Parsers and Generated Fields
Tag Fields Created by Parser zscaler-internetaccess
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser zscaler-internetaccess
| Source Field | LogScale Repository Field |
|---|---|
| Vendor.clt | client.port |
| Vendor.status | code |
| Vendor.inbytes | destination.bytes |
| Vendor.rxbytes | destination.bytes |
| Vendor.destinationip | destination.ip |
| Vendor.sdip | destination.ip |
| Vendor.serverip | destination.ip |
| Vendor.srv | destination.ip |
| Vendor.destinationport | destination.port |
| Vendor.sdport | destination.port |
| Vendor.srv | destination.port |
| Vendor.dns | dns.answers.name |
| Vendor.dns | dns.question.name |
| Vendor.dns | dns.question.type |
| Vendor.action | event.action |
| Vendor.actiontaken | event.action |
| Vendor.event | event.action |
| Vendor.recordid | event.id |
| Vendor.eventreason | event.reason |
| Vendor.reason | event.reason |
| Vendor.filesource | file.directory |
| Vendor.filesubtype | file.extension |
| Vendor.filetypename | file.extension |
| Vendor.filename | file.name |
| Vendor.owner | file.owner |
| Vendor.filetype | file.type |
| Vendor.company | group.name |
| Vendor.requestsize | http.request.bytes |
| Vendor.requestmethod | http.request.method |
| Vendor.refererURL | http.request.referrer |
| Vendor.responsesize | http.response.bytes |
| Vendor.destcountry | name |
| Vendor.policy | rule.name |
| Vendor.rulelabel | rule.name |
| Vendor.rulename | rule.name |
| Vendor.ruletype | rule.ruleset |
| Vendor.riskscore | score |
| Vendor.outbytes | source.bytes |
| Vendor.txbytes | source.bytes |
| Vendor.location | source.geo.name |
| Vendor.ClientIP | source.ip |
| Vendor.clientip | source.ip |
| Vendor.clt | source.ip |
| Vendor.csip | source.ip |
| Vendor.sourceip | source.ip |
| Vendor.ClientIP | source.nat.ip |
| Vendor.csport | source.port |
| Vendor.sourceport | source.port |
| Vendor.contenttype | type |
| Vendor.fullurl | url.full |
| Vendor.url | url.original |
| Vendor.adminid | user.email |
| Vendor.elogin | user.email |
| Vendor.login | user.email |
| Vendor.user | user.email |
| Vendor.elogin | user.name |
| Vendor.user | user.name |