{ "type":"record", "name":"transaction_record", "namespace":"tsg_galaxy_v3", "doc": { "primary_key":"common_stream_trace_id", "partition_key":"common_recv_time", "ttl":null, "default_ttl":2592000, "index_key": [ "common_stream_trace_id", "common_recv_time", "common_data_center" ], "functions": { "$ref":"public_schema_info.json#/functions" }, "schema_query": { "dimensions": [ "common_server_ip", "common_client_ip", "common_internal_ip", "common_external_ip", "common_sled_ip", "common_device_id", "common_client_location", "common_server_location", "common_subscriber_id", "common_client_port", "common_server_port", "common_schema_type", "common_l4_protocol", "common_l7_protocol", "common_data_center", "common_device_group", "common_app_behavior", "common_client_asn", "common_server_asn", "common_start_time", "common_end_time", "common_imei", "common_imsi", "common_phone_number", "http_host", "http_domain", "http_url" ], "metrics": [ "common_server_ip", "common_client_ip", "common_internal_ip", "common_external_ip", "common_subscriber_id", "common_sled_ip", "common_device_id", "common_c2s_pkt_num", "common_s2c_pkt_num", "common_c2s_byte_num", "common_s2c_byte_num", "common_sessions", "common_con_duration_ms", "common_establish_latency_ms", "common_c2s_ipfrag_num", "common_s2c_ipfrag_num", "common_c2s_tcp_lostlen", "common_s2c_tcp_lostlen", "common_c2s_tcp_unorder_num", "common_s2c_tcp_unorder_num", "common_imei", "common_imsi", "common_phone_number", "http_host", "http_domain", "http_url" ], "filters": [ "common_address_type", "common_server_ip", "common_client_ip", "common_internal_ip", "common_external_ip", "common_client_port", "common_server_port", "common_client_location", "common_server_location", "common_subscriber_id", "common_c2s_pkt_num", "common_s2c_pkt_num", "common_c2s_byte_num", "common_s2c_byte_num", "common_c2s_ipfrag_num", "common_s2c_ipfrag_num", "common_c2s_tcp_lostlen", "common_s2c_tcp_lostlen", "common_c2s_tcp_unorder_num", "common_s2c_tcp_unorder_num", "common_l4_protocol", "common_l7_protocol", "common_stream_dir", "common_direction", "common_data_center", "common_device_group", "common_app_behavior", "common_sled_ip", "common_device_id", "common_schema_type", "common_client_asn", "common_server_asn", "common_start_time", "common_end_time", "common_con_duration_ms", "common_establish_latency_ms", "common_imei", "common_imsi", "common_phone_number", "http_host", "http_domain", "http_url" ], "references": { "$ref":"public_schema_info.json#/schema_query/references" }, "details": { "general": [ "common_recv_time", "common_log_id", "common_stream_trace_id", "common_address_type", "common_schema_type", "common_direction", "common_stream_dir", "common_start_time", "common_end_time", "common_con_duration_ms", "common_establish_latency_ms", "common_processing_time", "common_ingestion_time", "common_entrance_id", "common_device_id", "common_egress_link_id", "common_ingress_link_id", "common_isp", "common_data_center", "common_device_group", "common_sled_ip" ], "source": [ "common_client_ip", "common_internal_ip", "common_client_port", "common_client_location", "common_client_asn", "common_subscriber_id", "common_imei", "common_imsi", "common_phone_number" ], "destination": [ "common_server_ip", "common_external_ip", "common_server_port", "common_server_location", "common_server_asn" ], "application": [ "common_app_id", "common_userdefine_app_name", "common_app_identify_info", "common_app_label", "common_app_surrogate_id", "common_l7_protocol", "common_protocol_label", "common_service_category", "common_service", "common_l4_protocol", "common_app_behavior" ], "transmission": [ "common_sessions", "common_c2s_pkt_num", "common_s2c_pkt_num", "common_c2s_byte_num", "common_s2c_byte_num", "common_c2s_pkt_diff", "common_s2c_pkt_diff", "common_c2s_byte_diff", "common_s2c_byte_diff", "common_c2s_ipfrag_num", "common_s2c_ipfrag_num", "common_c2s_tcp_lostlen", "common_s2c_tcp_lostlen", "common_c2s_tcp_unorder_num", "common_s2c_tcp_unorder_num", "common_c2s_pkt_retrans", "common_s2c_pkt_retrans", "common_c2s_byte_retrans", "common_s2c_byte_retrans", "common_first_ttl", "common_tcp_client_isn", "common_tcp_server_isn", "common_mirrored_pkts", "common_mirrored_bytes" ], "other": [ "common_device_tag", "common_encapsulation", "common_tunnels", "common_address_list", "common_has_dup_traffic", "common_stream_error", "common_link_info_c2s", "common_link_info_s2c", "common_packet_capture_file", "common_action", "common_sub_action", "common_policy_id", "common_user_tags", "common_user_region" ] } }, "schema_type": { "BASE": { "$ref":"public_schema_info.json#/schema_type/BASE" }, "HTTP": { "$ref":"public_schema_info.json#/schema_type/HTTP" }, "MAIL": { "$ref":"public_schema_info.json#/schema_type/MAIL" }, "DNS": { "$ref":"public_schema_info.json#/schema_type/DNS" }, "SSL": { "$ref":"public_schema_info.json#/schema_type/SSL" }, "QUIC": { "$ref":"public_schema_info.json#/schema_type/QUIC" }, "FTP": { "$ref":"public_schema_info.json#/schema_type/FTP" }, "BGP": { "$ref":"public_schema_info.json#/schema_type/BGP" }, "SIP": { "$ref":"public_schema_info.json#/schema_type/SIP" }, "RTP": { "$ref":"public_schema_info.json#/schema_type/RTP" }, "APP": { "$ref":"public_schema_info.json#/schema_type/APP" } }, "default_columns": [ "common_recv_time", "common_log_id", "common_subscriber_id", "common_client_ip", "common_server_ip", "common_server_port", "common_schema_type" ], "internal_columns": [ "common_recv_time", "common_log_id", "common_processing_time", "common_ingestion_time", "common_tunnels", "common_packet_capture_file", "http_request_body", "http_response_body" ], "tunnel_type": { "$ref":"public_schema_info.json#/tunnel_type" } }, "fields": [ { "name":"common_recv_time", "type":"long", "doc": { "constraints": { "type":"timestamp" }, "visibility":"enabled", "ttl":null }, "label":"Receive Time" }, { "name":"common_log_id", "type":"long", "doc": { "format": { "functions":"snowflake_id" }, "visibility":"enabled", "ttl":null }, "label":"Log ID" }, { "name":"common_policy_id", "type":"long", "doc": { "visibility":"hidden", "ttl":null }, "label":"Policy ID" }, { "name":"common_subscriber_id", "type":"string", "doc": { "visibility":"enabled", "ttl":null }, "label":"Subscriber ID" }, { "name":"common_imei", "type":"string", "doc": { "visibility":"enabled", "ttl":null }, "label":"IMEI" }, { "name":"common_imsi", "type":"string", "doc": { "visibility":"enabled", "ttl":null }, "label":"IMSI" }, { "name":"common_phone_number", "type":"string", "doc": { "visibility":"enabled", "ttl":null }, "label":"Phone Number" }, { "name":"common_client_ip", "type":"string", "doc": { "constraints": { "type":"ip" }, "format": { "functions":"geo_asn,radius_match", "appendTo":"common_client_asn,common_subscriber_id" }, "visibility":"enabled", "ttl":null }, "label":"Client IP" }, { "name":"common_internal_ip", "type":"string", "doc": { "constraints": { "type":"ip" }, "format": { "functions":"if", "param":"$.common_direction=69,$.common_client_ip,$.common_server_ip" }, "visibility":"enabled", "ttl":null }, "label":"Internal IP" }, { "name":"common_client_port", "type":"int", "doc": { "visibility":"enabled", "ttl":null }, "label":"Client Port" }, { "name":"common_l4_protocol", "type":"string", "doc": { "visibility":"enabled", "ttl":null }, "label":"L4 Protocol" }, { "name":"common_address_type", "type":"int", "doc": { "constraints": { "operator_functions":"=,!=" }, "data": [ { "code":"4", "value":"ipv4" }, { "code":"6", "value":"ipv6" } ], "visibility":"enabled", "ttl":null }, "label":"Address Type" }, { "name":"common_server_ip", "type":"string", "doc": { "constraints": { "type":"ip" }, "format": { "functions":"geo_asn", "appendTo":"common_server_asn" }, "visibility":"enabled", "ttl":null }, "label":"Server IP" }, { "name":"common_server_port", "type":"int", "doc": { "visibility":"enabled", "ttl":null }, "label":"Server Port" }, { "name":"common_external_ip", "type":"string", "doc": { "constraints": { "type":"ip" }, "format": { "functions":"if", "param":"$.common_direction=73,$.common_client_ip,$.common_server_ip" }, "visibility":"enabled", "ttl":null }, "label":"External IP" }, { "name":"common_action", "type":"int", "doc": { "visibility":"hidden", "constraints": { "operator_functions":"=,!=" }, "data": [ { "code":"0", "value":"None" }, { "code":"1", "value":"Monitor" }, { "code":"2", "value":"Intercept" }, { "code":"16", "value":"Deny" }, { "code":"128", "value":"Allow" } ], "ttl":null }, "label":"Action" }, { "name":"common_direction", "type":"int", "doc": { "constraints": { "operator_functions":"=,!=" }, "data": [ { "code":"69", "value":"outbound" }, { "code":"73", "value":"inbound" } ], "visibility":"enabled", "ttl":null }, "label":"Direction" }, { "name":"common_entrance_id", "type":"int", "doc": { "visibility":"disabled", "ttl":null }, "label":"Entrance ID" }, { "name":"common_sled_ip", "type":"string", "doc": { "constraints": { "type":"ip" }, "visibility":"enabled", "ttl":null }, "label":"Sled IP" }, { "name":"common_client_location", "type":"string", "doc": { "visibility":"enabled", "ttl":null }, "label":"Client Location" }, { "name":"common_client_asn", "type":"string", "doc": { "visibility":"enabled", "ttl":null }, "label":"Client ASN" }, { "name":"common_server_location", "type":"string", "doc": { "visibility":"enabled", "ttl":null }, "label":"Server Location" }, { "name":"common_server_asn", "type":"string", "doc": { "visibility":"enabled", "ttl":null }, "label":"Server ASN" }, { "name":"common_sessions", "type":"long", "doc": { "visibility":"enabled", "ttl":null }, "label":"Sessions" }, { "name":"common_c2s_pkt_num", "type":"long", "doc": { "visibility":"enabled", "ttl":null }, "label":"Packets Sent" }, { "name":"common_s2c_pkt_num", "type":"long", "doc": { "visibility":"enabled", "ttl":null }, "label":"Packets Received" }, { "name":"common_c2s_byte_num", "type":"long", "doc": { "visibility":"enabled", "ttl":null }, "label":"Bytes Sent" }, { "name":"common_s2c_byte_num", "type":"long", "doc": { "visibility":"enabled", "ttl":null }, "label":"Bytes Received" }, { "name":"common_c2s_pkt_diff", "type":"long", "doc": { "visibility":"hidden", "ttl":null }, "label":"Packets Sent (Delta)" }, { "name":"common_s2c_pkt_diff", "type":"long", "doc": { "visibility":"hidden", "ttl":null }, "label":"Packets Received (Delta)" }, { "name":"common_c2s_byte_diff", "type":"long", "doc": { "visibility":"hidden", "ttl":null }, "label":"Bytes Sent (Delta)" }, { "name":"common_s2c_byte_diff", "type":"long", "doc": { "visibility":"hidden", "ttl":null }, "label":"Bytes Received (Delta)" }, { "name":"common_service", "type":"int", "doc": { "visibility":"disabled", "ttl":null }, "label":"Service" }, { "name":"common_schema_type", "type":"string", "doc": { "constraints": { "operator_functions":"=,!=" }, "data": [ { "code":"BASE", "value":"BASE" }, { "code":"DNS", "value":"DNS" }, { "code":"HTTP", "value":"HTTP" }, { "code":"SIP", "value":"SIP" } ], "visibility":"enabled", "ttl":null }, "label":"Schema Type" }, { "name":"common_user_tags", "type":"string", "doc": { "visibility":"disabled", "ttl":null }, "label":"User Tags" }, { "name":"common_sub_action", "type":"string", "doc": { "data": [ { "code":"allow", "value":"Allow" }, { "code":"deny", "value":"Deny" }, { "code":"monitor", "value":"Monitor" }, { "code":"replace", "value":"Replace" }, { "code":"redirect", "value":"Redirect" }, { "code":"insert", "value":"Insert" }, { "code":"hijack", "value":"Hijack" } ], "visibility":"hidden", "ttl":null }, "label":"Sub Action" }, { "name":"common_user_region", "type":"string", "doc": { "visibility":"hidden", "ttl":null }, "label":"User Region" }, { "name":"common_device_id", "type":"string", "doc": { "visibility":"enabled", "ttl":null }, "label":"Device ID" }, { "name":"common_egress_link_id", "label":"Egress Link ID", "doc": { "visibility":"hidden", "ttl":null }, "type":"int" }, { "name":"common_ingress_link_id", "label":"Ingress Link ID", "doc": { "visibility":"hidden", "ttl":null }, "type":"int" }, { "name":"common_isp", "type":"string", "doc": { "visibility":"disabled", "ttl":null }, "label":"ISP" }, { "name":"common_device_tag", "type":"string", "doc": { "visibility":"hidden", "format": { "functions":"flattenSpec,flattenSpec", "appendTo":"common_data_center,common_device_group", "param":"$.tags[?(@.tag=='data_center')].value,$.tags[?(@.tag=='device_group')].value" }, "ttl":null }, "label":"Device Tag" }, { "name":"common_data_center", "label":"Data Center", "doc": { "constraints": { "operator_functions":"=,!=" }, "data": { "$ref":"device_tag.json#", "key":"$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", "value":"$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" }, "visibility":"enabled", "ttl":null }, "type":"string" }, { "name":"common_device_group", "label":"Device Group", "doc": { "constraints": { "operator_functions":"=,!=" }, "data": { "$ref":"device_tag.json#", "key":"$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']", "value":"$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']" }, "visibility":"enabled", "ttl":null }, "type":"string" }, { "name":"common_app_behavior", "label":"Application Behavior", "doc": { "visibility":"enabled", "ttl":null }, "type":"string" }, { "name":"common_encapsulation", "type":"int", "doc": { "constraints": { "operator_functions":"=,!=" }, "data": { "$ref":"public_schema_info.json#/fields/common_encapsulation/data" }, "visibility":"hidden", "ttl":null }, "label":"Encapsulation" }, { "name":"common_app_label", "type":"string", "doc": { "visibility":"enabled", "ttl":null }, "label":"Application Label" }, { "name":"common_tunnels", "type":"string", "doc": { "visibility":"enabled", "ttl":null }, "label":"Tunnels" }, { "name":"common_protocol_label", "type":"string", "doc": { "visibility":"enabled", "ttl":null }, "label":"Protocol Label" }, { "name":"common_app_id", "type":"string", "label":"Application ID", "doc": { "visibility":"hidden", "ttl":null } }, { "name":"common_userdefine_app_name", "label":"User Define App Name", "type":"string", "doc": { "visibility":"hidden", "ttl":null } }, { "name":"common_app_identify_info", "label":"App Identity Info", "doc": { "visibility":"hidden", "ttl":null }, "type":"string" }, { "name":"common_app_surrogate_id", "type":"string", "label":"Surrogate ID", "doc": { "visibility":"hidden", "ttl":null } }, { "name":"common_l7_protocol", "type":"string", "doc": { "visibility":"enabled", "ttl":null }, "label":"L7 Protocol" }, { "name":"common_service_category", "type": { "type":"array", "items":"int" }, "doc": { "constraints": { "operator_functions":"has" }, "dict_location": { "path":"/v1/category/dict", "key":"categoryId", "value":"categoryName" }, "visibility":"enabled", "ttl":null }, "label":"FQDN Category" }, { "name":"common_start_time", "type":"long", "doc": { "allow_query":"false", "constraints": { "type":"timestamp" }, "visibility":"enabled", "ttl":null }, "label":"Start Time" }, { "name":"common_end_time", "type":"long", "doc": { "allow_query":"false", "constraints": { "type":"timestamp" }, "format": { "functions":"get_value", "appendTo":"common_recv_time" }, "visibility":"enabled", "ttl":null }, "label":"End Time" }, { "name":"common_establish_latency_ms", "type":"long", "doc": { "visibility":"enabled", "ttl":null }, "label":"TCP Handshake Latency (ms)" }, { "name":"common_con_duration_ms", "type":"long", "doc": { "visibility":"enabled", "ttl":null }, "label":"Duration (ms)" }, { "name":"common_stream_dir", "type":"int", "doc": { "constraints": { "operator_functions":"=,!=" }, "data": [ { "code":"1", "value":"c2s" }, { "code":"2", "value":"s2c" }, { "code":"3", "value":"double" } ], "visibility":"enabled", "ttl":null }, "label":"Stream Direction" }, { "name":"common_address_list", "type":"string", "doc": { "visibility":"disabled", "ttl":null }, "label":"Address List" }, { "name":"common_has_dup_traffic", "type":"int", "doc": { "constraints": { "operator_functions":"=,!=" }, "data": { "$ref":"public_schema_info.json#/fields/common_has_dup_traffic/data" }, "visibility":"hidden", "ttl":null }, "label":"Duplication Traffic" }, { "name":"common_stream_error", "type":"string", "doc": { "visibility":"hidden", "ttl":null }, "label":"Stream Error" }, { "name":"common_stream_trace_id", "type":"long", "doc": { "visibility":"enabled", "ttl":null }, "label":"Session ID" }, { "name":"common_link_info_c2s", "type":"string", "doc": { "visibility":"hidden", "ttl":null }, "label":"Link Info (c2s)" }, { "name":"common_link_info_s2c", "type":"string", "doc": { "visibility":"hidden", "ttl":null }, "label":"Link Info (s2c)" }, { "name":"common_packet_capture_file", "label":"Packet Capture File", "doc": { "visibility":"hidden", "ttl":null, "constraints": { "type":"file" } }, "type":"string" }, { "name":"common_c2s_ipfrag_num", "type":"long", "doc": { "visibility":"enabled", "ttl":null }, "label":"Fragmentation Packets (c2s)" }, { "name":"common_s2c_ipfrag_num", "type":"long", "doc": { "visibility":"enabled", "ttl":null }, "label":"Fragmentation Packets (s2c)" }, { "name":"common_c2s_tcp_lostlen", "type":"long", "doc": { "visibility":"enabled", "ttl":null }, "label":"Sequence Gap Loss (c2s)" }, { "name":"common_s2c_tcp_lostlen", "type":"long", "doc": { "visibility":"enabled", "ttl":null }, "label":"Sequence Gap Loss (s2c)" }, { "name":"common_c2s_tcp_unorder_num", "type":"long", "doc": { "visibility":"enabled", "ttl":null }, "label":"Unordered Packets (c2s)" }, { "name":"common_s2c_tcp_unorder_num", "type":"long", "doc": { "visibility":"enabled", "ttl":null }, "label":"Unordered Packets (s2c)" }, { "name":"common_c2s_pkt_retrans", "type":"long", "doc": { "visibility":"enabled", "ttl":null }, "label":"Packet Retransmission (c2s)" }, { "name":"common_s2c_pkt_retrans", "type":"long", "doc": { "visibility":"enabled", "ttl":null }, "label":"Packet Retransmission (s2c)" }, { "name":"common_c2s_byte_retrans", "type":"long", "doc": { "visibility":"enabled", "ttl":null }, "label":"Byte Retransmission (c2s)" }, { "name":"common_s2c_byte_retrans", "type":"long", "doc": { "visibility":"enabled", "ttl":null }, "label":"Byte Retransmission (s2c)" }, { "name":"common_tcp_client_isn", "type":"long", "doc": { "visibility":"enabled", "ttl":null }, "label":"TCP Client ISN" }, { "name":"common_tcp_server_isn", "type":"long", "doc": { "visibility":"enabled", "ttl":null }, "label":"TCP Server ISN" }, { "name":"common_first_ttl", "type":"int", "doc": { "visibility":"hidden", "ttl":null }, "label":"First TTL" }, { "name":"common_processing_time", "type":"long", "doc": { "constraints": { "type":"timestamp" }, "format": { "functions":"current_timestamp" }, "visibility":"enabled", "ttl":null }, "label":"Processing Time" }, { "name":"common_ingestion_time", "label":"Ingestion Time", "doc": { "constraints": { "type":"timestamp" }, "format": { "functions":"ingestion_time" }, "visibility":"enabled", "ttl":null }, "type":"long" }, { "name":"common_mirrored_pkts", "label":"Mirrored Packets", "type":"long", "doc": { "visibility":"hidden", "ttl":null } }, { "name":"common_mirrored_bytes", "label":"Mirrored Bytes", "type":"long", "doc": { "visibility":"hidden", "ttl":null } }, { "name":"http_url", "type":"string", "doc": { "visibility":"enabled", "ttl":null }, "label":"HTTP.URL" }, { "name":"http_host", "type":"string", "doc": { "format": { "functions":"sub_domain", "appendTo":"http_domain" }, "visibility":"enabled", "ttl":null }, "label":"HTTP.Host" }, { "name":"http_domain", "type":"string", "doc": { "visibility":"enabled", "ttl":null }, "label":"HTTP.Domain" }, { "name":"http_request_line", "type":"string", "doc": { "visibility":"hidden", "ttl":null }, "label":"HTTP.Request Line" }, { "name":"http_response_line", "type":"string", "doc": { "visibility":"hidden", "ttl":null }, "label":"HTTP.Response Line" }, { "name":"http_request_header", "type":"string", "doc": { "visibility":"hidden", "ttl":null }, "label":"HTTP.Request Headers" }, { "name":"http_response_header", "type":"string", "doc": { "visibility":"hidden", "ttl":null }, "label":"HTTP.Response Headers" }, { "name":"http_request_content", "type":"string", "doc": { "visibility":"hidden", "ttl":null }, "label":"HTTP.Request Content" }, { "name":"http_request_content_length", "label":"HTTP.Request Content Length", "doc": { "visibility":"enabled", "ttl":null }, "type":"string" }, { "name":"http_request_content_type", "label":"HTTP.Request Content Type", "doc": { "visibility":"enabled", "ttl":null }, "type":"string" }, { "name":"http_response_content", "type":"string", "doc": { "visibility":"hidden", "ttl":null }, "label":"HTTP.Response Content" }, { "name":"http_response_content_length", "label":"HTTP.Response Content Length", "doc": { "visibility":"enabled", "ttl":null }, "type":"string" }, { "name":"http_response_content_type", "label":"HTTP.Response Content Type", "doc": { "visibility":"enabled", "ttl":null }, "type":"string" }, { "name":"http_request_body", "type":"string", "doc": { "allow_query":"false", "constraints": { "type":"file" }, "visibility":"enabled", "ttl":null }, "label":"HTTP.Request Body" }, { "name":"http_response_body", "type":"string", "doc": { "allow_query":"false", "constraints": { "type":"file" }, "visibility":"enabled", "ttl":null }, "label":"HTTP.Response Body" }, { "name":"http_request_body_key", "type":"string", "doc": { "visibility":"disabled", "ttl":null }, "label":"HTTP.Request Body Key" }, { "name":"http_response_body_key", "type":"string", "doc": { "visibility":"disabled", "ttl":null }, "label":"HTTP.Response Body Key" }, { "name":"http_proxy_flag", "type":"int", "doc": { "visibility":"hidden", "ttl":null }, "label":"HTTP.Proxy Flag" }, { "name":"http_sequence", "type":"int", "doc": { "visibility":"hidden", "ttl":null }, "label":"HTTP.Sequence" }, { "name":"http_snapshot", "type":"string", "doc": { "visibility":"hidden", "ttl":null }, "label":"HTTP.Snapshot" }, { "name":"http_cookie", "type":"string", "doc": { "visibility":"enabled", "ttl":null }, "label":"HTTP.Cookie" }, { "name":"http_referer", "type":"string", "doc": { "visibility":"enabled", "ttl":null }, "label":"HTTP.Referer" }, { "name":"http_user_agent", "type":"string", "doc": { "visibility":"enabled", "ttl":null }, "label":"HTTP.User Agent" }, { "name":"http_content_length", "type":"string", "doc": { "visibility":"hidden", "ttl":null }, "label":"HTTP.Content Length" }, { "name":"http_content_type", "type":"string", "doc": { "visibility":"hidden", "ttl":null }, "label":"HTTP.Content Type" }, { "name":"http_set_cookie", "type":"string", "doc": { "visibility":"enabled", "ttl":null }, "label":"HTTP.Set Cookie" }, { "name":"http_version", "type":"string", "doc": { "visibility":"enabled", "ttl":null }, "label":"HTTP.Version" }, { "name":"http_response_latency_ms", "type":"long", "doc": { "visibility":"enabled", "ttl":null }, "label":"HTTP.Response Latency (ms)" }, { "name":"http_session_duration_ms", "type":"long", "doc": { "visibility":"enabled", "ttl":null }, "label":"HTTP.Session Duration (ms)" }, { "name":"http_action_file_size", "type":"int", "doc": { "visibility":"enabled", "ttl":null }, "label":"HTTP.Action File Size" }, { "name":"dns_message_id", "type":"int", "doc": { "visibility":"enabled", "ttl":null }, "label":"DNS.Message ID" }, { "name":"dns_qr", "type":"int", "doc": { "constraints": { "operator_functions":"=,!=" }, "data": [ { "code":"0", "value":"QUERY" }, { "code":"1", "value":"RESPONSE" } ], "visibility":"enabled", "ttl":null }, "label":"DNS.QR" }, { "name":"dns_opcode", "type":"int", "doc": { "constraints": { "operator_functions":"=,!=" }, "data": [ { "code":"0", "value":"QUERY" }, { "code":"1", "value":"IQUERY" }, { "code":"2", "value":"STATUS" }, { "code":"5", "value":"UPDATE" } ], "visibility":"enabled", "ttl":null }, "label":"DNS.OPCODE" }, { "name":"dns_aa", "type":"int", "doc": { "visibility":"enabled", "ttl":null }, "label":"DNS.AA" }, { "name":"dns_tc", "type":"int", "doc": { "visibility":"enabled", "ttl":null }, "label":"DNS.TC" }, { "name":"dns_rd", "type":"int", "doc": { "visibility":"enabled", "ttl":null }, "label":"DNS.RD" }, { "name":"dns_ra", "type":"int", "doc": { "visibility":"enabled", "ttl":null }, "label":"DNS.RA" }, { "name":"dns_rcode", "type":"int", "doc": { "data": [ { "code":0, "value":"NoError" }, { "code":1, "value":"FormErr" }, { "code":2, "value":"ServFail" }, { "code":3, "value":"NXDomain" }, { "code":4, "value":"NotImp" }, { "code":5, "value":"Refused" }, { "code":6, "value":"YXDomain" }, { "code":7, "value":"YXRRSet" }, { "code":8, "value":"NXRRSet" }, { "code":9, "value":"NotAuth" }, { "code":10, "value":"NotZone" }, { "code":16, "value":"BADSIG" }, { "code":17, "value":"BADKEY" }, { "code":18, "value":"BADTIME" }, { "code":19, "value":"BADMODE" }, { "code":20, "value":"BADNAME" }, { "code":21, "value":"BADALG" } ], "visibility":"enabled", "ttl":null }, "label":"DNS.RCODE" }, { "name":"dns_qdcount", "type":"int", "doc": { "visibility":"enabled", "ttl":null }, "label":"DNS.QDCOUNT" }, { "name":"dns_ancount", "type":"int", "doc": { "visibility":"enabled", "ttl":null }, "label":"DNS.ANCOUNT" }, { "name":"dns_nscount", "type":"int", "doc": { "visibility":"enabled", "ttl":null }, "label":"DNS.NSCOUNT" }, { "name":"dns_arcount", "type":"int", "doc": { "visibility":"enabled", "ttl":null }, "label":"DNS.ARCOUNT" }, { "name":"dns_qname", "type":"string", "doc": { "visibility":"enabled", "ttl":null }, "label":"DNS.QNAME" }, { "name":"dns_qtype", "type":"int", "doc": { "constraints": { "operator_functions":"=,!=" }, "data": [ { "code":"1", "value":"A" }, { "code":"2", "value":"NS" }, { "code":"3", "value":"MD" }, { "code":"4", "value":"MF" }, { "code":"5", "value":"CNAME" }, { "code":"6", "value":"SOA" }, { "code":"7", "value":"MB" }, { "code":"8", "value":"MG" }, { "code":"9", "value":"MR" }, { "code":"10", "value":"NULL" }, { "code":"11", "value":"WKS" }, { "code":"12", "value":"PTR" }, { "code":"13", "value":"HINFO" }, { "code":"14", "value":"MINFO" }, { "code":"15", "value":"MX" }, { "code":"16", "value":"TXT" }, { "code":"17", "value":"RP" }, { "code":"18", "value":"AFSDB" }, { "code":"19", "value":"X25" }, { "code":"20", "value":"ISDN" }, { "code":"21", "value":"RT" }, { "code":"22", "value":"NSAP" }, { "code":"23", "value":"NSAP" }, { "code":"24", "value":"SIG" }, { "code":"25", "value":"KEY" }, { "code":"26", "value":"PX" }, { "code":"27", "value":"GPOS" }, { "code":"28", "value":"AAAA" }, { "code":"29", "value":"LOC" }, { "code":"30", "value":"EID" }, { "code":"31", "value":"NIMLOC" }, { "code":"32", "value":"NB" }, { "code":"33", "value":"SRV" }, { "code":"34", "value":"ATMA" }, { "code":"35", "value":"NAPTR" }, { "code":"36", "value":"KX" }, { "code":"37", "value":"CERT" }, { "code":"38", "value":"A6" }, { "code":"39", "value":"DNAME" }, { "code":"40", "value":"SINK" }, { "code":"41", "value":"OPT" }, { "code":"42", "value":"APL" }, { "code":"43", "value":"DS" }, { "code":"44", "value":"SSHFP" }, { "code":"45", "value":"IPSECKEY" }, { "code":"46", "value":"RRSIG" }, { "code":"47", "value":"NSEC" }, { "code":"48", "value":"DNSKEY" }, { "code":"49", "value":"DHCID" }, { "code":"50", "value":"NSEC3" }, { "code":"51", "value":"NSEC3PARAM" }, { "code":"52", "value":"TLSA" }, { "code":"53", "value":"SMIMEA" }, { "code":"55", "value":"HIP" }, { "code":"59", "value":"CDS" }, { "code":"60", "value":"CDNSKEY" }, { "code":"61", "value":"OPENPGPKEY" }, { "code":"62", "value":"CSYNC" }, { "code":"63", "value":"ZONEMD" }, { "code":"64", "value":"SVCB" }, { "code":"65", "value":"HTTPS" }, { "code":"99", "value":"SPF" }, { "code":"100", "value":"UINFO" }, { "code":"101", "value":"UID" }, { "code":"102", "value":"GID" }, { "code":"103", "value":"UNSPEC" }, { "code":"108", "value":"EUI48" }, { "code":"109", "value":"EUI64" }, { "code":"249", "value":"TKEY" }, { "code":"250", "value":"TSIG" }, { "code":"251", "value":"IXFR" }, { "code":"252", "value":"AXFR" }, { "code":"253", "value":"MAILB" }, { "code":"254", "value":"MAILA" }, { "code":"255", "value":"*" }, { "code":"256", "value":"URI" }, { "code":"257", "value":"CAA" }, { "code":"32768", "value":"TA" }, { "code":"32769", "value":"DLV" }, { "code":"65521", "value":"INTEGRITY" } ], "visibility":"enabled", "ttl":null }, "label":"DNS.QTYPE" }, { "name":"dns_qclass", "type":"int", "doc": { "visibility":"enabled", "ttl":null }, "label":"DNS.QCLASS" }, { "name":"dns_cname", "type":"string", "doc": { "visibility":"enabled", "ttl":null }, "label":"DNS.CNAME" }, { "name":"dns_sub", "type":"int", "doc": { "constraints": { "operator_functions":"=,!=" }, "data": [ { "code":"1", "value":"DNS" }, { "code":"2", "value":"DNSSEC" } ], "visibility":"enabled", "ttl":null }, "label":"DNS.SUB" }, { "name":"dns_rr", "type":"string", "doc": { "visibility":"enabled", "ttl":null }, "label":"DNS.RR" }, { "name":"dns_response_latency_ms", "label":"DNS.Response Latency (ms)", "doc": { "visibility":"enabled", "ttl":null }, "type":"int" }, { "name":"sip_call_id", "type":"string", "doc": { "visibility":"enabled", "ttl":null }, "label":"SIP.Call-ID" }, { "name":"sip_originator_description", "type":"string", "doc": { "visibility":"enabled", "ttl":null }, "label":"SIP.Originator" }, { "name":"sip_responder_description", "type":"string", "doc": { "visibility":"enabled", "ttl":null }, "label":"SIP.Responder" }, { "name":"sip_user_agent", "type":"string", "doc": { "visibility":"enabled", "ttl":null }, "label":"SIP.User-Agent" }, { "name":"sip_server", "type":"string", "doc": { "visibility":"enabled", "ttl":null }, "label":"SIP.Server" }, { "name":"sip_originator_sdp_connect_ip", "type":"string", "doc": { "visibility":"enabled", "ttl":null }, "label":"SIP.Originator IP" }, { "name":"sip_originator_sdp_media_port", "type":"int", "doc": { "visibility":"enabled", "ttl":null }, "label":"SIP.Originator Port" }, { "name":"sip_originator_sdp_media_type", "type":"string", "doc": { "visibility":"enabled", "ttl":null }, "label":"SIP.Originator Media Type" }, { "name":"sip_originator_sdp_content", "type":"string", "doc": { "visibility":"enabled", "ttl":null }, "label":"SIP.Originator Content" }, { "name":"sip_responder_sdp_connect_ip", "type":"string", "doc": { "visibility":"enabled", "ttl":null }, "label":"SIP.Responder IP" }, { "name":"sip_responder_sdp_media_port", "type":"int", "doc": { "visibility":"enabled", "ttl":null }, "label":"SIP.Responder Port" }, { "name":"sip_responder_sdp_media_type", "type":"string", "doc": { "visibility":"enabled", "ttl":null }, "label":"SIP.Responder Media Type" }, { "name":"sip_responder_sdp_content", "type":"string", "doc": { "visibility":"enabled", "ttl":null }, "label":"SIP.Responder Content" }, { "name":"sip_duration_s", "type":"int", "doc": { "visibility":"enabled", "ttl":null }, "label":"SIP.Duration (s)" }, { "name":"sip_bye", "type":"string", "doc": { "visibility":"enabled", "ttl":null }, "label":"SIP.Bye" } ] }