You're viewing version 2.16 of the OpenSearch documentation. This version is no longer maintained. For the latest version, see the current documentation. For information about OpenSearch version maintenance, see Release Schedule and Maintenance Policy.

Network

The network log type records events that happen in a system’s network, such as login attempts and application events.

The following code snippet contains all the raw_field and ecs mappings for this log type:

 "mappings": [
    {
      "raw_field":"action",
      "ecs":"netflow.firewall_event"
    },
    {
      "raw_field":"certificate.serial",
      "ecs":"zeek.x509.certificate.serial"
    },
    {
      "raw_field":"name",
      "ecs":"zeek.smb_files.name"
    },
    {
      "raw_field":"path",
      "ecs":"zeek.smb_files.path"
    },
    {
      "raw_field":"dst_port",
      "ecs":"destination.port"
    },
    {
      "raw_field":"qtype_name",
      "ecs":"zeek.dns.qtype_name"
    },
    {
      "raw_field":"operation",
      "ecs":"zeek.dce_rpc.operation"
    },
    {
      "raw_field":"endpoint",
      "ecs":"zeek.dce_rpc.endpoint"
    },
    {
      "raw_field":"zeek.dce_rpc.endpoint",
      "ecs":"zeek.dce_rpc.endpoint"
    },
    {
      "raw_field":"answers",
      "ecs":"zeek.dns.answers"
    },
    {
      "raw_field":"query",
      "ecs":"zeek.dns.query"
    },
    {
      "raw_field":"client_header_names",
      "ecs":"zeek.http.client_header_names"
    },
    {
      "raw_field":"resp_mime_types",
      "ecs":"zeek.http.resp_mime_types"
    },
    {
      "raw_field":"cipher",
      "ecs":"zeek.kerberos.cipher"
    },
    {
      "raw_field":"request_type",
      "ecs":"zeek.kerberos.request_type"
    },
    {
      "raw_field":"creationTime",
      "ecs":"timestamp"
    },
    {
      "raw_field":"method",
      "ecs":"http.request.method"
    },
    {
      "raw_field":"id.resp_p",
      "ecs":"id.resp_p"
    },
    {
      "raw_field":"blocked",
      "ecs":"blocked-flag"
    },
    {
      "raw_field":"id.orig_h",
      "ecs":"id.orig_h"
    },
    {
      "raw_field":"Z",
      "ecs":"Z-flag"
    },
    {
      "raw_field":"id.resp_h",
      "ecs":"id.resp_h"
    },
    {
      "raw_field":"uri",
      "ecs":"url.path"
    },
    {
      "raw_field":"c-uri",
      "ecs":"url.path"
    },
    {
      "raw_field":"c-useragent",
      "ecs":"user_agent.name"
    },
    {
      "raw_field":"status_code",
      "ecs":"http.response.status_code"
    },
    {
      "raw_field":"rejected",
      "ecs":"rejected"
    },
    {
      "raw_field":"dst_ip",
      "ecs":"destination.ip"
    },
    {
      "raw_field":"src_ip",
      "ecs":"source.ip"
    },
    {
      "raw_field":"user_agent",
      "ecs":"user_agent.name"
    },
    {
      "raw_field":"request_body_len",
      "ecs":"http.request.body.bytes"
    },
    {
      "raw_field":"service",
      "ecs":"service"
    }
  ]

WAS THIS PAGE HELPFUL?

✔ Yes ✖ No

Tell us why

350 characters left

Have a question? Ask us on the OpenSearch forum.

Want to contribute? Edit this page or create an issue.

Network

OpenSearch Links

Get Involved

Resources

Contact Us