Fields which parsers use as tags have their names prefixed with # during ingestion.

The field event.original is not present, since LogScale uses @rawstring instead.

The field event.ingested is not present, since LogScale uses @ingesttimestamp instead.

The field @timestamp contains a Unix timestamp, rather than a human readable timestamp.

The field event.code is not present. The value from event.code can still be available to use in a vendor-specific field, e.g. Vendor.event_type.

The related fields are not present.

The following fields have their values lowercased by the en-us locale.