Parsers and Generated Fields
Tag Fields Created by Parser veeam-veeamdataplatform
#Cps.version
#Vendor
#ecs.version
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser veeam-veeamdataplatform
| Vendor Field | CPS Field | Description |
|---|---|---|
| `event.category[]` | Array | event.id |
| `event.type[]` | Array | None |
| `event.id` | Conditional | Vendor.instanceId, Vendor.predefined_alarm_id |
| `event.kind` | Conditional | Vendor.predefined_alarm_id |
| `event.module` | Conditional | Vendor.predefined_alarm_id |
| `host.name` | Conditional | Vendor.VbrHostName, log.syslog.hostname |
| `message` | Conditional | Vendor.Description, Vendor.alarm_details |
| `event.action` | Direct | Vendor.Operation |
| `log.syslog.appname` | Extracted | @rawstring |
| `log.syslog.hostname` | Extracted | @rawstring |
| `log.syslog.msgid` | Extracted | @rawstring |
| `log.syslog.priority` | Extracted | @rawstring |
| `log.syslog.procid` | Extracted | @rawstring |
| `log.syslog.structured_data` | Extracted | @rawstring |
| `log.syslog.version` | Extracted | @rawstring |
| `user.domain` | Extracted | Vendor.FullUserName |
| `user.name` | Extracted | Vendor.FullUserName |
| `event.outcome` | Mapped | Vendor.JobResultCode |
| `event.severity` | Mapped | Vendor.Severity |
| `@timestamp` | Parsed | ts |
| `ecs.version` | Static | None |
| `observer.type` | Static | None |
| Vendor.InitiatorName | Vendor.FullUserName | |
| Vendor.ModifiedUserInfo._fullName | Vendor.FullUserName | |
| Vendor.UserName | Vendor.FullUserName | |
| Vendor.Operation | event.action | |
| Vendor.instanceId | event.id | |
| Vendor.predefined_alarm_id | event.id | |
| Vendor.Description | message | |
| Vendor.alarm_details | message |