Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Paste
P10521
Logging fields transformation to ecs
Active
Public
Actions
Authored by
fgiunchedi
on Feb 25 2020, 6:07 PM.
Edit Paste
Archive Paste
View Raw File
Subscribe
Mute Notifications
Award Token
Flag For Later
Tags
None
Referenced Files
F31630677: raw.txt
Feb 25 2020, 6:07 PM
2020-02-25 18:07:32 (UTC+0)
Subscribers
None
-
fields
:
'type'
schema
:
'service.type'
-
fields
:
[
'timestamp'
,
'@timestamp'
]
schema
:
'@timestamp'
-
fields
:
[
'message'
,
'msg'
]
schema
:
'message'
-
fields
:
tags
schema
:
tags
-
fields
:
normalized_message
schema
:
message.normalized
standard
:
false
-
fields
:
level
schema
:
log.level
-
fields
:
host
schema
:
host.name
-
fields
:
program
schema
:
process.name
-
fields
:
logsource
schema
:
log.source
standard
:
false
-
fields
:
facility
schema
:
log.syslog.facility.name
-
fields
:
severity
schema
:
log.syslog.severity.name
-
fields
:
url
schema
:
url.original
-
fields
:
[
ip
,
clientIP
,
http.client_ip
,
client_ip
]
schema
:
client.ip
-
fields
:
[
http_method
,
request.method
,
http.method
,
req_method
]
schema
:
http.request.method
-
fields
:
channel
schema
:
mw.channel
standard
:
false
-
fields
:
wiki
schema
:
mw.wiki
standard
:
false
-
fields
:
phpversion
schema
:
mw.phpversion
standard
:
false
-
fields
:
ReqId
schema
:
transaction.id
-
fields
:
server
schema
:
host.name
-
fields
:
shard
schema
:
mw.shard
standard
:
false
-
fields
:
mwversion
schema
:
mw.version
standard
:
false
-
fields
:
unique_id
schema
:
trace.id
-
fields
:
private
schema
:
mw.private
standard
:
false
-
fields
:
c_ip
schema
:
client.ip
-
fields
:
referrer
schema
:
http.request.referrer
-
fields
:
referer
schema
:
http.request.referrer
-
fields
:
username
schema
:
client.user.name
-
fields
:
feature
schema
:
mw.feature
standard
:
false
-
fields
:
[
agent
,
clientAgent
]
schema
:
user_agent.original
-
fields
:
ua_*
schema
:
user_agent.os.*
-
fields
:
logger_name
schema
:
log.logger
-
fields
:
trace
schema
:
trace.full
standard
:
false
-
fields
:
varname
schema
:
mw.varname
standard
:
false
-
fields
:
filter
schema
:
mw.filter
standard
:
false
-
fields
:
name
schema
:
client.user.name
-
fields
:
key
schema
:
mw.key
standard
:
false
-
fields
:
process
schema
:
process.pid
-
fields
:
module
schema
:
mw.module
standard
:
false
-
fields
:
pathname
schema
:
log.origin.file.name
-
fields
:
filename
schema
:
log.origin.file.name
-
fields
:
method
schema
:
http.request.method
-
fields
:
source
schema
:
mw.source
standard
:
false
-
fields
:
user-agent
schema
:
user_agent.original
-
fields
:
user_id
schema
:
client.user.id
-
fields
:
csp-report*
schema
:
mw.csp.*
standard
:
false
-
fields
:
action
schema
:
event.action
-
fields
:
protocol
schema
:
network.transport
-
fields
:
ttl
schema
:
network.ttl
standard
:
false
-
fields
:
source_port
schema
:
source.port
-
fields
:
source_ip
schema
:
source.ip
-
fields
:
len
schema
:
source.bytes
-
fields
:
ip_protocol
schema
:
network.type
-
fields
:
in_interface
schema
:
network.interface ?
standard
:
false
-
fields
:
ethertype
schema
:
network.ethertype ?
standard
:
false
-
fields
:
direction
schema
:
network.direction
-
fields
:
destination_ip
schema
:
destination.ip
-
fields
:
dest_port
schema
:
destination.port
-
fields
:
thread_name
schema
:
process.thread.name
-
fields
:
level_value
schema
:
?
-
fields
:
hostname
schema
:
host.name
-
fields
:
time
schema
:
?
overloaded between mw parse time and e.g. kubernetes logs
-
fields
:
title
schema
:
mw.title
standard
:
false
-
fields
:
query
schema
:
mw.query
standard
:
false
-
fields
:
trigger
schema
:
mw.trigger
standard
:
false
-
fields
:
ns
schema
:
mw.namespace
standard
:
false
-
fields
:
measure
schema
:
mw.measure
standard
:
false
-
fields
:
max
schema
:
mw.max
standard
:
false
-
fields
:
by
schema
:
mw.by
standard
:
false
-
fields
:
actual
schema
:
mw.actual
standard
:
false
-
fields
:
modelid
schema
:
mw.modelID
standard
:
false
-
fields
:
differenceengine
schema
:
mw.DifferenceEngine
standard
:
false
-
fields
:
stream
schema
:
mw.stream
standard
:
false
-
fields
:
user
schema
:
client.user.name
-
fields
:
pid
schema
:
process.pid
-
fields
:
levelpath
schema
:
mw.levelPath
standard
:
false
-
fields
:
metadata.filename
schema
:
metadata.filename
standard
:
false
-
fields
:
metadata.fileoffset
schema
:
metadata.fileoffset
standard
:
false
Event Timeline
fgiunchedi
created this paste.
Feb 25 2020, 6:07 PM
2020-02-25 18:07:32 (UTC+0)
Log In to Comment