Event Field Logs

Timestamp

@timestamp

Message

log

Pool ID

pool_id

Service ID

service_id

Log Name

@log_name

Timestamp

created_at

Action

action

User Name

user_name

Message

message

HTTP Request Body

http_req_body

HTTP Response Body

http_resp_body

Subject Type

subject_type

Subject Groups

subject_groups

Event Version

event_version

Event Category

event_cat

Resource Type

resource_type

Resource Description

resource_desc

Resource ID

resource_id

Application ID

app_id

Client IP

client_ip

Result

result

Severity

severity

Timestamp

OccuredTimestamp

Message

metadata_message

Status

status

Type

type

Subtype

subtype

Event Category

EventCategory

Host

metadata_host

Severity

severity

Timestamp

Timestamp

Query Name

Qname

Timestamp Nanosecond

Nanosec

Message Type

Message_type

Source ID

Source

Reply Code Number

Rcode

Policy ID

Pid

Additional Answer Count

Arcount

Source MAC Address

Src_mac

DNS View

View

Message

Msg

DNS Response Flags

Dns_response_flags

DNS Query Type

Qtype

OPH Name

Extra_display_name

Event Category

EventCategory

DNS Tags

Extra_all_tags

Source Device Name

Extra_device_name

DNS Answer

Answer

Protocol Code

Protocol

DHCP Fingerprint

Extra_dhcp_fingerprint

User Name

Extra_user_name

Destination IP

Rip

Query Class Name

Query_class

Op Code

Opcode

Region

Region

DNS Request Flags

Dns_request_flags

Host OS Version

Extra_os_version

Anonymized

Anonymized

Reply Code

Reply_code

OPH IP Address

Extra_ip_address

Transaction ID

Tid

Delay

Delay

Record Type

Record_type

Returned Resource Records

Dns_record

Vendor Product

Vendor_product

Flags

Flags

Source Port

Qport

Device IP

Extra_device_ip

Destination Port

Rport

Source Network

Extra_network

Reply Code (Parsed)

Rcode_string

DNS Packet Type

Type

Answer Count

Ancount

Query Count

Query_count

DNS QClass

Qclassname

DNS Query Type (Parsed)

Qtypename

Connection Type

Extra_pname

Query Class

Qclass

User's device MAC

Extra_mac_address

Client ID

Cid

Source IP

Qip

TTL

Ttl

Protocol

Transport_protocol

Authority Answer Count

Nscount

Query Type

Query_type

Application

App

Severity

severity

Timestamp

Timestamp

Query Name

Qname

Timestamp Nanosecond

Nanosec

Message Type

Message_type

Source ID

Source

Reply Code Number

Rcode

Policy ID

Pid

Additional Answer Count

Arcount

Source MAC Address

Src_mac

DNS View

View

Message

Msg

DNS Response Flags

Dns_response_flags

DNS Query Type

Qtype

OPH Name

Extra_display_name

Event Category

EventCategory

DNS Tags

Extra_all_tags

Source Device Name

Extra_device_name

DNS Answer

Answer

Protocol Code

Protocol

DHCP Fingerprint

Extra_dhcp_fingerprint

User Name

Extra_user_name

Destination IP

Rip

Query Class Name

Query_class

Op Code

Opcode

Region

Region

DNS Request Flags

Dns_request_flags

Host OS Version

Extra_os_version

Anonymized

Anonymized

Reply Code

Reply_code

OPH IP Address

Extra_ip_address

Transaction ID

Tid

Delay

Delay

Record Type

Record_type

Returned Resource Records

Dns_record

Vendor Product

Vendor_product

Flags

Flags

Source Port

Qport

Device IP

Extra_device_ip

Destination Port

Rport

Source Network

Extra_network

Reply Code (Parsed)

Rcode_string

DNS Packet Type

Type

Answer Count

Ancount

Query Count

Query_count

DNS QClass

Qclassname

DNS Query Type (Parsed)

Qtypename

Connection Type

Extra_pname

Query Class

Qclass

User's device MAC

Extra_mac_address

Client ID

Cid

Source IP

Qip

TTL

Ttl

Protocol

Transport_protocol

Authority Answer Count

Nscount

Query Type

Query_type

Application

App

Severity

severity

Timestamp

Timestamp

Query Name

Qname

Threat Severity

Threat_severity

DNS Tags

Extra_all_tags

ARR Type

Arrtype

Query Class Name

Query_class

QType

Qtype

ACode

Acode

QClass

Qclass

Feed Type

Extra_feed_type

Client ID

Cid

Domain Category

Qcat

Operational code

Opcode

Threat Level

Threat_level

Threat Indicator

Extra_threat_indicator

DHCP Fingerprint

Extra_dhcp_fingerprint

Rule Action

Rule_action

OPH IP Address

Extra_ip_address

Anonymized

Anonymized

Rpz Query Feed

Rpz_query_feed

Threat Confidence

Threat_confidence

Source

Qip

Category

Category

Query Type (Parsed)

Query_type

Client Site ID

Csite

User Name

User_name

Destination IP

Rip

Rule Disabled

Disabled

Threat Property

Threat_property

Transaction ID

Tid

Region

Region

Policy Action

Extra_policy_action

Source IP

Src

ARR Data

Arrdata

Timestamp Nanosecond

Nanosec

IDS Type

Ids_type

Action

Action

Log Level

Loglevel

Trigger Code

Tcode

Transport

Transport

OPH Name

Extra_display_name

RPZ Rule

Tname

DNS View

View

Message

Msg

Source Network

Extra_network

Source MAC

Src_mac

Source ID

Source

Connection Type

P_name

Severity

CefLeefSeverity

Destination Port

Rport

Policy ID

Pid

Vendor

Pvendor

Version

Pversion

Feed Name

Extra_feed_name

Vendor Product

Vendor_product

Source Device Name

Extra_device_name

Host OS Version

Extra_os_version

Device IP

Extra_device_ip

Application

App

Source Port

Qport

Policy Name

Extra_policy_name

Protocol

Protocol

Rule Disabled

disabled

User's device OS

os_version

Severity

severity

Timestamp

timestamp

Query Name

qname

Source Port

qport

OPH Name

extra_display_name

QType

qtype

Reply Code

dns_rcode

Authority Answer Count

nscount

Record Type

dns_record_type

Answer

answer

Connection Type

extra_pname

DNS Tags

extra_all_tags

Region

region

Query Count

query_count

Source IP (Parsed)

extra_device_ip

Transaction ID

tid

Timestamp Nanosec

nanosec

Source ID

source

Source IP

qip

Destination IP

rip

Client ID

cid

OPH IP Address

extra_ip_address

Query Class

qclass

Transport Protocol

transport_protocol

DNS QClass

qClassName

DNS View

view

Host OS Version

extra_os_version

Anonymized

anonymized

Application

app

DNS Packet Type

type

Policy ID

pid

Reply Code Number

rcode

Op Code

opcode

User Name

extra_user_name

DHCP Fingerprint

extra_dhcp_fingerprint

DNS Request Flags

dns_request_flags

Source Network

extra_network

Destination Port

rport

Returned Resource Records

dns_record

Message

msg

Vendor Product

vendor_product

Message Type

message_type

Category

event_class

Answer Count

ancount

Additional Answer Count

arcount

DNS Response Flags

dns_response_flags

Protocol

protocol

Query Type (Parsed)

query_type

TTL

ttl_value

DNS QFlags

qFlags

Delay

delay

Source MAC Address

src_mac

Source Device Name

extra_device_name

DNS QType

qTypeName

Severity

severity

Timestamp

timestamp

IP Address

LeaseExtra_Address

Subnet

LeaseExtra_Subnet

Application

app

Lease Lifetime

Lease_Lifetime

Lease Host ID

LeaseExtra_HostID

Leased Host Name

Lease_Hostname

Lease UUID

Lease_LeaseUUID

Lease Scope

LeaseExtra_LeaseScope

Vendor Product

vendor_product

Signature

signature

Action

action

Fingerprint

Lease_Fingerprint

DHCP Options

dhcp_options

User Name

user

Fingerprint PR

LeaseExtra_InfobloxFingerprintPr

Destination DUID

dest_duid

DHCP Host IP Address

host_ip

IP Range Start

LeaseExtra_RangeStart

IP Range End

LeaseExtra_RangeEnd

Host Name

host

Category

cat

IP Space Name

LeaseExtra_SpaceName

Source MAC Address

LeaseExtra_Smac

Client ID

LeaseExtra_ClientID

Severity

severity