summaryrefslogtreecommitdiff
path: root/testSchemaFiles/sys_packet_capture_event.json
diff options
context:
space:
mode:
Diffstat (limited to 'testSchemaFiles/sys_packet_capture_event.json')
-rw-r--r--testSchemaFiles/sys_packet_capture_event.json941
1 files changed, 941 insertions, 0 deletions
diff --git a/testSchemaFiles/sys_packet_capture_event.json b/testSchemaFiles/sys_packet_capture_event.json
new file mode 100644
index 0000000..d056222
--- /dev/null
+++ b/testSchemaFiles/sys_packet_capture_event.json
@@ -0,0 +1,941 @@
+{
+ "type": "record",
+ "name": "sys_packet_capture_event",
+ "namespace": "tsg_galaxy_v3",
+ "doc": {
+ "primary_key": "common_log_id",
+ "partition_key": "common_recv_time",
+ "index_key": [
+ "common_log_id",
+ "common_recv_time",
+ "common_policy_id"
+ ]
+ },
+ "fields": [
+ {
+ "name": "common_recv_time",
+ "type": "long",
+ "doc": {
+ "constraints": {
+ "type": "timestamp"
+ },
+ "format": {
+ "functions": "current_timestamp"
+ },
+ "visibility": "enabled"
+ },
+ "label": "Receive Time"
+ },
+ {
+ "name": "common_log_id",
+ "type": "long",
+ "doc": {
+ "format": {
+ "functions": "snowflake_id"
+ },
+ "visibility": "enabled"
+ },
+ "label": "Log ID"
+ },
+ {
+ "name": "common_policy_id",
+ "type": "long",
+ "doc": {
+ "visibility": "hidden"
+ },
+ "label": "Policy ID"
+ },
+ {
+ "name": "common_subscriber_id",
+ "type": "string",
+ "doc": {
+ "visibility": "enabled"
+ },
+ "label": "Subscriber ID"
+ },
+ {
+ "name": "common_imei",
+ "type": "string",
+ "doc": {
+ "visibility": "disabled"
+ },
+ "label": "IMEI"
+ },
+ {
+ "name": "common_imsi",
+ "type": "string",
+ "doc": {
+ "visibility": "disabled"
+ },
+ "label": "IMSI"
+ },
+ {
+ "name": "common_phone_number",
+ "type": "string",
+ "doc": {
+ "visibility": "disabled"
+ },
+ "label": "Phone Number"
+ },
+ {
+ "name": "common_client_ip",
+ "type": "string",
+ "doc": {
+ "constraints": {
+ "type": "ip"
+ },
+ "visibility": "enabled"
+ },
+ "label": "Client IP"
+ },
+ {
+ "name": "common_internal_ip",
+ "type": "string",
+ "doc": {
+ "constraints": {
+ "type": "ip"
+ },
+ "visibility": "enabled"
+ },
+ "label": "Internal IP"
+ },
+ {
+ "name": "common_client_port",
+ "type": "int",
+ "doc": {
+ "visibility": "enabled"
+ },
+ "label": "Client Port"
+ },
+ {
+ "name": "common_l4_protocol",
+ "type": "string",
+ "doc": {
+ "visibility": "enabled"
+ },
+ "label": "L4 Protocol"
+ },
+ {
+ "name": "common_address_type",
+ "type": "int",
+ "doc": {
+ "data": [
+ {
+ "code": "4",
+ "value": "ipv4"
+ },
+ {
+ "code": "6",
+ "value": "ipv6"
+ }
+ ],
+ "visibility": "enabled"
+ },
+ "label": "Address Type"
+ },
+ {
+ "name": "common_server_ip",
+ "type": "string",
+ "doc": {
+ "constraints": {
+ "type": "ip"
+ },
+ "visibility": "enabled"
+ },
+ "label": "Server IP"
+ },
+ {
+ "name": "common_server_port",
+ "type": "int",
+ "doc": {
+ "visibility": "enabled"
+ },
+ "label": "Server Port"
+ },
+ {
+ "name": "common_external_ip",
+ "type": "string",
+ "doc": {
+ "constraints": {
+ "type": "ip"
+ },
+ "visibility": "enabled"
+ },
+ "label": "External IP"
+ },
+ {
+ "name": "common_action",
+ "type": "int",
+ "doc": {
+ "data": [
+ {
+ "code": "0",
+ "value": "None"
+ },
+ {
+ "code": "1",
+ "value": "Monitor"
+ },
+ {
+ "code": "2",
+ "value": "Intercept"
+ },
+ {
+ "code": "16",
+ "value": "Deny"
+ },
+ {
+ "code": "128",
+ "value": "Allow"
+ }
+ ],
+ "visibility": "enabled"
+ },
+ "label": "Action"
+ },
+ {
+ "name": "common_direction",
+ "type": "int",
+ "doc": {
+ "data": [
+ {
+ "code": "69",
+ "value": "outbound"
+ },
+ {
+ "code": "73",
+ "value": "inbound"
+ }
+ ],
+ "visibility": "enabled"
+ },
+ "label": "Direction"
+ },
+ {
+ "name": "common_entrance_id",
+ "type": "int",
+ "doc": {
+ "visibility": "disabled"
+ },
+ "label": "Entrance ID"
+ },
+ {
+ "name": "common_sled_ip",
+ "type": "string",
+ "doc": {
+ "constraints": {
+ "type": "ip"
+ },
+ "visibility": "enabled"
+ },
+ "label": "Sled IP"
+ },
+ {
+ "name": "common_client_location",
+ "type": "string",
+ "doc": {
+ "visibility": "enabled"
+ },
+ "label": "Client Location"
+ },
+ {
+ "name": "common_client_asn",
+ "type": "string",
+ "doc": {
+ "visibility": "enabled"
+ },
+ "label": "Client ASN"
+ },
+ {
+ "name": "common_server_location",
+ "type": "string",
+ "doc": {
+ "visibility": "enabled"
+ },
+ "label": "Server Location"
+ },
+ {
+ "name": "common_server_asn",
+ "type": "string",
+ "doc": {
+ "visibility": "enabled"
+ },
+ "label": "Server ASN"
+ },
+ {
+ "name": "common_sessions",
+ "type": "long",
+ "doc": {
+ "visibility": "enabled"
+ },
+ "label": "Sessions"
+ },
+ {
+ "name": "common_c2s_pkt_num",
+ "type": "long",
+ "doc": {
+ "visibility": "enabled"
+ },
+ "label": "Packets Sent"
+ },
+ {
+ "name": "common_s2c_pkt_num",
+ "type": "long",
+ "doc": {
+ "visibility": "enabled"
+ },
+ "label": "Packets Received"
+ },
+ {
+ "name": "common_c2s_byte_num",
+ "type": "long",
+ "doc": {
+ "visibility": "enabled"
+ },
+ "label": "Bytes Sent"
+ },
+ {
+ "name": "common_s2c_byte_num",
+ "type": "long",
+ "doc": {
+ "visibility": "enabled"
+ },
+ "label": "Bytes Received"
+ },
+ {
+ "name": "common_c2s_pkt_diff",
+ "label": "Packets Sent (Delta)",
+ "doc": {
+ "visibility": "hidden"
+ },
+ "type": "long"
+ },
+ {
+ "name": "common_s2c_pkt_diff",
+ "label": "Packets Received (Delta)",
+ "doc": {
+ "visibility": "hidden"
+ },
+ "type": "long"
+ },
+ {
+ "name": "common_c2s_byte_diff",
+ "label": "Bytes Sent (Delta)",
+ "doc": {
+ "visibility": "hidden"
+ },
+ "type": "long"
+ },
+ {
+ "name": "common_s2c_byte_diff",
+ "label": "Bytes Received (Delta)",
+ "doc": {
+ "visibility": "hidden"
+ },
+ "type": "long"
+ },
+ {
+ "name": "common_service",
+ "type": "int",
+ "doc": {
+ "visibility": "disabled"
+ },
+ "label": "Service"
+ },
+ {
+ "name": "common_schema_type",
+ "type": "string",
+ "doc": {
+ "data": [
+ {
+ "code": "BASE",
+ "value": "BASE"
+ },
+ {
+ "code": "HTTP",
+ "value": "HTTP"
+ },
+ {
+ "code": "MAIL",
+ "value": "MAIL"
+ },
+ {
+ "code": "DNS",
+ "value": "DNS"
+ },
+ {
+ "code": "SSL",
+ "value": "SSL"
+ },
+ {
+ "code": "FTP",
+ "value": "FTP"
+ }
+ ],
+ "visibility": "hidden"
+ },
+ "label": "Schema Type"
+ },
+ {
+ "name": "common_user_tags",
+ "type": "string",
+ "doc": {
+ "visibility": "disabled"
+ },
+ "label": "User Tags"
+ },
+ {
+ "name": "common_sub_action",
+ "type": "string",
+ "doc": {
+ "data": [
+ {
+ "code": "allow",
+ "value": "Allow"
+ },
+ {
+ "code": "deny",
+ "value": "Deny"
+ },
+ {
+ "code": "monitor",
+ "value": "Monitor"
+ },
+ {
+ "code": "replace",
+ "value": "Replace"
+ },
+ {
+ "code": "redirect",
+ "value": "Redirect"
+ },
+ {
+ "code": "insert",
+ "value": "Insert"
+ },
+ {
+ "code": "hijack",
+ "value": "Hijack"
+ }
+ ],
+ "visibility": "hidden"
+ },
+ "label": "Sub Action"
+ },
+ {
+ "name": "common_user_region",
+ "type": "string",
+ "doc": {
+ "visibility": "hidden"
+ },
+ "label": "User Region"
+ },
+ {
+ "name": "common_device_id",
+ "type": "string",
+ "doc": {
+ "visibility": "enabled"
+ },
+ "label": "Device ID"
+ },
+ {
+ "name": "common_egress_link_id",
+ "label": "Egress Link ID",
+ "doc": {
+ "visibility": "hidden"
+ },
+ "type": "int"
+ },
+ {
+ "name": "common_ingress_link_id",
+ "label": "Ingress Link ID",
+ "doc": {
+ "visibility": "hidden"
+ },
+ "type": "int"
+ },
+ {
+ "name": "common_isp",
+ "type": "string",
+ "doc": {
+ "visibility": "disabled"
+ },
+ "label": "ISP"
+ },
+ {
+ "name": "common_device_tag",
+ "type": "string",
+ "doc": {
+ "visibility": "hidden",
+ "format": {
+ "functions": "flattenSpec,flattenSpec",
+ "appendTo": "common_data_center,common_device_group",
+ "param": "$.tags[?(@.tag=='data_center')].value,$.tags[?(@.tag=='device_group')].value"
+ }
+ },
+ "label": "Device Tag"
+ },
+ {
+ "name": "common_data_center",
+ "label": "Data Center",
+ "doc": {
+ "constraints": {
+ "operator_functions": "=,!="
+ },
+ "data": {
+ "$ref": "device_tag.json#",
+ "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']",
+ "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']"
+ },
+ "visibility": "enabled"
+ },
+ "type": "string"
+ },
+ {
+ "name": "common_device_group",
+ "label": "Device Group",
+ "doc": {
+ "constraints": {
+ "operator_functions": "=,!="
+ },
+ "data": {
+ "$ref": "device_tag.json#",
+ "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']",
+ "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']"
+ },
+ "visibility": "enabled"
+ },
+ "type": "string"
+ },
+ {
+ "name": "common_app_behavior",
+ "label": "Application Behavior",
+ "doc": {
+ "visibility": "hidden"
+ },
+ "type": "string"
+ },
+ {
+ "name": "common_encapsulation",
+ "type": "int",
+ "doc": {
+ "data": [
+ {
+ "code": "0",
+ "value": "Ethernet"
+ },
+ {
+ "code": "8",
+ "value": "PPP"
+ },
+ {
+ "code": "12",
+ "value": "CiscoHDLC"
+ }
+ ],
+ "visibility": "enabled"
+ },
+ "label": "Encapsulation"
+ },
+ {
+ "name": "common_app_label",
+ "type": "string",
+ "doc": {
+ "visibility": "disabled"
+ },
+ "label": "Application Label"
+ },
+ {
+ "name": "common_tunnels",
+ "type": "string",
+ "doc": {
+ "visibility": "hidden"
+ },
+ "label": "Tunnels"
+ },
+ {
+ "name": "common_protocol_label",
+ "type": "string",
+ "doc": {
+ "visibility": "hidden"
+ },
+ "label": "Protocol Label"
+ },
+ {
+ "name": "common_app_id",
+ "type": "string",
+ "label": "Application ID",
+ "doc": {
+ "visibility": "hidden"
+ }
+ },
+ {
+ "name": "common_userdefine_app_name",
+ "label": "User Define App Name",
+ "type": "string",
+ "doc": {
+ "visibility": "hidden"
+ }
+ },
+ {
+ "name": "common_app_identify_info",
+ "label": "App Identity Info",
+ "doc": {
+ "visibility": "hidden"
+ },
+ "type": "string"
+ },
+ {
+ "name": "common_app_surrogate_id",
+ "type": "string",
+ "label": "Surrogate ID",
+ "doc": {
+ "visibility": "hidden"
+ }
+ },
+ {
+ "name": "common_l7_protocol",
+ "type": "string",
+ "doc": {
+ "visibility": "enabled"
+ },
+ "label": "L7 Protocol"
+ },
+ {
+ "name": "common_service_category",
+ "label": "FQDN Category",
+ "doc": {
+ "visibility": "enabled"
+ },
+ "type": {
+ "type": "array",
+ "items": "int"
+ }
+ },
+ {
+ "name": "common_start_time",
+ "type": "long",
+ "doc": {
+ "constraints": {
+ "type": "timestamp"
+ },
+ "visibility": "hidden"
+ },
+ "label": "Start Time"
+ },
+ {
+ "name": "common_end_time",
+ "type": "long",
+ "doc": {
+ "constraints": {
+ "type": "timestamp"
+ },
+ "visibility": "hidden"
+ },
+ "label": "End Time"
+ },
+ {
+ "name": "common_establish_latency_ms",
+ "type": "long",
+ "doc": {
+ "visibility": "hidden"
+ },
+ "label": "TCP Handshake Latency (ms)"
+ },
+ {
+ "name": "common_con_duration_ms",
+ "type": "long",
+ "doc": {
+ "visibility": "hidden"
+ },
+ "label": "Duration (ms)"
+ },
+ {
+ "name": "common_stream_dir",
+ "type": "int",
+ "doc": {
+ "data": [
+ {
+ "code": "1",
+ "value": "c2s"
+ },
+ {
+ "code": "2",
+ "value": "s2c"
+ },
+ {
+ "code": "3",
+ "value": "double"
+ }
+ ],
+ "visibility": "enabled"
+ },
+ "label": "Stream Direction"
+ },
+ {
+ "name": "common_address_list",
+ "type": "string",
+ "doc": {
+ "visibility": "disabled"
+ },
+ "label": "Address List"
+ },
+ {
+ "name": "common_has_dup_traffic",
+ "type": "int",
+ "doc": {
+ "data": [
+ {
+ "code": "0",
+ "value": "No"
+ },
+ {
+ "code": "1",
+ "value": "Yes"
+ }
+ ],
+ "visibility": "hidden"
+ },
+ "label": "Duplication Traffic"
+ },
+ {
+ "name": "common_stream_error",
+ "type": "string",
+ "doc": {
+ "visibility": "hidden"
+ },
+ "label": "Stream Error"
+ },
+ {
+ "name": "common_stream_trace_id",
+ "type": "long",
+ "doc": {
+ "visibility": "enabled"
+ },
+ "label": "Session ID"
+ },
+ {
+ "name": "common_link_info_c2s",
+ "type": "string",
+ "doc": {
+ "visibility": "hidden"
+ },
+ "label": "Link Info (c2s)"
+ },
+ {
+ "name": "common_link_info_s2c",
+ "type": "string",
+ "doc": {
+ "visibility": "hidden"
+ },
+ "label": "Link Info (s2c)"
+ },
+ {
+ "name": "common_packet_capture_file",
+ "label": "Packet Capture File",
+ "doc": {
+ "visibility": "hidden",
+ "constraints": {
+ "type": "file"
+ }
+ },
+ "type": "string"
+ },
+ {
+ "name": "common_c2s_ipfrag_num",
+ "type": "long",
+ "doc": {
+ "visibility": "hidden"
+ },
+ "label": "Fragmentation Packets (c2s)"
+ },
+ {
+ "name": "common_s2c_ipfrag_num",
+ "type": "long",
+ "doc": {
+ "visibility": "hidden"
+ },
+ "label": "Fragmentation Packets (s2c)"
+ },
+ {
+ "name": "common_c2s_tcp_lostlen",
+ "type": "long",
+ "doc": {
+ "visibility": "hidden"
+ },
+ "label": "Sequence Gap Loss (c2s)"
+ },
+ {
+ "name": "common_s2c_tcp_lostlen",
+ "type": "long",
+ "doc": {
+ "visibility": "hidden"
+ },
+ "label": "Sequence Gap Loss (s2c)"
+ },
+ {
+ "name": "common_c2s_tcp_unorder_num",
+ "type": "long",
+ "doc": {
+ "visibility": "hidden"
+ },
+ "label": "Unordered Packets (c2s)"
+ },
+ {
+ "name": "common_s2c_tcp_unorder_num",
+ "type": "long",
+ "doc": {
+ "visibility": "hidden"
+ },
+ "label": "Unordered Packets (s2c)"
+ },
+ {
+ "name": "common_c2s_pkt_retrans",
+ "type": "long",
+ "doc": {
+ "visibility": "enabled"
+ },
+ "label": "Packet Retransmission (c2s)"
+ },
+ {
+ "name": "common_s2c_pkt_retrans",
+ "type": "long",
+ "doc": {
+ "visibility": "enabled"
+ },
+ "label": "Packet Retransmission (s2c)"
+ },
+ {
+ "name": "common_c2s_byte_retrans",
+ "type": "long",
+ "doc": {
+ "visibility": "enabled"
+ },
+ "label": "Byte Retransmission (c2s)"
+ },
+ {
+ "name": "common_s2c_byte_retrans",
+ "type": "long",
+ "doc": {
+ "visibility": "enabled"
+ },
+ "label": "Byte Retransmission (s2c)"
+ },
+ {
+ "name": "common_tcp_client_isn",
+ "label": "TCP Client ISN",
+ "doc": {
+ "visibility": "disabled"
+ },
+ "type": "long"
+ },
+ {
+ "name": "common_tcp_server_isn",
+ "label": "TCP Server ISN",
+ "doc": {
+ "visibility": "disabled"
+ },
+ "type": "long"
+ },
+ {
+ "name": "common_first_ttl",
+ "type": "int",
+ "doc": {
+ "visibility": "hidden"
+ },
+ "label": "First TTL"
+ },
+ {
+ "name": "common_processing_time",
+ "type": "long",
+ "doc": {
+ "constraints": {
+ "type": "timestamp"
+ },
+ "format": {
+ "functions": "current_timestamp"
+ },
+ "visibility": "enabled"
+ },
+ "label": "Processing Time"
+ },
+ {
+ "name": "common_ingestion_time",
+ "label": "Ingestion Time",
+ "doc": {
+ "constraints": {
+ "type": "timestamp"
+ },
+ "format": {
+ "functions": "ingestion_time"
+ },
+ "visibility": "enabled"
+ },
+ "type": "long"
+ },
+ {
+ "name": "common_mirrored_pkts",
+ "label": "Mirrored Packets",
+ "type": "long",
+ "doc": {
+ "visibility": "hidden"
+ }
+ },
+ {
+ "name": "common_mirrored_bytes",
+ "label": "Mirrored Bytes",
+ "type": "long",
+ "doc": {
+ "visibility": "hidden"
+ }
+ },
+ {
+ "name": "nic_name",
+ "type": "string",
+ "doc": {
+ "visibility": "enabled"
+ },
+ "label": "Nic Name"
+ },
+ {
+ "name": "origin_source_mac",
+ "type": "string",
+ "doc": {
+ "visibility": "enabled"
+ },
+ "label": "Origin Source Mac"
+ },
+ {
+ "name": "origin_dest_mac",
+ "type": "string",
+ "doc": {
+ "visibility": "enabled"
+ },
+ "label": "Origin Dest Mac"
+ },
+ {
+ "name": "packet_url",
+ "type": "string",
+ "doc": {
+ "visibility": "enabled"
+ },
+ "label": "Packet URL"
+ },
+ {
+ "name": "pcap_storage_task_id",
+ "type": "int",
+ "doc": {
+ "visibility": "enabled"
+ },
+ "label": "Task ID"
+ },
+ {
+ "name": "pcap_storage_duration",
+ "type": "int",
+ "doc": {
+ "visibility": "enabled"
+ },
+ "label": "Duration"
+ }
+ ]
+} \ No newline at end of file
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-30 15:30:26 +0000