Parsers and Generated Fields | Integrations | LogScale Documentation

Skip to content

LogScale Documentation Full Library Knowledge Base Release Notes Integrations Query Examples Training API GraphQL API Contacting Support

Parsers and Generated Fields

Tag Fields Created by Parser aws-cloudtrail

#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type

Fields Identified by Parser aws-cloudtrail

Vendor Field	CPS Field	Description
Vendor.digestStartTime	@timestamp	Fallback timestamp if eventTime not present
Vendor.eventTime	@timestamp	Event timestamp in UTC
Vendor.digestS3Bucket;	cloud.Storage.bucket_name
Vendor.requestParameters.bucketName;	cloud.Storage.bucket_name
Vendor.awsAccountId	cloud.account.id	Alternative account ID source
Vendor.awsAccountId;	cloud.account.id
Vendor.recipientAccountId	cloud.account.id	Fallback account ID source
Vendor.recipientAccountId;	cloud.account.id
Vendor.userIdentity.accountId	cloud.account.id	AWS account ID
Vendor.userIdentity.accountId;	cloud.account.id
Vendor.requestParameters.instanceId	cloud.instance.id	EC2 instance ID
Vendor.awsRegion	cloud.region	AWS region
Vendor.errorCode	error.code	Error code
Vendor.errorMessage	error.message	Error details
Vendor.eventName	event.action	Event action name
Vendor.eventID	event.id	Event ID
Vendor.errorCode	event.outcome	Maps to "failure" if present
Vendor.eventSource	event.provider	Event source service
Vendor.errorMessage	event.reason	Error reason
Vendor.errorMessage;	event.reason
Vendor.previousDigestSignature	file.hash.sha256	When hash algorithm is SHA-256
Vendor.digestS3Object	file.path	S3 object path
Vendor.requestParameters.Host	host.name	Host name (lowercase)
Vendor.sourceIPAddress	source.address	Source address (lowercase)
Vendor.sourceIPAddress	source.ip	Source IP address
source.address;	source.ip
Vendor.tlsDetails.cipherSuite	tls.cipher	TLS cipher suite
Vendor.tlsDetails.tlsVersion	tls.version_protocol,	Split into protocol and version
Vendor.userIdentity.principalId	user.id	User ID
Vendor.additionalEventData.UserName	user.name	Fallback user name
Vendor.requestParameters.roleSessionName	user.name	User name for AWSAccount type
Vendor.userIdentity.invokedBy	user.name	User name for AWSService type
Vendor.userIdentity.sessionContext.sessionIssuer.userName	user.name	User name for AssumedRole type
Vendor.userIdentity.userName	user.name	User name for IAMUser type
Vendor.userIdentity.userName;	user.name
Vendor.requestParameters.roleArn	user.roles[]	Role ARN for SAMLUser, Role types
Vendor.userIdentity.sessionContext.sessionIssuer.arn	user.roles[]	Role ARN for AssumedRole type
Vendor.userAgent	user_agent.original	User agent string

Enter search term

	
		OSZAR »