Parsers and Generated Fields
Tag Fields Created by Parser zscaler-internetaccess
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser zscaler-internetaccess
Source Field | LogScale Repository Field |
---|---|
Vendor.clt | client.port |
Vendor.status | code |
Vendor.inbytes | destination.bytes |
Vendor.rxbytes | destination.bytes |
Vendor.destinationip | destination.ip |
Vendor.sdip | destination.ip |
Vendor.serverip | destination.ip |
Vendor.srv | destination.ip |
Vendor.destinationport | destination.port |
Vendor.sdport | destination.port |
Vendor.srv | destination.port |
Vendor.dns | dns.answers.name |
Vendor.dns | dns.question.name |
Vendor.dns | dns.question.type |
Vendor.action | event.action |
Vendor.actiontaken | event.action |
Vendor.event | event.action |
Vendor.recordid | event.id |
Vendor.eventreason | event.reason |
Vendor.reason | event.reason |
Vendor.filesource | file.directory |
Vendor.filesubtype | file.extension |
Vendor.filetypename | file.extension |
Vendor.filename | file.name |
Vendor.owner | file.owner |
Vendor.filetype | file.type |
Vendor.company | group.name |
Vendor.requestsize | http.request.bytes |
Vendor.requestmethod | http.request.method |
Vendor.refererURL | http.request.referrer |
Vendor.responsesize | http.response.bytes |
Vendor.destcountry | name |
Vendor.policy | rule.name |
Vendor.rulelabel | rule.name |
Vendor.rulename | rule.name |
Vendor.ruletype | rule.ruleset |
Vendor.riskscore | score |
Vendor.outbytes | source.bytes |
Vendor.txbytes | source.bytes |
Vendor.location | source.geo.name |
Vendor.ClientIP | source.ip |
Vendor.clientip | source.ip |
Vendor.clt | source.ip |
Vendor.csip | source.ip |
Vendor.sourceip | source.ip |
Vendor.ClientIP | source.nat.ip |
Vendor.csport | source.port |
Vendor.sourceport | source.port |
Vendor.contenttype | type |
Vendor.fullurl | url.full |
Vendor.url | url.original |
Vendor.adminid | user.email |
Vendor.elogin | user.email |
Vendor.login | user.email |
Vendor.user | user.email |
Vendor.elogin | user.name |
Vendor.user | user.name |