, 42210, 42500 |
| Vendor.Status | Vendor.JobResultCode | For event IDs 150, 151, 450, 451 |
| Vendor.JobType | Vendor.JobTypeCode | Default mapping for job type code |
| Vendor.Operation | event.action | Direct mapping of operation field |
| Vendor.instanceId | event.id | Used when Vendor.predefined_alarm_id is not present |
| Vendor.predefined_alarm_id | event.id | Used for veeamone module events |
| Vendor.VbrHostName | host.name | Used when Vendor.predefined_alarm_id is not present |
| log.syslog.hostname | host.name | Used for veeamone module events |
| Vendor.Description | message | Used when Vendor.predefined_alarm_id is not present |
| Vendor.alarm_details | message | Used for veeamone module events |
| Vendor.FullUserName | user.name | Direct mapping of user name |