diff options
Diffstat (limited to 'testSchemaFiles/transaction_record.json')
| -rw-r--r-- | testSchemaFiles/transaction_record.json | 2551 |
1 files changed, 2551 insertions, 0 deletions
diff --git a/testSchemaFiles/transaction_record.json b/testSchemaFiles/transaction_record.json new file mode 100644 index 0000000..9a09344 --- /dev/null +++ b/testSchemaFiles/transaction_record.json @@ -0,0 +1,2551 @@ +{ + "type":"record", + "name":"transaction_record", + "namespace":"tsg_galaxy_v3", + "doc": + { + "primary_key":"common_stream_trace_id", + "partition_key":"common_recv_time", + "ttl":null, + "default_ttl":2592000, + "index_key": + [ + "common_stream_trace_id", + "common_recv_time", + "common_data_center" + ], + "functions": + { + "$ref":"public_schema_info.json#/functions" + }, + "schema_query": + { + "dimensions": + [ + "common_server_ip", + "common_client_ip", + "common_internal_ip", + "common_external_ip", + "common_sled_ip", + "common_device_id", + "common_client_location", + "common_server_location", + "common_subscriber_id", + "common_client_port", + "common_server_port", + "common_schema_type", + "common_l4_protocol", + "common_l7_protocol", + "common_data_center", + "common_device_group", + "common_app_behavior", + "common_client_asn", + "common_server_asn", + "common_start_time", + "common_end_time", + "common_imei", + "common_imsi", + "common_phone_number", + "http_host", + "http_domain", + "http_url" + ], + "metrics": + [ + "common_server_ip", + "common_client_ip", + "common_internal_ip", + "common_external_ip", + "common_subscriber_id", + "common_sled_ip", + "common_device_id", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_sessions", + "common_con_duration_ms", + "common_establish_latency_ms", + "common_c2s_ipfrag_num", + "common_s2c_ipfrag_num", + "common_c2s_tcp_lostlen", + "common_s2c_tcp_lostlen", + "common_c2s_tcp_unorder_num", + "common_s2c_tcp_unorder_num", + "common_imei", + "common_imsi", + "common_phone_number", + "http_host", + "http_domain", + "http_url" + ], + "filters": + [ + "common_address_type", + "common_server_ip", + "common_client_ip", + "common_internal_ip", + "common_external_ip", + "common_client_port", + "common_server_port", + "common_client_location", + "common_server_location", + "common_subscriber_id", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_c2s_ipfrag_num", + "common_s2c_ipfrag_num", + "common_c2s_tcp_lostlen", + "common_s2c_tcp_lostlen", + "common_c2s_tcp_unorder_num", + "common_s2c_tcp_unorder_num", + "common_l4_protocol", + "common_l7_protocol", + "common_stream_dir", + "common_direction", + "common_data_center", + "common_device_group", + "common_app_behavior", + "common_sled_ip", + "common_device_id", + "common_schema_type", + "common_client_asn", + "common_server_asn", + "common_start_time", + "common_end_time", + "common_con_duration_ms", + "common_establish_latency_ms", + "common_imei", + "common_imsi", + "common_phone_number", + "http_host", + "http_domain", + "http_url" + ], + "references": + { + "$ref":"public_schema_info.json#/schema_query/references" + }, + "details": + { + "general": + [ + "common_recv_time", + "common_log_id", + "common_stream_trace_id", + "common_address_type", + "common_schema_type", + "common_direction", + "common_stream_dir", + "common_start_time", + "common_end_time", + "common_con_duration_ms", + "common_establish_latency_ms", + "common_processing_time", + "common_ingestion_time", + "common_entrance_id", + "common_device_id", + "common_egress_link_id", + "common_ingress_link_id", + "common_isp", + "common_data_center", + "common_device_group", + "common_sled_ip" + ], + "source": + [ + "common_client_ip", + "common_internal_ip", + "common_client_port", + "common_client_location", + "common_client_asn", + "common_subscriber_id", + "common_imei", + "common_imsi", + "common_phone_number" + ], + "destination": + [ + "common_server_ip", + "common_external_ip", + "common_server_port", + "common_server_location", + "common_server_asn" + ], + "application": + [ + "common_app_id", + "common_userdefine_app_name", + "common_app_identify_info", + "common_app_label", + "common_app_surrogate_id", + "common_l7_protocol", + "common_protocol_label", + "common_service_category", + "common_service", + "common_l4_protocol", + "common_app_behavior" + ], + "transmission": + [ + "common_sessions", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_c2s_pkt_diff", + "common_s2c_pkt_diff", + "common_c2s_byte_diff", + "common_s2c_byte_diff", + "common_c2s_ipfrag_num", + "common_s2c_ipfrag_num", + "common_c2s_tcp_lostlen", + "common_s2c_tcp_lostlen", + "common_c2s_tcp_unorder_num", + "common_s2c_tcp_unorder_num", + "common_c2s_pkt_retrans", + "common_s2c_pkt_retrans", + "common_c2s_byte_retrans", + "common_s2c_byte_retrans", + "common_first_ttl", + "common_tcp_client_isn", + "common_tcp_server_isn", + "common_mirrored_pkts", + "common_mirrored_bytes" + ], + "other": + [ + "common_device_tag", + "common_encapsulation", + "common_tunnels", + "common_address_list", + "common_has_dup_traffic", + "common_stream_error", + "common_link_info_c2s", + "common_link_info_s2c", + "common_packet_capture_file", + "common_action", + "common_sub_action", + "common_policy_id", + "common_user_tags", + "common_user_region" + ] + + } + + }, + "schema_type": + { + "BASE": + { + "$ref":"public_schema_info.json#/schema_type/BASE" + }, + "HTTP": + { + "$ref":"public_schema_info.json#/schema_type/HTTP" + }, + "MAIL": + { + "$ref":"public_schema_info.json#/schema_type/MAIL" + }, + "DNS": + { + "$ref":"public_schema_info.json#/schema_type/DNS" + }, + "SSL": + { + "$ref":"public_schema_info.json#/schema_type/SSL" + }, + "QUIC": + { + "$ref":"public_schema_info.json#/schema_type/QUIC" + }, + "FTP": + { + "$ref":"public_schema_info.json#/schema_type/FTP" + }, + "BGP": + { + "$ref":"public_schema_info.json#/schema_type/BGP" + }, + "SIP": + { + "$ref":"public_schema_info.json#/schema_type/SIP" + }, + "RTP": + { + "$ref":"public_schema_info.json#/schema_type/RTP" + }, + "APP": + { + "$ref":"public_schema_info.json#/schema_type/APP" + } + + }, + "default_columns": + [ + "common_recv_time", + "common_log_id", + "common_subscriber_id", + "common_client_ip", + "common_server_ip", + "common_server_port", + "common_schema_type" + ], + "internal_columns": + [ + "common_recv_time", + "common_log_id", + "common_processing_time", + "common_ingestion_time", + "common_tunnels", + "common_packet_capture_file", + "http_request_body", + "http_response_body" + ], + "tunnel_type": + { + "$ref":"public_schema_info.json#/tunnel_type" + } + + }, + "fields": + [ + { + "name":"common_recv_time", + "type":"long", + "doc": + { + "constraints": + { + "type":"timestamp" + }, + "visibility":"enabled", + "ttl":null + }, + "label":"Receive Time" + }, + { + "name":"common_log_id", + "type":"long", + "doc": + { + "format": + { + "functions":"snowflake_id" + }, + "visibility":"enabled", + "ttl":null + }, + "label":"Log ID" + }, + { + "name":"common_policy_id", + "type":"long", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "label":"Policy ID" + }, + { + "name":"common_subscriber_id", + "type":"string", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"Subscriber ID" + }, + { + "name":"common_imei", + "type":"string", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"IMEI" + }, + { + "name":"common_imsi", + "type":"string", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"IMSI" + }, + { + "name":"common_phone_number", + "type":"string", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"Phone Number" + }, + { + "name":"common_client_ip", + "type":"string", + "doc": + { + "constraints": + { + "type":"ip" + }, + "format": + { + "functions":"geo_asn,radius_match", + "appendTo":"common_client_asn,common_subscriber_id" + }, + "visibility":"enabled", + "ttl":null + }, + "label":"Client IP" + }, + { + "name":"common_internal_ip", + "type":"string", + "doc": + { + "constraints": + { + "type":"ip" + }, + "format": + { + "functions":"if", + "param":"$.common_direction=69,$.common_client_ip,$.common_server_ip" + }, + "visibility":"enabled", + "ttl":null + }, + "label":"Internal IP" + }, + { + "name":"common_client_port", + "type":"int", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"Client Port" + }, + { + "name":"common_l4_protocol", + "type":"string", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"L4 Protocol" + }, + { + "name":"common_address_type", + "type":"int", + "doc": + { + "constraints": + { + "operator_functions":"=,!=" + }, + "data": + [ + { + "code":"4", + "value":"ipv4" + }, + { + "code":"6", + "value":"ipv6" + } + + ], + "visibility":"enabled", + "ttl":null + }, + "label":"Address Type" + }, + { + "name":"common_server_ip", + "type":"string", + "doc": + { + "constraints": + { + "type":"ip" + }, + "format": + { + "functions":"geo_asn", + "appendTo":"common_server_asn" + }, + "visibility":"enabled", + "ttl":null + }, + "label":"Server IP" + }, + { + "name":"common_server_port", + "type":"int", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"Server Port" + }, + { + "name":"common_external_ip", + "type":"string", + "doc": + { + "constraints": + { + "type":"ip" + }, + "format": + { + "functions":"if", + "param":"$.common_direction=73,$.common_client_ip,$.common_server_ip" + }, + "visibility":"enabled", + "ttl":null + }, + "label":"External IP" + }, + { + "name":"common_action", + "type":"int", + "doc": + { + "visibility":"hidden", + "constraints": + { + "operator_functions":"=,!=" + }, + "data": + [ + { + "code":"0", + "value":"None" + }, + { + "code":"1", + "value":"Monitor" + }, + { + "code":"2", + "value":"Intercept" + }, + { + "code":"16", + "value":"Deny" + }, + { + "code":"128", + "value":"Allow" + } + + ], + "ttl":null + }, + "label":"Action" + }, + { + "name":"common_direction", + "type":"int", + "doc": + { + "constraints": + { + "operator_functions":"=,!=" + }, + "data": + [ + { + "code":"69", + "value":"outbound" + }, + { + "code":"73", + "value":"inbound" + } + + ], + "visibility":"enabled", + "ttl":null + }, + "label":"Direction" + }, + { + "name":"common_entrance_id", + "type":"int", + "doc": + { + "visibility":"disabled", + "ttl":null + }, + "label":"Entrance ID" + }, + { + "name":"common_sled_ip", + "type":"string", + "doc": + { + "constraints": + { + "type":"ip" + }, + "visibility":"enabled", + "ttl":null + }, + "label":"Sled IP" + }, + { + "name":"common_client_location", + "type":"string", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"Client Location" + }, + { + "name":"common_client_asn", + "type":"string", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"Client ASN" + }, + { + "name":"common_server_location", + "type":"string", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"Server Location" + }, + { + "name":"common_server_asn", + "type":"string", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"Server ASN" + }, + { + "name":"common_sessions", + "type":"long", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"Sessions" + }, + { + "name":"common_c2s_pkt_num", + "type":"long", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"Packets Sent" + }, + { + "name":"common_s2c_pkt_num", + "type":"long", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"Packets Received" + }, + { + "name":"common_c2s_byte_num", + "type":"long", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"Bytes Sent" + }, + { + "name":"common_s2c_byte_num", + "type":"long", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"Bytes Received" + }, + { + "name":"common_c2s_pkt_diff", + "type":"long", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "label":"Packets Sent (Delta)" + }, + { + "name":"common_s2c_pkt_diff", + "type":"long", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "label":"Packets Received (Delta)" + }, + { + "name":"common_c2s_byte_diff", + "type":"long", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "label":"Bytes Sent (Delta)" + }, + { + "name":"common_s2c_byte_diff", + "type":"long", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "label":"Bytes Received (Delta)" + }, + { + "name":"common_service", + "type":"int", + "doc": + { + "visibility":"disabled", + "ttl":null + }, + "label":"Service" + }, + { + "name":"common_schema_type", + "type":"string", + "doc": + { + "constraints": + { + "operator_functions":"=,!=" + }, + "data": + [ + { + "code":"BASE", + "value":"BASE" + }, + { + "code":"DNS", + "value":"DNS" + }, + { + "code":"HTTP", + "value":"HTTP" + }, + { + "code":"SIP", + "value":"SIP" + } + + ], + "visibility":"enabled", + "ttl":null + }, + "label":"Schema Type" + }, + { + "name":"common_user_tags", + "type":"string", + "doc": + { + "visibility":"disabled", + "ttl":null + }, + "label":"User Tags" + }, + { + "name":"common_sub_action", + "type":"string", + "doc": + { + "data": + [ + { + "code":"allow", + "value":"Allow" + }, + { + "code":"deny", + "value":"Deny" + }, + { + "code":"monitor", + "value":"Monitor" + }, + { + "code":"replace", + "value":"Replace" + }, + { + "code":"redirect", + "value":"Redirect" + }, + { + "code":"insert", + "value":"Insert" + }, + { + "code":"hijack", + "value":"Hijack" + } + + ], + "visibility":"hidden", + "ttl":null + }, + "label":"Sub Action" + }, + { + "name":"common_user_region", + "type":"string", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "label":"User Region" + }, + { + "name":"common_device_id", + "type":"string", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"Device ID" + }, + { + "name":"common_egress_link_id", + "label":"Egress Link ID", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "type":"int" + }, + { + "name":"common_ingress_link_id", + "label":"Ingress Link ID", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "type":"int" + }, + { + "name":"common_isp", + "type":"string", + "doc": + { + "visibility":"disabled", + "ttl":null + }, + "label":"ISP" + }, + { + "name":"common_device_tag", + "type":"string", + "doc": + { + "visibility":"hidden", + "format": + { + "functions":"flattenSpec,flattenSpec", + "appendTo":"common_data_center,common_device_group", + "param":"$.tags[?(@.tag=='data_center')].value,$.tags[?(@.tag=='device_group')].value" + }, + "ttl":null + }, + "label":"Device Tag" + }, + { + "name":"common_data_center", + "label":"Data Center", + "doc": + { + "constraints": + { + "operator_functions":"=,!=" + }, + "data": + { + "$ref":"device_tag.json#", + "key":"$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", + "value":"$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" + }, + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"common_device_group", + "label":"Device Group", + "doc": + { + "constraints": + { + "operator_functions":"=,!=" + }, + "data": + { + "$ref":"device_tag.json#", + "key":"$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']", + "value":"$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']" + }, + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"common_app_behavior", + "label":"Application Behavior", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"common_encapsulation", + "type":"int", + "doc": + { + "constraints": + { + "operator_functions":"=,!=" + }, + "data": + { + "$ref":"public_schema_info.json#/fields/common_encapsulation/data" + }, + "visibility":"hidden", + "ttl":null + }, + "label":"Encapsulation" + }, + { + "name":"common_app_label", + "type":"string", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"Application Label" + }, + { + "name":"common_tunnels", + "type":"string", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"Tunnels" + }, + { + "name":"common_protocol_label", + "type":"string", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"Protocol Label" + }, + { + "name":"common_app_id", + "type":"string", + "label":"Application ID", + "doc": + { + "visibility":"hidden", + "ttl":null + } + + }, + { + "name":"common_userdefine_app_name", + "label":"User Define App Name", + "type":"string", + "doc": + { + "visibility":"hidden", + "ttl":null + } + + }, + { + "name":"common_app_identify_info", + "label":"App Identity Info", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "type":"string" + }, + { + "name":"common_app_surrogate_id", + "type":"string", + "label":"Surrogate ID", + "doc": + { + "visibility":"hidden", + "ttl":null + } + + }, + { + "name":"common_l7_protocol", + "type":"string", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"L7 Protocol" + }, + { + "name":"common_service_category", + "type": + { + "type":"array", + "items":"int" + }, + "doc": + { + "constraints": + { + "operator_functions":"has" + }, + "dict_location": + { + "path":"/v1/category/dict", + "key":"categoryId", + "value":"categoryName" + }, + "visibility":"enabled", + "ttl":null + }, + "label":"FQDN Category" + }, + { + "name":"common_start_time", + "type":"long", + "doc": + { + "allow_query":"false", + "constraints": + { + "type":"timestamp" + }, + "visibility":"enabled", + "ttl":null + }, + "label":"Start Time" + }, + { + "name":"common_end_time", + "type":"long", + "doc": + { + "allow_query":"false", + "constraints": + { + "type":"timestamp" + }, + "format": + { + "functions":"get_value", + "appendTo":"common_recv_time" + }, + "visibility":"enabled", + "ttl":null + }, + "label":"End Time" + }, + { + "name":"common_establish_latency_ms", + "type":"long", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"TCP Handshake Latency (ms)" + }, + { + "name":"common_con_duration_ms", + "type":"long", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"Duration (ms)" + }, + { + "name":"common_stream_dir", + "type":"int", + "doc": + { + "constraints": + { + "operator_functions":"=,!=" + }, + "data": + [ + { + "code":"1", + "value":"c2s" + }, + { + "code":"2", + "value":"s2c" + }, + { + "code":"3", + "value":"double" + } + + ], + "visibility":"enabled", + "ttl":null + }, + "label":"Stream Direction" + }, + { + "name":"common_address_list", + "type":"string", + "doc": + { + "visibility":"disabled", + "ttl":null + }, + "label":"Address List" + }, + { + "name":"common_has_dup_traffic", + "type":"int", + "doc": + { + "constraints": + { + "operator_functions":"=,!=" + }, + "data": + { + "$ref":"public_schema_info.json#/fields/common_has_dup_traffic/data" + }, + "visibility":"hidden", + "ttl":null + }, + "label":"Duplication Traffic" + }, + { + "name":"common_stream_error", + "type":"string", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "label":"Stream Error" + }, + { + "name":"common_stream_trace_id", + "type":"long", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"Session ID" + }, + { + "name":"common_link_info_c2s", + "type":"string", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "label":"Link Info (c2s)" + }, + { + "name":"common_link_info_s2c", + "type":"string", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "label":"Link Info (s2c)" + }, + { + "name":"common_packet_capture_file", + "label":"Packet Capture File", + "doc": + { + "visibility":"hidden", + "ttl":null, + "constraints": + { + "type":"file" + } + + }, + "type":"string" + }, + { + "name":"common_c2s_ipfrag_num", + "type":"long", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"Fragmentation Packets (c2s)" + }, + { + "name":"common_s2c_ipfrag_num", + "type":"long", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"Fragmentation Packets (s2c)" + }, + { + "name":"common_c2s_tcp_lostlen", + "type":"long", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"Sequence Gap Loss (c2s)" + }, + { + "name":"common_s2c_tcp_lostlen", + "type":"long", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"Sequence Gap Loss (s2c)" + }, + { + "name":"common_c2s_tcp_unorder_num", + "type":"long", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"Unordered Packets (c2s)" + }, + { + "name":"common_s2c_tcp_unorder_num", + "type":"long", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"Unordered Packets (s2c)" + }, + { + "name":"common_c2s_pkt_retrans", + "type":"long", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"Packet Retransmission (c2s)" + }, + { + "name":"common_s2c_pkt_retrans", + "type":"long", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"Packet Retransmission (s2c)" + }, + { + "name":"common_c2s_byte_retrans", + "type":"long", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"Byte Retransmission (c2s)" + }, + { + "name":"common_s2c_byte_retrans", + "type":"long", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"Byte Retransmission (s2c)" + }, + { + "name":"common_tcp_client_isn", + "type":"long", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"TCP Client ISN" + }, + { + "name":"common_tcp_server_isn", + "type":"long", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"TCP Server ISN" + }, + { + "name":"common_first_ttl", + "type":"int", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "label":"First TTL" + }, + { + "name":"common_processing_time", + "type":"long", + "doc": + { + "constraints": + { + "type":"timestamp" + }, + "format": + { + "functions":"current_timestamp" + }, + "visibility":"enabled", + "ttl":null + }, + "label":"Processing Time" + }, + { + "name":"common_ingestion_time", + "label":"Ingestion Time", + "doc": + { + "constraints": + { + "type":"timestamp" + }, + "format": + { + "functions":"ingestion_time" + }, + "visibility":"enabled", + "ttl":null + }, + "type":"long" + }, + { + "name":"common_mirrored_pkts", + "label":"Mirrored Packets", + "type":"long", + "doc": + { + "visibility":"hidden", + "ttl":null + } + + }, + { + "name":"common_mirrored_bytes", + "label":"Mirrored Bytes", + "type":"long", + "doc": + { + "visibility":"hidden", + "ttl":null + } + + }, + { + "name":"http_url", + "type":"string", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"HTTP.URL" + }, + { + "name":"http_host", + "type":"string", + "doc": + { + "format": + { + "functions":"sub_domain", + "appendTo":"http_domain" + }, + "visibility":"enabled", + "ttl":null + }, + "label":"HTTP.Host" + }, + { + "name":"http_domain", + "type":"string", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"HTTP.Domain" + }, + { + "name":"http_request_line", + "type":"string", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "label":"HTTP.Request Line" + }, + { + "name":"http_response_line", + "type":"string", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "label":"HTTP.Response Line" + }, + { + "name":"http_request_header", + "type":"string", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "label":"HTTP.Request Headers" + }, + { + "name":"http_response_header", + "type":"string", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "label":"HTTP.Response Headers" + }, + { + "name":"http_request_content", + "type":"string", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "label":"HTTP.Request Content" + }, + { + "name":"http_request_content_length", + "label":"HTTP.Request Content Length", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"http_request_content_type", + "label":"HTTP.Request Content Type", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"http_response_content", + "type":"string", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "label":"HTTP.Response Content" + }, + { + "name":"http_response_content_length", + "label":"HTTP.Response Content Length", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"http_response_content_type", + "label":"HTTP.Response Content Type", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"http_request_body", + "type":"string", + "doc": + { + "allow_query":"false", + "constraints": + { + "type":"file" + }, + "visibility":"enabled", + "ttl":null + }, + "label":"HTTP.Request Body" + }, + { + "name":"http_response_body", + "type":"string", + "doc": + { + "allow_query":"false", + "constraints": + { + "type":"file" + }, + "visibility":"enabled", + "ttl":null + }, + "label":"HTTP.Response Body" + }, + { + "name":"http_request_body_key", + "type":"string", + "doc": + { + "visibility":"disabled", + "ttl":null + }, + "label":"HTTP.Request Body Key" + }, + { + "name":"http_response_body_key", + "type":"string", + "doc": + { + "visibility":"disabled", + "ttl":null + }, + "label":"HTTP.Response Body Key" + }, + { + "name":"http_proxy_flag", + "type":"int", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "label":"HTTP.Proxy Flag" + }, + { + "name":"http_sequence", + "type":"int", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "label":"HTTP.Sequence" + }, + { + "name":"http_snapshot", + "type":"string", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "label":"HTTP.Snapshot" + }, + { + "name":"http_cookie", + "type":"string", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"HTTP.Cookie" + }, + { + "name":"http_referer", + "type":"string", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"HTTP.Referer" + }, + { + "name":"http_user_agent", + "type":"string", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"HTTP.User Agent" + }, + { + "name":"http_content_length", + "type":"string", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "label":"HTTP.Content Length" + }, + { + "name":"http_content_type", + "type":"string", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "label":"HTTP.Content Type" + }, + { + "name":"http_set_cookie", + "type":"string", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"HTTP.Set Cookie" + }, + { + "name":"http_version", + "type":"string", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"HTTP.Version" + }, + { + "name":"http_response_latency_ms", + "type":"long", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"HTTP.Response Latency (ms)" + }, + { + "name":"http_session_duration_ms", + "type":"long", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"HTTP.Session Duration (ms)" + }, + { + "name":"http_action_file_size", + "type":"int", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"HTTP.Action File Size" + }, + { + "name":"dns_message_id", + "type":"int", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"DNS.Message ID" + }, + { + "name":"dns_qr", + "type":"int", + "doc": + { + "constraints": + { + "operator_functions":"=,!=" + }, + "data": + [ + { + "code":"0", + "value":"QUERY" + }, + { + "code":"1", + "value":"RESPONSE" + } + + ], + "visibility":"enabled", + "ttl":null + }, + "label":"DNS.QR" + }, + { + "name":"dns_opcode", + "type":"int", + "doc": + { + "constraints": + { + "operator_functions":"=,!=" + }, + "data": + [ + { + "code":"0", + "value":"QUERY" + }, + { + "code":"1", + "value":"IQUERY" + }, + { + "code":"2", + "value":"STATUS" + }, + { + "code":"5", + "value":"UPDATE" + } + + ], + "visibility":"enabled", + "ttl":null + }, + "label":"DNS.OPCODE" + }, + { + "name":"dns_aa", + "type":"int", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"DNS.AA" + }, + { + "name":"dns_tc", + "type":"int", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"DNS.TC" + }, + { + "name":"dns_rd", + "type":"int", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"DNS.RD" + }, + { + "name":"dns_ra", + "type":"int", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"DNS.RA" + }, + { + "name":"dns_rcode", + "type":"int", + "doc": + { + "data": + [ + { + "code":0, + "value":"NoError" + }, + { + "code":1, + "value":"FormErr" + }, + { + "code":2, + "value":"ServFail" + }, + { + "code":3, + "value":"NXDomain" + }, + { + "code":4, + "value":"NotImp" + }, + { + "code":5, + "value":"Refused" + }, + { + "code":6, + "value":"YXDomain" + }, + { + "code":7, + "value":"YXRRSet" + }, + { + "code":8, + "value":"NXRRSet" + }, + { + "code":9, + "value":"NotAuth" + }, + { + "code":10, + "value":"NotZone" + }, + { + "code":16, + "value":"BADSIG" + }, + { + "code":17, + "value":"BADKEY" + }, + { + "code":18, + "value":"BADTIME" + }, + { + "code":19, + "value":"BADMODE" + }, + { + "code":20, + "value":"BADNAME" + }, + { + "code":21, + "value":"BADALG" + } + + ], + "visibility":"enabled", + "ttl":null + }, + "label":"DNS.RCODE" + }, + { + "name":"dns_qdcount", + "type":"int", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"DNS.QDCOUNT" + }, + { + "name":"dns_ancount", + "type":"int", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"DNS.ANCOUNT" + }, + { + "name":"dns_nscount", + "type":"int", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"DNS.NSCOUNT" + }, + { + "name":"dns_arcount", + "type":"int", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"DNS.ARCOUNT" + }, + { + "name":"dns_qname", + "type":"string", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"DNS.QNAME" + }, + { + "name":"dns_qtype", + "type":"int", + "doc": + { + "constraints": + { + "operator_functions":"=,!=" + }, + "data": + [ + { + "code":"1", + "value":"A" + }, + { + "code":"2", + "value":"NS" + }, + { + "code":"3", + "value":"MD" + }, + { + "code":"4", + "value":"MF" + }, + { + "code":"5", + "value":"CNAME" + }, + { + "code":"6", + "value":"SOA" + }, + { + "code":"7", + "value":"MB" + }, + { + "code":"8", + "value":"MG" + }, + { + "code":"9", + "value":"MR" + }, + { + "code":"10", + "value":"NULL" + }, + { + "code":"11", + "value":"WKS" + }, + { + "code":"12", + "value":"PTR" + }, + { + "code":"13", + "value":"HINFO" + }, + { + "code":"14", + "value":"MINFO" + }, + { + "code":"15", + "value":"MX" + }, + { + "code":"16", + "value":"TXT" + }, + { + "code":"17", + "value":"RP" + }, + { + "code":"18", + "value":"AFSDB" + }, + { + "code":"19", + "value":"X25" + }, + { + "code":"20", + "value":"ISDN" + }, + { + "code":"21", + "value":"RT" + }, + { + "code":"22", + "value":"NSAP" + }, + { + "code":"23", + "value":"NSAP" + }, + { + "code":"24", + "value":"SIG" + }, + { + "code":"25", + "value":"KEY" + }, + { + "code":"26", + "value":"PX" + }, + { + "code":"27", + "value":"GPOS" + }, + { + "code":"28", + "value":"AAAA" + }, + { + "code":"29", + "value":"LOC" + }, + { + "code":"30", + "value":"EID" + }, + { + "code":"31", + "value":"NIMLOC" + }, + { + "code":"32", + "value":"NB" + }, + { + "code":"33", + "value":"SRV" + }, + { + "code":"34", + "value":"ATMA" + }, + { + "code":"35", + "value":"NAPTR" + }, + { + "code":"36", + "value":"KX" + }, + { + "code":"37", + "value":"CERT" + }, + { + "code":"38", + "value":"A6" + }, + { + "code":"39", + "value":"DNAME" + }, + { + "code":"40", + "value":"SINK" + }, + { + "code":"41", + "value":"OPT" + }, + { + "code":"42", + "value":"APL" + }, + { + "code":"43", + "value":"DS" + }, + { + "code":"44", + "value":"SSHFP" + }, + { + "code":"45", + "value":"IPSECKEY" + }, + { + "code":"46", + "value":"RRSIG" + }, + { + "code":"47", + "value":"NSEC" + }, + { + "code":"48", + "value":"DNSKEY" + }, + { + "code":"49", + "value":"DHCID" + }, + { + "code":"50", + "value":"NSEC3" + }, + { + "code":"51", + "value":"NSEC3PARAM" + }, + { + "code":"52", + "value":"TLSA" + }, + { + "code":"53", + "value":"SMIMEA" + }, + { + "code":"55", + "value":"HIP" + }, + { + "code":"59", + "value":"CDS" + }, + { + "code":"60", + "value":"CDNSKEY" + }, + { + "code":"61", + "value":"OPENPGPKEY" + }, + { + "code":"62", + "value":"CSYNC" + }, + { + "code":"63", + "value":"ZONEMD" + }, + { + "code":"64", + "value":"SVCB" + }, + { + "code":"65", + "value":"HTTPS" + }, + { + "code":"99", + "value":"SPF" + }, + { + "code":"100", + "value":"UINFO" + }, + { + "code":"101", + "value":"UID" + }, + { + "code":"102", + "value":"GID" + }, + { + "code":"103", + "value":"UNSPEC" + }, + { + "code":"108", + "value":"EUI48" + }, + { + "code":"109", + "value":"EUI64" + }, + { + "code":"249", + "value":"TKEY" + }, + { + "code":"250", + "value":"TSIG" + }, + { + "code":"251", + "value":"IXFR" + }, + { + "code":"252", + "value":"AXFR" + }, + { + "code":"253", + "value":"MAILB" + }, + { + "code":"254", + "value":"MAILA" + }, + { + "code":"255", + "value":"*" + }, + { + "code":"256", + "value":"URI" + }, + { + "code":"257", + "value":"CAA" + }, + { + "code":"32768", + "value":"TA" + }, + { + "code":"32769", + "value":"DLV" + }, + { + "code":"65521", + "value":"INTEGRITY" + } + + ], + "visibility":"enabled", + "ttl":null + }, + "label":"DNS.QTYPE" + }, + { + "name":"dns_qclass", + "type":"int", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"DNS.QCLASS" + }, + { + "name":"dns_cname", + "type":"string", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"DNS.CNAME" + }, + { + "name":"dns_sub", + "type":"int", + "doc": + { + "constraints": + { + "operator_functions":"=,!=" + }, + "data": + [ + { + "code":"1", + "value":"DNS" + }, + { + "code":"2", + "value":"DNSSEC" + } + + ], + "visibility":"enabled", + "ttl":null + }, + "label":"DNS.SUB" + }, + { + "name":"dns_rr", + "type":"string", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"DNS.RR" + }, + { + "name":"dns_response_latency_ms", + "label":"DNS.Response Latency (ms)", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"int" + }, + { + "name":"sip_call_id", + "type":"string", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"SIP.Call-ID" + }, + { + "name":"sip_originator_description", + "type":"string", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"SIP.Originator" + }, + { + "name":"sip_responder_description", + "type":"string", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"SIP.Responder" + }, + { + "name":"sip_user_agent", + "type":"string", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"SIP.User-Agent" + }, + { + "name":"sip_server", + "type":"string", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"SIP.Server" + }, + { + "name":"sip_originator_sdp_connect_ip", + "type":"string", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"SIP.Originator IP" + }, + { + "name":"sip_originator_sdp_media_port", + "type":"int", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"SIP.Originator Port" + }, + { + "name":"sip_originator_sdp_media_type", + "type":"string", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"SIP.Originator Media Type" + }, + { + "name":"sip_originator_sdp_content", + "type":"string", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"SIP.Originator Content" + }, + { + "name":"sip_responder_sdp_connect_ip", + "type":"string", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"SIP.Responder IP" + }, + { + "name":"sip_responder_sdp_media_port", + "type":"int", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"SIP.Responder Port" + }, + { + "name":"sip_responder_sdp_media_type", + "type":"string", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"SIP.Responder Media Type" + }, + { + "name":"sip_responder_sdp_content", + "type":"string", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"SIP.Responder Content" + }, + { + "name":"sip_duration_s", + "type":"int", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"SIP.Duration (s)" + }, + { + "name":"sip_bye", + "type":"string", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "label":"SIP.Bye" + } + + ] + +} |