Parsers and Generated Fields | Integrations | LogScale Documentation

Skip to content

LogScale Documentation Full Library Knowledge Base Release Notes Integrations Query Examples Training API GraphQL API Contacting Support

Parsers and Generated Fields

Tag Fields Created by Parser okta-sso

#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type

Fields Identified by Parser okta-sso

Vendor Field	CPS Field	Description
Vendor.published	@timestamp	Event timestamp
Vendor.securityContext.asOrg	client.as.organization.name	AS organization name
Vendor.securityContext.domain	client.domain,	Domain name
Vendor.client.geographicalContext.city	client.geo.city_name	Client city location
Vendor.client.geographicalContext.country	client.geo.country_name	Client country location
Vendor.client.geographicalContext.geolocation.lat	client.geo.location.lat	Client latitude
Vendor.client.geographicalContext.geolocation.lon	client.geo.location.lon	Client longitude
Vendor.client.geographicalContext.state	client.geo.region_name	Client state location
Vendor.client.ipAddress	client.ip
Vendor.client.ipAddress	client.ip,	Client IP address
Vendor.actor.displayName	client.user.full_name
Vendor.actor.displayName	client.user.full_name,	User display name
Vendor.actor.id	client.user.id
Vendor.actor.id	client.user.id,	User ID
user.name	client.user.name
Vendor.eventType	event.action	Event type from Okta
Vendor.uuid	event.id	Unique event identifier
Vendor.outcome.result	event.outcome	Maps SUCCESS/ALLOW to "success", FAILURE/DENY to "failure", empty/null to "unknown"
Vendor.outcome.reason	event.reason	Reason for the outcome
Vendor.severity	event.severity	Maps DEBUG to 10, INFO to 30, WARN to 50, ERROR to 70, FATAL to 90
Vendor.displayMessage	message	Human-readable message
client.ip	source.ip
client.user.full_name	source.user.full_name
client.user.id	source.user.id
user.name	source.user.name
client.user.full_name	user.full_name
Vendor.actor.alternateId	user.name
Vendor.actor.alternateId	user.name,	User identifier
Vendor.target[].detailEntry.emailAddress	user.target.email	Target user email when type is User
__out[0]	user.target.email
Vendor.target[].displayName	user.target.full_name	Target user display name when type is User
__out[0]	user.target.full_name
Vendor.target[].id	user.target.group.id	Target group ID when type is UserGroup
__out[0]	user.target.group.id
Vendor.target[].displayName	user.target.group.name	Target group name when type is UserGroup
__out[0]	user.target.group.name
Vendor.target[].id	user.target.id	Target user ID when type is User
__out[0]	user.target.id
Vendor.target[].alternateId	user.target.name	Target user alternate ID when type is User
__out[0]	user.target.name
Vendor.client.userAgent.rawUserAgent	user_agent.original	Raw user agent string

Enter search term

	
		OSZAR »