Parsers and Generated Fields | Integrations | LogScale Documentation

Skip to content

LogScale Documentation Full Library Knowledge Base Release Notes Integrations Query Examples Training API GraphQL API Contacting Support

Reading time: 1 minutes

Parsers and Generated Fields

Tag Fields Created by Parser zscaler-privateaccess

#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type

Fields Identified by Parser zscaler-privateaccess

Vendor Field	CPS Field	Description
LogTimestamp	@timestamp	Timestamp parsing from log entry
TotalBytesRx	client.bytes	Total bytes received by client
Vendor.TotalBytesRx	client.bytes
Vendor.City	client.geo.city_name
CountryCode	client.geo.country_iso_code	Client's country code
Vendor.ClientCountryCode	client.geo.country_iso_code
Vendor.CountryCode	client.geo.country_iso_code
Latitude	client.geo.location.lat	Client's latitude
Vendor.ClientLatitude	client.geo.location.lat
Vendor.Latitude	client.geo.location.lat
Longitude	client.geo.location.lon	Client's longitude
Vendor.ClientLongitude	client.geo.location.lon
Vendor.Longitude	client.geo.location.lon
PublicIP	client.ip	Client's public IP address
Vendor.AuditNewValue.remoteIP;	client.ip
Vendor.AuditOldValue.remoteIP;	client.ip
Vendor.ClientPublicIP	client.ip
Vendor.ClientPublicIp	client.ip
Vendor.PublicIP	client.ip
Vendor.DefRouteGW	client.nat.ip
Vendor.ClientPort	client.port
Vendor.ClientPublicPort	client.port
Vendor.AuditOperationType	event.action
Vendor.RequestID	event.id
Vendor.ConnectionReason	event.reason
Vendor.InternalReason	event.reason
Vendor.AuditNewValue.id	group.id
Vendor.AuditOldValue.id	group.id
Vendor.AuditNewValue.name	group.name
Vendor.AuditOldValue.name	group.name
Vendor.CPUUtilization	host.cpu.usage
Hostname	host.hostname	System hostname
Platform	host.os.platform	Operating system platform
Vendor.Platform	host.os.platform
RequestSize	http.request.body.bytes	Size of HTTP request body
Vendor.RequestBodySize	http.request.body.bytes
Vendor.RequestSize	http.request.body.bytes
Method	http.request.method	HTTP request method
Vendor.Method	http.request.method
ResponseSize	http.response.body.bytes	Size of HTTP response body
Vendor.ResponseBodySize	http.response.body.bytes
Vendor.ResponseSize	http.response.body.bytes
StatusCode	http.response.status_code	HTTP response status code
Vendor.StatusCode	http.response.status_code
Vendor.ProtocolVersion	http.version
Vendor.TotalBytesProcessed	network.bytes
Protocol	network.protocol	Network protocol used
Vendor.AuditNewValue.cityCountry	observer.geo.city_name
Vendor.AuditOldValue.cityCountry	observer.geo.city_name
Vendor.AuditNewValue.location;	observer.geo.country_name
Vendor.AuditOldValue.location;	observer.geo.country_name
Vendor.AuditNewValue.latitude	observer.geo.location.lat
Vendor.AuditOldValue.latitude	observer.geo.location.lat
Vendor.Latitude	observer.geo.location.lat
Vendor.AuditNewValue.longitude	observer.geo.location.lon
Vendor.AuditOldValue.longitude	observer.geo.location.lon
Vendor.Longitude	observer.geo.location.lon
Vendor.Platform	observer.os.platform
Vendor.CustomerID	organization.id
Customer	organization.name	Customer organization name
Vendor.Customer	organization.name
Vendor.Version	package.version
Host	server.address	Server hostname/address
Vendor.AuditNewValue.domainOrIpAddress	server.address
Vendor.AuditOldValue.domainOrIpAddress	server.address
TotalBytesTx	server.bytes	Total bytes transmitted by server
Vendor.TotalBytesTx	server.bytes
Vendor.ZENCountryCode	server.geo.country_iso_code
Vendor.ZENLatitude	server.geo.location.lat
Vendor.ZENLongitude	server.geo.location.lon
ServerIP	server.ip	Server IP address
Vendor.ServerIP	server.ip
server.address;	server.ip
ServerPort	server.port	Server port number
Vendor.ApplicationPort	server.port
Vendor.ServerPort	server.port
CertificateCN	tls.client.x509.issuer.common_name[]	Certificate common name
Vendor.AuditNewValue.issuedTo;	tls.client.x509.issuer.distinguished_name
Vendor.AuditOldValue.issuedTo;	tls.client.x509.issuer.distinguished_name
Vendor.AuditNewValue.expirationTimeInSeconds	tls.client.x509.not_after
Vendor.AuditOldValue.expirationTimeInSeconds	tls.client.x509.not_after
Vendor.AuditNewValue.creationTimeInSeconds	tls.client.x509.not_before
Vendor.AuditOldValue.creationTimeInSeconds	tls.client.x509.not_before
Vendor.ModifiedBy	user.id
Username	user.name	User associated with the event
Vendor.NameID	user.name
Vendor.User	user.name
Vendor.Username	user.name
Vendor.AuditNewValue.email	user.target.email
Vendor.AuditOldValue.email	user.target.email
Vendor.AuditNewValue.id	user.target.id
Vendor.AuditOldValue.id	user.target.id
Vendor.AuditNewValue.name;	user.target.name
Vendor.AuditOldValue.name;	user.target.name
UserAgent	user_agent.original	User agent string
Vendor.UserAgent	user_agent.original

Enter search term