Parsers and Generated Fields | Integrations | LogScale Documentation

Skip to content

LogScale Documentation Full Library Knowledge Base Release Notes Integrations Query Examples Training API GraphQL API Contacting Support

Parsers and Generated Fields

Tag Fields Created by Parser zscaler-internetaccess

#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type

Fields Identified by Parser zscaler-internetaccess

Vendor Field	CPS Field	Description
message	@rawstring
`dns.answers[]`	Array	Vendor.dns_resp
`event.category[]`	Array	Vendor.sourcetype
`event.type[]`	Array	Vendor.sourcetype, Vendor.action, Vendor.threatname
`http.request.referrer`	Base64	Vendor.refererURL
`url.original`	Base64	Vendor.url
`file.extension`	Conditionally	Vendor.filesubtype, Vendor.upload_filesubtype, Vendor.filetypename
`file.name`	Conditionally	Vendor.filename, Vendor.upload_filename
`file.type`	Conditionally	Vendor.filetype, Vendor.upload_filetype
`client.port`	Copied	Vendor.clt_sport
`destination.domain`	Copied	Vendor.hostname
`destination.geo.country_name`	Copied	Vendor.destcountry
`dns.question.name`	Copied	Vendor.dns_req
`dns.question.type`	Copied	Vendor.dns_reqtype
`event.action`	Copied	Vendor.action
`event.id`	Copied	Vendor.recordid
`event.reason`	Copied	Vendor.reason
`event.risk_score`	Copied	Vendor.riskscore
`file.directory`	Copied	Vendor.filesource
`file.hash.md5`	Copied	Vendor.bamd5, Vendor.filemd5
`file.owner`	Copied	Vendor.owner
`group.name`	Copied	Vendor.company
`host.hostname`	Copied	Vendor.devicehostname
`host.name`	Copied	Vendor.devicehostname
`http.request.bytes`	Copied	Vendor.requestsize
`http.request.method`	Copied	Vendor.requestmethod
`http.request.mime_type`	Copied	Vendor.contenttype
`http.response.bytes`	Copied	Vendor.responsesize
`http.response.status_code`	Copied	Vendor.status
`network.application`	Copied	Vendor.nwapp
`network.transport`	Copied	Vendor.proto
`network.type`	Copied	Vendor.tunneltype
`rule.ruleset`	Copied	Vendor.ruletype
`source.geo.name`	Copied	Vendor.location
`url.domain`	Copied	Vendor.hostname
`url.full`	Copied	Vendor.fullurl
`url.path`	Extracted	Vendor.url
`user.domain`	Extracted	Vendor.user, Vendor.elogin, Vendor.login, Vendor.adminid
`user.name`	Extracted	Vendor.user, Vendor.elogin, Vendor.login, Vendor.adminid
`destination.bytes`	Mapped	Vendor.inbytes, Vendor.rxbytes
`destination.ip`	Mapped	Vendor.srv_dip, Vendor.sdip, Vendor.serverip, Vendor.destinationip
`destination.port`	Mapped	Vendor.srv_dport, Vendor.sdport, Vendor.destinationport
`event.severity`	Mapped	Vendor.severity
`network.protocol`	Mapped	Vendor.protocol, Vendor.nwsvc
`rule.name`	Mapped	Vendor.rulelabel, Vendor.rulename, Vendor.policy, Vendor.threatname
`source.bytes`	Mapped	Vendor.outbytes, Vendor.txbytes
`source.ip`	Mapped	Vendor.clt_sip, Vendor.csip, Vendor.ClientIP, Vendor.sourceip, Vendor.clientip
`source.port`	Mapped	Vendor.csport, Vendor.sourceport, Vendor.clt_sport
`@timestamp`	Parsed	Vendor.datetime, Vendor.time
`file.mtime`	Parsed	Vendor.lastmodtime
`event.original.hash.sha256`	SHA256	@rawstring
`event.dataset`	Set	Vendor.sourcetype
`event.original`	Set	@rawstring
`event.outcome`	Set	Vendor.result
`network.direction`	Set	Vendor.policydirection
`source.nat.ip`	Set	Vendor.ClientIP, Vendor.clientpublicIP
`user.email`	Set	Vendor.user, Vendor.elogin, Vendor.login, Vendor.adminid
`ecs.version`	Static	None
`event.kind`	Static	Vendor.threatname
`event.module`	Static	None
`user_agent.original`	URL	Vendor.useragent
Vendor.clt_sport	client.port
Vendor.inbytes	destination.bytes
Vendor.rxbytes	destination.bytes
Vendor.destcountry	destination.geo.country_name
Vendor.destinationip	destination.ip
Vendor.sdip	destination.ip
Vendor.serverip	destination.ip
Vendor.srv_dip	destination.ip
Vendor.destinationport	destination.port
Vendor.sdport	destination.port
Vendor.srv_dport	destination.port
Vendor.dns_req	dns.question.name
Vendor.dns_reqtype	dns.question.type
Vendor.action	event.action
Vendor.actiontaken	event.action
Vendor.event	event.action
Vendor.recordid	event.id
Vendor.eventreason	event.reason
Vendor.reason	event.reason
Vendor.riskscore	event.risk_score
Vendor.filesource	file.directory
Vendor.filesubtype	file.extension
Vendor.filetypename	file.extension
Vendor.upload_filesubtype	file.extension
Vendor.filename	file.name
Vendor.upload_filename	file.name
Vendor.owner	file.owner
Vendor.filetype	file.type
Vendor.upload_filetype	file.type
Vendor.company	group.name
Vendor.requestsize	http.request.bytes
Vendor.requestmethod	http.request.method
Vendor.contenttype	http.request.mime_type
Vendor.refererURL	http.request.referrer
Vendor.responsesize	http.response.bytes
Vendor.status	http.response.status_code
Vendor.nwapp	network.application
Vendor.policy	rule.name
Vendor.rulelabel	rule.name
Vendor.rulename	rule.name
Vendor.threatname	rule.name
Vendor.ruletype	rule.ruleset
Vendor.outbytes	source.bytes
Vendor.txbytes	source.bytes
Vendor.location	source.geo.name
Vendor.ClientIP	source.ip
Vendor.clientip	source.ip
Vendor.clt_sip	source.ip
Vendor.csip	source.ip
Vendor.sourceip	source.ip
Vendor.csport	source.port
Vendor.sourceport	source.port
Vendor.hostname	url.domain
Vendor.fullurl	url.full
Vendor.url	url.original

Enter search term