Network
Fields describing the communication path over which the event happened.
Fields
Field Summary
| Field | Type | Level | Description |
|---|---|---|---|
network.application | keyword | Extended | Application level protocol name. |
network.bytes | long | Core | Total bytes transferred in both directions. |
network.community_id | keyword | Extended | A hash of source and destination IPs and ports. |
network.direction | keyword | Core | Direction of the network traffic. |
network.forwarded_ip | ip | Core | Host IP address when the source IP address is the proxy. |
network.iana_number | keyword | Extended | IANA Protocol Number. |
network.inner | object | Extended | Inner VLAN tag information |
network.inner.vlan.id | keyword | Extended | VLAN ID as reported by the observer. |
network.inner.vlan.name | keyword | Extended | Optional VLAN name as reported by the observer. |
network.name | keyword | Extended | Name given by operators to sections of their network. |
network.packets | long | Core | Total packets transferred in both directions. |
network.protocol | keyword | Core | Application protocol name. |
network.transport | keyword | Core | Protocol Name corresponding to the field iana_number. |
network.type | keyword | Core | In the OSI Model this would be the Network Layer. ipv4, ipv6, ipsec, pim, etc |
network.vlan.id | keyword | Extended | VLAN ID as reported by the observer. |
network.vlan.name | keyword | Extended | Optional VLAN name as reported by the observer. |
Field Details
network.application
Type: keyword
Level: Extended
Description: Application level protocol name.
Example: aim
Indexed: true
network.bytes
Type: long
Level: Core
Description: Total bytes transferred in both directions.
Example: 368
Indexed: true
network.community_id
Type: keyword
Level: Extended
Description: A hash of source and destination IPs and ports.
Example: 1:hO+sN4H+MG5MY/8hIrXPqc4ZQz0=
Indexed: true
network.direction
Type: keyword
Level: Core
Description: Direction of the network traffic.
Example: inbound
Indexed: true
network.forwarded_ip
Type: ip
Level: Core
Description: Host IP address when the source IP address is the proxy.
Example: 192.1.1.2
Indexed: true
network.iana_number
Type: keyword
Level: Extended
Description: IANA Protocol Number.
Example: 6
Indexed: true
network.inner
Type: object
Level: Extended
Description: Inner VLAN tag information
Indexed: true
network.inner.vlan.id
Type: keyword
Level: Extended
Description: VLAN ID as reported by the observer.
Example: 10
Indexed: true
network.inner.vlan.name
Type: keyword
Level: Extended
Description: Optional VLAN name as reported by the observer.
Example: outside
Indexed: true
network.name
Type: keyword
Level: Extended
Description: Name given by operators to sections of their network.
Example: Guest Wifi
Indexed: true
network.packets
Type: long
Level: Core
Description: Total packets transferred in both directions.
Example: 24
Indexed: true
network.protocol
Type: keyword
Level: Core
Description: Application protocol name.
Example: http
Indexed: true
network.transport
Type: keyword
Level: Core
Description: Protocol Name corresponding to the field iana_number.
Example: tcp
Indexed: true
network.type
Type: keyword
Level: Core
Description: In the OSI Model this would be the Network Layer. ipv4, ipv6, ipsec, pim, etc
Example: ipv4
Indexed: true
network.vlan.id
Type: keyword
Level: Extended
Description: VLAN ID as reported by the observer.
Example: 10
Indexed: true
network.vlan.name
Type: keyword
Level: Extended
Description: Optional VLAN name as reported by the observer.
Example: outside
Indexed: true