{ "type": "record", "name": "sys_packet_capture_event", "namespace": "tsg_galaxy_v3", "doc": { "primary_key": "common_log_id", "partition_key": "common_recv_time", "index_key": [ "common_log_id", "common_recv_time", "common_policy_id" ] }, "fields": [ { "name": "common_recv_time", "type": "long", "doc": { "constraints": { "type": "timestamp" }, "format": { "functions": "current_timestamp" }, "visibility": "enabled" }, "label": "Receive Time" }, { "name": "common_log_id", "type": "long", "doc": { "format": { "functions": "snowflake_id" }, "visibility": "enabled" }, "label": "Log ID" }, { "name": "common_policy_id", "type": "long", "doc": { "visibility": "hidden" }, "label": "Policy ID" }, { "name": "common_subscriber_id", "type": "string", "doc": { "visibility": "enabled" }, "label": "Subscriber ID" }, { "name": "common_imei", "type": "string", "doc": { "visibility": "disabled" }, "label": "IMEI" }, { "name": "common_imsi", "type": "string", "doc": { "visibility": "disabled" }, "label": "IMSI" }, { "name": "common_phone_number", "type": "string", "doc": { "visibility": "disabled" }, "label": "Phone Number" }, { "name": "common_client_ip", "type": "string", "doc": { "constraints": { "type": "ip" }, "visibility": "enabled" }, "label": "Client IP" }, { "name": "common_internal_ip", "type": "string", "doc": { "constraints": { "type": "ip" }, "visibility": "enabled" }, "label": "Internal IP" }, { "name": "common_client_port", "type": "int", "doc": { "visibility": "enabled" }, "label": "Client Port" }, { "name": "common_l4_protocol", "type": "string", "doc": { "visibility": "enabled" }, "label": "L4 Protocol" }, { "name": "common_address_type", "type": "int", "doc": { "data": [ { "code": "4", "value": "ipv4" }, { "code": "6", "value": "ipv6" } ], "visibility": "enabled" }, "label": "Address Type" }, { "name": "common_server_ip", "type": "string", "doc": { "constraints": { "type": "ip" }, "visibility": "enabled" }, "label": "Server IP" }, { "name": "common_server_port", "type": "int", "doc": { "visibility": "enabled" }, "label": "Server Port" }, { "name": "common_external_ip", "type": "string", "doc": { "constraints": { "type": "ip" }, "visibility": "enabled" }, "label": "External IP" }, { "name": "common_action", "type": "int", "doc": { "data": [ { "code": "0", "value": "None" }, { "code": "1", "value": "Monitor" }, { "code": "2", "value": "Intercept" }, { "code": "16", "value": "Deny" }, { "code": "128", "value": "Allow" } ], "visibility": "enabled" }, "label": "Action" }, { "name": "common_direction", "type": "int", "doc": { "data": [ { "code": "69", "value": "outbound" }, { "code": "73", "value": "inbound" } ], "visibility": "enabled" }, "label": "Direction" }, { "name": "common_entrance_id", "type": "int", "doc": { "visibility": "disabled" }, "label": "Entrance ID" }, { "name": "common_sled_ip", "type": "string", "doc": { "constraints": { "type": "ip" }, "visibility": "enabled" }, "label": "Sled IP" }, { "name": "common_client_location", "type": "string", "doc": { "visibility": "enabled" }, "label": "Client Location" }, { "name": "common_client_asn", "type": "string", "doc": { "visibility": "enabled" }, "label": "Client ASN" }, { "name": "common_server_location", "type": "string", "doc": { "visibility": "enabled" }, "label": "Server Location" }, { "name": "common_server_asn", "type": "string", "doc": { "visibility": "enabled" }, "label": "Server ASN" }, { "name": "common_sessions", "type": "long", "doc": { "visibility": "enabled" }, "label": "Sessions" }, { "name": "common_c2s_pkt_num", "type": "long", "doc": { "visibility": "enabled" }, "label": "Packets Sent" }, { "name": "common_s2c_pkt_num", "type": "long", "doc": { "visibility": "enabled" }, "label": "Packets Received" }, { "name": "common_c2s_byte_num", "type": "long", "doc": { "visibility": "enabled" }, "label": "Bytes Sent" }, { "name": "common_s2c_byte_num", "type": "long", "doc": { "visibility": "enabled" }, "label": "Bytes Received" }, { "name": "common_c2s_pkt_diff", "label": "Packets Sent (Delta)", "doc": { "visibility": "hidden" }, "type": "long" }, { "name": "common_s2c_pkt_diff", "label": "Packets Received (Delta)", "doc": { "visibility": "hidden" }, "type": "long" }, { "name": "common_c2s_byte_diff", "label": "Bytes Sent (Delta)", "doc": { "visibility": "hidden" }, "type": "long" }, { "name": "common_s2c_byte_diff", "label": "Bytes Received (Delta)", "doc": { "visibility": "hidden" }, "type": "long" }, { "name": "common_service", "type": "int", "doc": { "visibility": "disabled" }, "label": "Service" }, { "name": "common_schema_type", "type": "string", "doc": { "data": [ { "code": "BASE", "value": "BASE" }, { "code": "HTTP", "value": "HTTP" }, { "code": "MAIL", "value": "MAIL" }, { "code": "DNS", "value": "DNS" }, { "code": "SSL", "value": "SSL" }, { "code": "FTP", "value": "FTP" } ], "visibility": "hidden" }, "label": "Schema Type" }, { "name": "common_user_tags", "type": "string", "doc": { "visibility": "disabled" }, "label": "User Tags" }, { "name": "common_sub_action", "type": "string", "doc": { "data": [ { "code": "allow", "value": "Allow" }, { "code": "deny", "value": "Deny" }, { "code": "monitor", "value": "Monitor" }, { "code": "replace", "value": "Replace" }, { "code": "redirect", "value": "Redirect" }, { "code": "insert", "value": "Insert" }, { "code": "hijack", "value": "Hijack" } ], "visibility": "hidden" }, "label": "Sub Action" }, { "name": "common_user_region", "type": "string", "doc": { "visibility": "hidden" }, "label": "User Region" }, { "name": "common_device_id", "type": "string", "doc": { "visibility": "enabled" }, "label": "Device ID" }, { "name": "common_egress_link_id", "label": "Egress Link ID", "doc": { "visibility": "hidden" }, "type": "int" }, { "name": "common_ingress_link_id", "label": "Ingress Link ID", "doc": { "visibility": "hidden" }, "type": "int" }, { "name": "common_isp", "type": "string", "doc": { "visibility": "disabled" }, "label": "ISP" }, { "name": "common_device_tag", "type": "string", "doc": { "visibility": "hidden", "format": { "functions": "flattenSpec,flattenSpec", "appendTo": "common_data_center,common_device_group", "param": "$.tags[?(@.tag=='data_center')].value,$.tags[?(@.tag=='device_group')].value" } }, "label": "Device Tag" }, { "name": "common_data_center", "label": "Data Center", "doc": { "constraints": { "operator_functions": "=,!=" }, "data": { "$ref": "device_tag.json#", "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" }, "visibility": "enabled" }, "type": "string" }, { "name": "common_device_group", "label": "Device Group", "doc": { "constraints": { "operator_functions": "=,!=" }, "data": { "$ref": "device_tag.json#", "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']", "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']" }, "visibility": "enabled" }, "type": "string" }, { "name": "common_app_behavior", "label": "Application Behavior", "doc": { "visibility": "hidden" }, "type": "string" }, { "name": "common_encapsulation", "type": "int", "doc": { "data": [ { "code": "0", "value": "Ethernet" }, { "code": "8", "value": "PPP" }, { "code": "12", "value": "CiscoHDLC" } ], "visibility": "enabled" }, "label": "Encapsulation" }, { "name": "common_app_label", "type": "string", "doc": { "visibility": "disabled" }, "label": "Application Label" }, { "name": "common_tunnels", "type": "string", "doc": { "visibility": "hidden" }, "label": "Tunnels" }, { "name": "common_protocol_label", "type": "string", "doc": { "visibility": "hidden" }, "label": "Protocol Label" }, { "name": "common_app_id", "type": "string", "label": "Application ID", "doc": { "visibility": "hidden" } }, { "name": "common_userdefine_app_name", "label": "User Define App Name", "type": "string", "doc": { "visibility": "hidden" } }, { "name": "common_app_identify_info", "label": "App Identity Info", "doc": { "visibility": "hidden" }, "type": "string" }, { "name": "common_app_surrogate_id", "type": "string", "label": "Surrogate ID", "doc": { "visibility": "hidden" } }, { "name": "common_l7_protocol", "type": "string", "doc": { "visibility": "enabled" }, "label": "L7 Protocol" }, { "name": "common_service_category", "label": "FQDN Category", "doc": { "visibility": "enabled" }, "type": { "type": "array", "items": "int" } }, { "name": "common_start_time", "type": "long", "doc": { "constraints": { "type": "timestamp" }, "visibility": "hidden" }, "label": "Start Time" }, { "name": "common_end_time", "type": "long", "doc": { "constraints": { "type": "timestamp" }, "visibility": "hidden" }, "label": "End Time" }, { "name": "common_establish_latency_ms", "type": "long", "doc": { "visibility": "hidden" }, "label": "TCP Handshake Latency (ms)" }, { "name": "common_con_duration_ms", "type": "long", "doc": { "visibility": "hidden" }, "label": "Duration (ms)" }, { "name": "common_stream_dir", "type": "int", "doc": { "data": [ { "code": "1", "value": "c2s" }, { "code": "2", "value": "s2c" }, { "code": "3", "value": "double" } ], "visibility": "enabled" }, "label": "Stream Direction" }, { "name": "common_address_list", "type": "string", "doc": { "visibility": "disabled" }, "label": "Address List" }, { "name": "common_has_dup_traffic", "type": "int", "doc": { "data": [ { "code": "0", "value": "No" }, { "code": "1", "value": "Yes" } ], "visibility": "hidden" }, "label": "Duplication Traffic" }, { "name": "common_stream_error", "type": "string", "doc": { "visibility": "hidden" }, "label": "Stream Error" }, { "name": "common_stream_trace_id", "type": "long", "doc": { "visibility": "enabled" }, "label": "Session ID" }, { "name": "common_link_info_c2s", "type": "string", "doc": { "visibility": "hidden" }, "label": "Link Info (c2s)" }, { "name": "common_link_info_s2c", "type": "string", "doc": { "visibility": "hidden" }, "label": "Link Info (s2c)" }, { "name": "common_packet_capture_file", "label": "Packet Capture File", "doc": { "visibility": "hidden", "constraints": { "type": "file" } }, "type": "string" }, { "name": "common_c2s_ipfrag_num", "type": "long", "doc": { "visibility": "hidden" }, "label": "Fragmentation Packets (c2s)" }, { "name": "common_s2c_ipfrag_num", "type": "long", "doc": { "visibility": "hidden" }, "label": "Fragmentation Packets (s2c)" }, { "name": "common_c2s_tcp_lostlen", "type": "long", "doc": { "visibility": "hidden" }, "label": "Sequence Gap Loss (c2s)" }, { "name": "common_s2c_tcp_lostlen", "type": "long", "doc": { "visibility": "hidden" }, "label": "Sequence Gap Loss (s2c)" }, { "name": "common_c2s_tcp_unorder_num", "type": "long", "doc": { "visibility": "hidden" }, "label": "Unordered Packets (c2s)" }, { "name": "common_s2c_tcp_unorder_num", "type": "long", "doc": { "visibility": "hidden" }, "label": "Unordered Packets (s2c)" }, { "name": "common_c2s_pkt_retrans", "type": "long", "doc": { "visibility": "enabled" }, "label": "Packet Retransmission (c2s)" }, { "name": "common_s2c_pkt_retrans", "type": "long", "doc": { "visibility": "enabled" }, "label": "Packet Retransmission (s2c)" }, { "name": "common_c2s_byte_retrans", "type": "long", "doc": { "visibility": "enabled" }, "label": "Byte Retransmission (c2s)" }, { "name": "common_s2c_byte_retrans", "type": "long", "doc": { "visibility": "enabled" }, "label": "Byte Retransmission (s2c)" }, { "name": "common_tcp_client_isn", "label": "TCP Client ISN", "doc": { "visibility": "disabled" }, "type": "long" }, { "name": "common_tcp_server_isn", "label": "TCP Server ISN", "doc": { "visibility": "disabled" }, "type": "long" }, { "name": "common_first_ttl", "type": "int", "doc": { "visibility": "hidden" }, "label": "First TTL" }, { "name": "common_processing_time", "type": "long", "doc": { "constraints": { "type": "timestamp" }, "format": { "functions": "current_timestamp" }, "visibility": "enabled" }, "label": "Processing Time" }, { "name": "common_ingestion_time", "label": "Ingestion Time", "doc": { "constraints": { "type": "timestamp" }, "format": { "functions": "ingestion_time" }, "visibility": "enabled" }, "type": "long" }, { "name": "common_mirrored_pkts", "label": "Mirrored Packets", "type": "long", "doc": { "visibility": "hidden" } }, { "name": "common_mirrored_bytes", "label": "Mirrored Bytes", "type": "long", "doc": { "visibility": "hidden" } }, { "name": "nic_name", "type": "string", "doc": { "visibility": "enabled" }, "label": "Nic Name" }, { "name": "origin_source_mac", "type": "string", "doc": { "visibility": "enabled" }, "label": "Origin Source Mac" }, { "name": "origin_dest_mac", "type": "string", "doc": { "visibility": "enabled" }, "label": "Origin Dest Mac" }, { "name": "packet_url", "type": "string", "doc": { "visibility": "enabled" }, "label": "Packet URL" }, { "name": "pcap_storage_task_id", "type": "int", "doc": { "visibility": "enabled" }, "label": "Task ID" }, { "name": "pcap_storage_duration", "type": "int", "doc": { "visibility": "enabled" }, "label": "Duration" } ] }