gfwleak/galaxy-deployment-schema-updater-tool
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2025-09-14. You can view files and clone it, but cannot push or open issues or pull requests.
Files
4be242ba89982b65250045ebd099ca837bbec7d1
galaxy-deployment-schema-up…/testSchemaFiles/transaction_record.json
qidaijie ae9ea847dc 原schema-upgrade项目更名,发布初版
2023-09-26 14:48:35 +08:00

2552 lines
67 KiB
JSON
Raw Blame History

{
"type":"record",
"name":"transaction_record",
"namespace":"tsg_galaxy_v3",
"doc":
{
"primary_key":"common_stream_trace_id",
"partition_key":"common_recv_time",
"ttl":null,
"default_ttl":2592000,
"index_key":
[
"common_stream_trace_id",
"common_recv_time",
"common_data_center"
],
"functions":
{
"$ref":"public_schema_info.json#/functions"
},
"schema_query":
{
"dimensions":
[
"common_server_ip",
"common_client_ip",
"common_internal_ip",
"common_external_ip",
"common_sled_ip",
"common_device_id",
"common_client_location",
"common_server_location",
"common_subscriber_id",
"common_client_port",
"common_server_port",
"common_schema_type",
"common_l4_protocol",
"common_l7_protocol",
"common_data_center",
"common_device_group",
"common_app_behavior",
"common_client_asn",
"common_server_asn",
"common_start_time",
"common_end_time",
"common_imei",
"common_imsi",
"common_phone_number",
"http_host",
"http_domain",
"http_url"
],
"metrics":
[
"common_server_ip",
"common_client_ip",
"common_internal_ip",
"common_external_ip",
"common_subscriber_id",
"common_sled_ip",
"common_device_id",
"common_c2s_pkt_num",
"common_s2c_pkt_num",
"common_c2s_byte_num",
"common_s2c_byte_num",
"common_sessions",
"common_con_duration_ms",
"common_establish_latency_ms",
"common_c2s_ipfrag_num",
"common_s2c_ipfrag_num",
"common_c2s_tcp_lostlen",
"common_s2c_tcp_lostlen",
"common_c2s_tcp_unorder_num",
"common_s2c_tcp_unorder_num",
"common_imei",
"common_imsi",
"common_phone_number",
"http_host",
"http_domain",
"http_url"
],
"filters":
[
"common_address_type",
"common_server_ip",
"common_client_ip",
"common_internal_ip",
"common_external_ip",
"common_client_port",
"common_server_port",
"common_client_location",
"common_server_location",
"common_subscriber_id",
"common_c2s_pkt_num",
"common_s2c_pkt_num",
"common_c2s_byte_num",
"common_s2c_byte_num",
"common_c2s_ipfrag_num",
"common_s2c_ipfrag_num",
"common_c2s_tcp_lostlen",
"common_s2c_tcp_lostlen",
"common_c2s_tcp_unorder_num",
"common_s2c_tcp_unorder_num",
"common_l4_protocol",
"common_l7_protocol",
"common_stream_dir",
"common_direction",
"common_data_center",
"common_device_group",
"common_app_behavior",
"common_sled_ip",
"common_device_id",
"common_schema_type",
"common_client_asn",
"common_server_asn",
"common_start_time",
"common_end_time",
"common_con_duration_ms",
"common_establish_latency_ms",
"common_imei",
"common_imsi",
"common_phone_number",
"http_host",
"http_domain",
"http_url"
],
"references":
{
"$ref":"public_schema_info.json#/schema_query/references"
},
"details":
{
"general":
[
"common_recv_time",
"common_log_id",
"common_stream_trace_id",
"common_address_type",
"common_schema_type",
"common_direction",
"common_stream_dir",
"common_start_time",
"common_end_time",
"common_con_duration_ms",
"common_establish_latency_ms",
"common_processing_time",
"common_ingestion_time",
"common_entrance_id",
"common_device_id",
"common_egress_link_id",
"common_ingress_link_id",
"common_isp",
"common_data_center",
"common_device_group",
"common_sled_ip"
],
"source":
[
"common_client_ip",
"common_internal_ip",
"common_client_port",
"common_client_location",
"common_client_asn",
"common_subscriber_id",
"common_imei",
"common_imsi",
"common_phone_number"
],
"destination":
[
"common_server_ip",
"common_external_ip",
"common_server_port",
"common_server_location",
"common_server_asn"
],
"application":
[
"common_app_id",
"common_userdefine_app_name",
"common_app_identify_info",
"common_app_label",
"common_app_surrogate_id",
"common_l7_protocol",
"common_protocol_label",
"common_service_category",
"common_service",
"common_l4_protocol",
"common_app_behavior"
],
"transmission":
[
"common_sessions",
"common_c2s_pkt_num",
"common_s2c_pkt_num",
"common_c2s_byte_num",
"common_s2c_byte_num",
"common_c2s_pkt_diff",
"common_s2c_pkt_diff",
"common_c2s_byte_diff",
"common_s2c_byte_diff",
"common_c2s_ipfrag_num",
"common_s2c_ipfrag_num",
"common_c2s_tcp_lostlen",
"common_s2c_tcp_lostlen",
"common_c2s_tcp_unorder_num",
"common_s2c_tcp_unorder_num",
"common_c2s_pkt_retrans",
"common_s2c_pkt_retrans",
"common_c2s_byte_retrans",
"common_s2c_byte_retrans",
"common_first_ttl",
"common_tcp_client_isn",
"common_tcp_server_isn",
"common_mirrored_pkts",
"common_mirrored_bytes"
],
"other":
[
"common_device_tag",
"common_encapsulation",
"common_tunnels",
"common_address_list",
"common_has_dup_traffic",
"common_stream_error",
"common_link_info_c2s",
"common_link_info_s2c",
"common_packet_capture_file",
"common_action",
"common_sub_action",
"common_policy_id",
"common_user_tags",
"common_user_region"
]
}
},
"schema_type":
{
"BASE":
{
"$ref":"public_schema_info.json#/schema_type/BASE"
},
"HTTP":
{
"$ref":"public_schema_info.json#/schema_type/HTTP"
},
"MAIL":
{
"$ref":"public_schema_info.json#/schema_type/MAIL"
},
"DNS":
{
"$ref":"public_schema_info.json#/schema_type/DNS"
},
"SSL":
{
"$ref":"public_schema_info.json#/schema_type/SSL"
},
"QUIC":
{
"$ref":"public_schema_info.json#/schema_type/QUIC"
},
"FTP":
{
"$ref":"public_schema_info.json#/schema_type/FTP"
},
"BGP":
{
"$ref":"public_schema_info.json#/schema_type/BGP"
},
"SIP":
{
"$ref":"public_schema_info.json#/schema_type/SIP"
},
"RTP":
{
"$ref":"public_schema_info.json#/schema_type/RTP"
},
"APP":
{
"$ref":"public_schema_info.json#/schema_type/APP"
}
},
"default_columns":
[
"common_recv_time",
"common_log_id",
"common_subscriber_id",
"common_client_ip",
"common_server_ip",
"common_server_port",
"common_schema_type"
],
"internal_columns":
[
"common_recv_time",
"common_log_id",
"common_processing_time",
"common_ingestion_time",
"common_tunnels",
"common_packet_capture_file",
"http_request_body",
"http_response_body"
],
"tunnel_type":
{
"$ref":"public_schema_info.json#/tunnel_type"
}
},
"fields":
[
{
"name":"common_recv_time",
"type":"long",
"doc":
{
"constraints":
{
"type":"timestamp"
},
"visibility":"enabled",
"ttl":null
},
"label":"Receive Time"
},
{
"name":"common_log_id",
"type":"long",
"doc":
{
"format":
{
"functions":"snowflake_id"
},
"visibility":"enabled",
"ttl":null
},
"label":"Log ID"
},
{
"name":"common_policy_id",
"type":"long",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"label":"Policy ID"
},
{
"name":"common_subscriber_id",
"type":"string",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"Subscriber ID"
},
{
"name":"common_imei",
"type":"string",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"IMEI"
},
{
"name":"common_imsi",
"type":"string",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"IMSI"
},
{
"name":"common_phone_number",
"type":"string",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"Phone Number"
},
{
"name":"common_client_ip",
"type":"string",
"doc":
{
"constraints":
{
"type":"ip"
},
"format":
{
"functions":"geo_asn,radius_match",
"appendTo":"common_client_asn,common_subscriber_id"
},
"visibility":"enabled",
"ttl":null
},
"label":"Client IP"
},
{
"name":"common_internal_ip",
"type":"string",
"doc":
{
"constraints":
{
"type":"ip"
},
"format":
{
"functions":"if",
"param":"$.common_direction=69,$.common_client_ip,$.common_server_ip"
},
"visibility":"enabled",
"ttl":null
},
"label":"Internal IP"
},
{
"name":"common_client_port",
"type":"int",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"Client Port"
},
{
"name":"common_l4_protocol",
"type":"string",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"L4 Protocol"
},
{
"name":"common_address_type",
"type":"int",
"doc":
{
"constraints":
{
"operator_functions":"=,!="
},
"data":
[
{
"code":"4",
"value":"ipv4"
},
{
"code":"6",
"value":"ipv6"
}
],
"visibility":"enabled",
"ttl":null
},
"label":"Address Type"
},
{
"name":"common_server_ip",
"type":"string",
"doc":
{
"constraints":
{
"type":"ip"
},
"format":
{
"functions":"geo_asn",
"appendTo":"common_server_asn"
},
"visibility":"enabled",
"ttl":null
},
"label":"Server IP"
},
{
"name":"common_server_port",
"type":"int",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"Server Port"
},
{
"name":"common_external_ip",
"type":"string",
"doc":
{
"constraints":
{
"type":"ip"
},
"format":
{
"functions":"if",
"param":"$.common_direction=73,$.common_client_ip,$.common_server_ip"
},
"visibility":"enabled",
"ttl":null
},
"label":"External IP"
},
{
"name":"common_action",
"type":"int",
"doc":
{
"visibility":"hidden",
"constraints":
{
"operator_functions":"=,!="
},
"data":
[
{
"code":"0",
"value":"None"
},
{
"code":"1",
"value":"Monitor"
},
{
"code":"2",
"value":"Intercept"
},
{
"code":"16",
"value":"Deny"
},
{
"code":"128",
"value":"Allow"
}
],
"ttl":null
},
"label":"Action"
},
{
"name":"common_direction",
"type":"int",
"doc":
{
"constraints":
{
"operator_functions":"=,!="
},
"data":
[
{
"code":"69",
"value":"outbound"
},
{
"code":"73",
"value":"inbound"
}
],
"visibility":"enabled",
"ttl":null
},
"label":"Direction"
},
{
"name":"common_entrance_id",
"type":"int",
"doc":
{
"visibility":"disabled",
"ttl":null
},
"label":"Entrance ID"
},
{
"name":"common_sled_ip",
"type":"string",
"doc":
{
"constraints":
{
"type":"ip"
},
"visibility":"enabled",
"ttl":null
},
"label":"Sled IP"
},
{
"name":"common_client_location",
"type":"string",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"Client Location"
},
{
"name":"common_client_asn",
"type":"string",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"Client ASN"
},
{
"name":"common_server_location",
"type":"string",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"Server Location"
},
{
"name":"common_server_asn",
"type":"string",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"Server ASN"
},
{
"name":"common_sessions",
"type":"long",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"Sessions"
},
{
"name":"common_c2s_pkt_num",
"type":"long",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"Packets Sent"
},
{
"name":"common_s2c_pkt_num",
"type":"long",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"Packets Received"
},
{
"name":"common_c2s_byte_num",
"type":"long",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"Bytes Sent"
},
{
"name":"common_s2c_byte_num",
"type":"long",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"Bytes Received"
},
{
"name":"common_c2s_pkt_diff",
"type":"long",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"label":"Packets Sent (Delta)"
},
{
"name":"common_s2c_pkt_diff",
"type":"long",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"label":"Packets Received (Delta)"
},
{
"name":"common_c2s_byte_diff",
"type":"long",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"label":"Bytes Sent (Delta)"
},
{
"name":"common_s2c_byte_diff",
"type":"long",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"label":"Bytes Received (Delta)"
},
{
"name":"common_service",
"type":"int",
"doc":
{
"visibility":"disabled",
"ttl":null
},
"label":"Service"
},
{
"name":"common_schema_type",
"type":"string",
"doc":
{
"constraints":
{
"operator_functions":"=,!="
},
"data":
[
{
"code":"BASE",
"value":"BASE"
},
{
"code":"DNS",
"value":"DNS"
},
{
"code":"HTTP",
"value":"HTTP"
},
{
"code":"SIP",
"value":"SIP"
}
],
"visibility":"enabled",
"ttl":null
},
"label":"Schema Type"
},
{
"name":"common_user_tags",
"type":"string",
"doc":
{
"visibility":"disabled",
"ttl":null
},
"label":"User Tags"
},
{
"name":"common_sub_action",
"type":"string",
"doc":
{
"data":
[
{
"code":"allow",
"value":"Allow"
},
{
"code":"deny",
"value":"Deny"
},
{
"code":"monitor",
"value":"Monitor"
},
{
"code":"replace",
"value":"Replace"
},
{
"code":"redirect",
"value":"Redirect"
},
{
"code":"insert",
"value":"Insert"
},
{
"code":"hijack",
"value":"Hijack"
}
],
"visibility":"hidden",
"ttl":null
},
"label":"Sub Action"
},
{
"name":"common_user_region",
"type":"string",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"label":"User Region"
},
{
"name":"common_device_id",
"type":"string",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"Device ID"
},
{
"name":"common_egress_link_id",
"label":"Egress Link ID",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"type":"int"
},
{
"name":"common_ingress_link_id",
"label":"Ingress Link ID",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"type":"int"
},
{
"name":"common_isp",
"type":"string",
"doc":
{
"visibility":"disabled",
"ttl":null
},
"label":"ISP"
},
{
"name":"common_device_tag",
"type":"string",
"doc":
{
"visibility":"hidden",
"format":
{
"functions":"flattenSpec,flattenSpec",
"appendTo":"common_data_center,common_device_group",
"param":"$.tags[?(@.tag=='data_center')].value,$.tags[?(@.tag=='device_group')].value"
},
"ttl":null
},
"label":"Device Tag"
},
{
"name":"common_data_center",
"label":"Data Center",
"doc":
{
"constraints":
{
"operator_functions":"=,!="
},
"data":
{
"$ref":"device_tag.json#",
"key":"$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']",
"value":"$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']"
},
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"common_device_group",
"label":"Device Group",
"doc":
{
"constraints":
{
"operator_functions":"=,!="
},
"data":
{
"$ref":"device_tag.json#",
"key":"$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']",
"value":"$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']"
},
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"common_app_behavior",
"label":"Application Behavior",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"common_encapsulation",
"type":"int",
"doc":
{
"constraints":
{
"operator_functions":"=,!="
},
"data":
{
"$ref":"public_schema_info.json#/fields/common_encapsulation/data"
},
"visibility":"hidden",
"ttl":null
},
"label":"Encapsulation"
},
{
"name":"common_app_label",
"type":"string",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"Application Label"
},
{
"name":"common_tunnels",
"type":"string",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"Tunnels"
},
{
"name":"common_protocol_label",
"type":"string",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"Protocol Label"
},
{
"name":"common_app_id",
"type":"string",
"label":"Application ID",
"doc":
{
"visibility":"hidden",
"ttl":null
}
},
{
"name":"common_userdefine_app_name",
"label":"User Define App Name",
"type":"string",
"doc":
{
"visibility":"hidden",
"ttl":null
}
},
{
"name":"common_app_identify_info",
"label":"App Identity Info",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"type":"string"
},
{
"name":"common_app_surrogate_id",
"type":"string",
"label":"Surrogate ID",
"doc":
{
"visibility":"hidden",
"ttl":null
}
},
{
"name":"common_l7_protocol",
"type":"string",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"L7 Protocol"
},
{
"name":"common_service_category",
"type":
{
"type":"array",
"items":"int"
},
"doc":
{
"constraints":
{
"operator_functions":"has"
},
"dict_location":
{
"path":"/v1/category/dict",
"key":"categoryId",
"value":"categoryName"
},
"visibility":"enabled",
"ttl":null
},
"label":"FQDN Category"
},
{
"name":"common_start_time",
"type":"long",
"doc":
{
"allow_query":"false",
"constraints":
{
"type":"timestamp"
},
"visibility":"enabled",
"ttl":null
},
"label":"Start Time"
},
{
"name":"common_end_time",
"type":"long",
"doc":
{
"allow_query":"false",
"constraints":
{
"type":"timestamp"
},
"format":
{
"functions":"get_value",
"appendTo":"common_recv_time"
},
"visibility":"enabled",
"ttl":null
},
"label":"End Time"
},
{
"name":"common_establish_latency_ms",
"type":"long",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"TCP Handshake Latency (ms)"
},
{
"name":"common_con_duration_ms",
"type":"long",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"Duration (ms)"
},
{
"name":"common_stream_dir",
"type":"int",
"doc":
{
"constraints":
{
"operator_functions":"=,!="
},
"data":
[
{
"code":"1",
"value":"c2s"
},
{
"code":"2",
"value":"s2c"
},
{
"code":"3",
"value":"double"
}
],
"visibility":"enabled",
"ttl":null
},
"label":"Stream Direction"
},
{
"name":"common_address_list",
"type":"string",
"doc":
{
"visibility":"disabled",
"ttl":null
},
"label":"Address List"
},
{
"name":"common_has_dup_traffic",
"type":"int",
"doc":
{
"constraints":
{
"operator_functions":"=,!="
},
"data":
{
"$ref":"public_schema_info.json#/fields/common_has_dup_traffic/data"
},
"visibility":"hidden",
"ttl":null
},
"label":"Duplication Traffic"
},
{
"name":"common_stream_error",
"type":"string",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"label":"Stream Error"
},
{
"name":"common_stream_trace_id",
"type":"long",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"Session ID"
},
{
"name":"common_link_info_c2s",
"type":"string",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"label":"Link Info (c2s)"
},
{
"name":"common_link_info_s2c",
"type":"string",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"label":"Link Info (s2c)"
},
{
"name":"common_packet_capture_file",
"label":"Packet Capture File",
"doc":
{
"visibility":"hidden",
"ttl":null,
"constraints":
{
"type":"file"
}
},
"type":"string"
},
{
"name":"common_c2s_ipfrag_num",
"type":"long",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"Fragmentation Packets (c2s)"
},
{
"name":"common_s2c_ipfrag_num",
"type":"long",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"Fragmentation Packets (s2c)"
},
{
"name":"common_c2s_tcp_lostlen",
"type":"long",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"Sequence Gap Loss (c2s)"
},
{
"name":"common_s2c_tcp_lostlen",
"type":"long",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"Sequence Gap Loss (s2c)"
},
{
"name":"common_c2s_tcp_unorder_num",
"type":"long",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"Unordered Packets (c2s)"
},
{
"name":"common_s2c_tcp_unorder_num",
"type":"long",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"Unordered Packets (s2c)"
},
{
"name":"common_c2s_pkt_retrans",
"type":"long",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"Packet Retransmission (c2s)"
},
{
"name":"common_s2c_pkt_retrans",
"type":"long",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"Packet Retransmission (s2c)"
},
{
"name":"common_c2s_byte_retrans",
"type":"long",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"Byte Retransmission (c2s)"
},
{
"name":"common_s2c_byte_retrans",
"type":"long",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"Byte Retransmission (s2c)"
},
{
"name":"common_tcp_client_isn",
"type":"long",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"TCP Client ISN"
},
{
"name":"common_tcp_server_isn",
"type":"long",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"TCP Server ISN"
},
{
"name":"common_first_ttl",
"type":"int",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"label":"First TTL"
},
{
"name":"common_processing_time",
"type":"long",
"doc":
{
"constraints":
{
"type":"timestamp"
},
"format":
{
"functions":"current_timestamp"
},
"visibility":"enabled",
"ttl":null
},
"label":"Processing Time"
},
{
"name":"common_ingestion_time",
"label":"Ingestion Time",
"doc":
{
"constraints":
{
"type":"timestamp"
},
"format":
{
"functions":"ingestion_time"
},
"visibility":"enabled",
"ttl":null
},
"type":"long"
},
{
"name":"common_mirrored_pkts",
"label":"Mirrored Packets",
"type":"long",
"doc":
{
"visibility":"hidden",
"ttl":null
}
},
{
"name":"common_mirrored_bytes",
"label":"Mirrored Bytes",
"type":"long",
"doc":
{
"visibility":"hidden",
"ttl":null
}
},
{
"name":"http_url",
"type":"string",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"HTTP.URL"
},
{
"name":"http_host",
"type":"string",
"doc":
{
"format":
{
"functions":"sub_domain",
"appendTo":"http_domain"
},
"visibility":"enabled",
"ttl":null
},
"label":"HTTP.Host"
},
{
"name":"http_domain",
"type":"string",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"HTTP.Domain"
},
{
"name":"http_request_line",
"type":"string",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"label":"HTTP.Request Line"
},
{
"name":"http_response_line",
"type":"string",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"label":"HTTP.Response Line"
},
{
"name":"http_request_header",
"type":"string",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"label":"HTTP.Request Headers"
},
{
"name":"http_response_header",
"type":"string",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"label":"HTTP.Response Headers"
},
{
"name":"http_request_content",
"type":"string",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"label":"HTTP.Request Content"
},
{
"name":"http_request_content_length",
"label":"HTTP.Request Content Length",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"http_request_content_type",
"label":"HTTP.Request Content Type",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"http_response_content",
"type":"string",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"label":"HTTP.Response Content"
},
{
"name":"http_response_content_length",
"label":"HTTP.Response Content Length",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"http_response_content_type",
"label":"HTTP.Response Content Type",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"string"
},
{
"name":"http_request_body",
"type":"string",
"doc":
{
"allow_query":"false",
"constraints":
{
"type":"file"
},
"visibility":"enabled",
"ttl":null
},
"label":"HTTP.Request Body"
},
{
"name":"http_response_body",
"type":"string",
"doc":
{
"allow_query":"false",
"constraints":
{
"type":"file"
},
"visibility":"enabled",
"ttl":null
},
"label":"HTTP.Response Body"
},
{
"name":"http_request_body_key",
"type":"string",
"doc":
{
"visibility":"disabled",
"ttl":null
},
"label":"HTTP.Request Body Key"
},
{
"name":"http_response_body_key",
"type":"string",
"doc":
{
"visibility":"disabled",
"ttl":null
},
"label":"HTTP.Response Body Key"
},
{
"name":"http_proxy_flag",
"type":"int",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"label":"HTTP.Proxy Flag"
},
{
"name":"http_sequence",
"type":"int",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"label":"HTTP.Sequence"
},
{
"name":"http_snapshot",
"type":"string",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"label":"HTTP.Snapshot"
},
{
"name":"http_cookie",
"type":"string",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"HTTP.Cookie"
},
{
"name":"http_referer",
"type":"string",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"HTTP.Referer"
},
{
"name":"http_user_agent",
"type":"string",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"HTTP.User Agent"
},
{
"name":"http_content_length",
"type":"string",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"label":"HTTP.Content Length"
},
{
"name":"http_content_type",
"type":"string",
"doc":
{
"visibility":"hidden",
"ttl":null
},
"label":"HTTP.Content Type"
},
{
"name":"http_set_cookie",
"type":"string",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"HTTP.Set Cookie"
},
{
"name":"http_version",
"type":"string",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"HTTP.Version"
},
{
"name":"http_response_latency_ms",
"type":"long",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"HTTP.Response Latency (ms)"
},
{
"name":"http_session_duration_ms",
"type":"long",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"HTTP.Session Duration (ms)"
},
{
"name":"http_action_file_size",
"type":"int",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"HTTP.Action File Size"
},
{
"name":"dns_message_id",
"type":"int",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"DNS.Message ID"
},
{
"name":"dns_qr",
"type":"int",
"doc":
{
"constraints":
{
"operator_functions":"=,!="
},
"data":
[
{
"code":"0",
"value":"QUERY"
},
{
"code":"1",
"value":"RESPONSE"
}
],
"visibility":"enabled",
"ttl":null
},
"label":"DNS.QR"
},
{
"name":"dns_opcode",
"type":"int",
"doc":
{
"constraints":
{
"operator_functions":"=,!="
},
"data":
[
{
"code":"0",
"value":"QUERY"
},
{
"code":"1",
"value":"IQUERY"
},
{
"code":"2",
"value":"STATUS"
},
{
"code":"5",
"value":"UPDATE"
}
],
"visibility":"enabled",
"ttl":null
},
"label":"DNS.OPCODE"
},
{
"name":"dns_aa",
"type":"int",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"DNS.AA"
},
{
"name":"dns_tc",
"type":"int",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"DNS.TC"
},
{
"name":"dns_rd",
"type":"int",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"DNS.RD"
},
{
"name":"dns_ra",
"type":"int",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"DNS.RA"
},
{
"name":"dns_rcode",
"type":"int",
"doc":
{
"data":
[
{
"code":0,
"value":"NoError"
},
{
"code":1,
"value":"FormErr"
},
{
"code":2,
"value":"ServFail"
},
{
"code":3,
"value":"NXDomain"
},
{
"code":4,
"value":"NotImp"
},
{
"code":5,
"value":"Refused"
},
{
"code":6,
"value":"YXDomain"
},
{
"code":7,
"value":"YXRRSet"
},
{
"code":8,
"value":"NXRRSet"
},
{
"code":9,
"value":"NotAuth"
},
{
"code":10,
"value":"NotZone"
},
{
"code":16,
"value":"BADSIG"
},
{
"code":17,
"value":"BADKEY"
},
{
"code":18,
"value":"BADTIME"
},
{
"code":19,
"value":"BADMODE"
},
{
"code":20,
"value":"BADNAME"
},
{
"code":21,
"value":"BADALG"
}
],
"visibility":"enabled",
"ttl":null
},
"label":"DNS.RCODE"
},
{
"name":"dns_qdcount",
"type":"int",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"DNS.QDCOUNT"
},
{
"name":"dns_ancount",
"type":"int",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"DNS.ANCOUNT"
},
{
"name":"dns_nscount",
"type":"int",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"DNS.NSCOUNT"
},
{
"name":"dns_arcount",
"type":"int",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"DNS.ARCOUNT"
},
{
"name":"dns_qname",
"type":"string",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"DNS.QNAME"
},
{
"name":"dns_qtype",
"type":"int",
"doc":
{
"constraints":
{
"operator_functions":"=,!="
},
"data":
[
{
"code":"1",
"value":"A"
},
{
"code":"2",
"value":"NS"
},
{
"code":"3",
"value":"MD"
},
{
"code":"4",
"value":"MF"
},
{
"code":"5",
"value":"CNAME"
},
{
"code":"6",
"value":"SOA"
},
{
"code":"7",
"value":"MB"
},
{
"code":"8",
"value":"MG"
},
{
"code":"9",
"value":"MR"
},
{
"code":"10",
"value":"NULL"
},
{
"code":"11",
"value":"WKS"
},
{
"code":"12",
"value":"PTR"
},
{
"code":"13",
"value":"HINFO"
},
{
"code":"14",
"value":"MINFO"
},
{
"code":"15",
"value":"MX"
},
{
"code":"16",
"value":"TXT"
},
{
"code":"17",
"value":"RP"
},
{
"code":"18",
"value":"AFSDB"
},
{
"code":"19",
"value":"X25"
},
{
"code":"20",
"value":"ISDN"
},
{
"code":"21",
"value":"RT"
},
{
"code":"22",
"value":"NSAP"
},
{
"code":"23",
"value":"NSAP"
},
{
"code":"24",
"value":"SIG"
},
{
"code":"25",
"value":"KEY"
},
{
"code":"26",
"value":"PX"
},
{
"code":"27",
"value":"GPOS"
},
{
"code":"28",
"value":"AAAA"
},
{
"code":"29",
"value":"LOC"
},
{
"code":"30",
"value":"EID"
},
{
"code":"31",
"value":"NIMLOC"
},
{
"code":"32",
"value":"NB"
},
{
"code":"33",
"value":"SRV"
},
{
"code":"34",
"value":"ATMA"
},
{
"code":"35",
"value":"NAPTR"
},
{
"code":"36",
"value":"KX"
},
{
"code":"37",
"value":"CERT"
},
{
"code":"38",
"value":"A6"
},
{
"code":"39",
"value":"DNAME"
},
{
"code":"40",
"value":"SINK"
},
{
"code":"41",
"value":"OPT"
},
{
"code":"42",
"value":"APL"
},
{
"code":"43",
"value":"DS"
},
{
"code":"44",
"value":"SSHFP"
},
{
"code":"45",
"value":"IPSECKEY"
},
{
"code":"46",
"value":"RRSIG"
},
{
"code":"47",
"value":"NSEC"
},
{
"code":"48",
"value":"DNSKEY"
},
{
"code":"49",
"value":"DHCID"
},
{
"code":"50",
"value":"NSEC3"
},
{
"code":"51",
"value":"NSEC3PARAM"
},
{
"code":"52",
"value":"TLSA"
},
{
"code":"53",
"value":"SMIMEA"
},
{
"code":"55",
"value":"HIP"
},
{
"code":"59",
"value":"CDS"
},
{
"code":"60",
"value":"CDNSKEY"
},
{
"code":"61",
"value":"OPENPGPKEY"
},
{
"code":"62",
"value":"CSYNC"
},
{
"code":"63",
"value":"ZONEMD"
},
{
"code":"64",
"value":"SVCB"
},
{
"code":"65",
"value":"HTTPS"
},
{
"code":"99",
"value":"SPF"
},
{
"code":"100",
"value":"UINFO"
},
{
"code":"101",
"value":"UID"
},
{
"code":"102",
"value":"GID"
},
{
"code":"103",
"value":"UNSPEC"
},
{
"code":"108",
"value":"EUI48"
},
{
"code":"109",
"value":"EUI64"
},
{
"code":"249",
"value":"TKEY"
},
{
"code":"250",
"value":"TSIG"
},
{
"code":"251",
"value":"IXFR"
},
{
"code":"252",
"value":"AXFR"
},
{
"code":"253",
"value":"MAILB"
},
{
"code":"254",
"value":"MAILA"
},
{
"code":"255",
"value":"*"
},
{
"code":"256",
"value":"URI"
},
{
"code":"257",
"value":"CAA"
},
{
"code":"32768",
"value":"TA"
},
{
"code":"32769",
"value":"DLV"
},
{
"code":"65521",
"value":"INTEGRITY"
}
],
"visibility":"enabled",
"ttl":null
},
"label":"DNS.QTYPE"
},
{
"name":"dns_qclass",
"type":"int",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"DNS.QCLASS"
},
{
"name":"dns_cname",
"type":"string",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"DNS.CNAME"
},
{
"name":"dns_sub",
"type":"int",
"doc":
{
"constraints":
{
"operator_functions":"=,!="
},
"data":
[
{
"code":"1",
"value":"DNS"
},
{
"code":"2",
"value":"DNSSEC"
}
],
"visibility":"enabled",
"ttl":null
},
"label":"DNS.SUB"
},
{
"name":"dns_rr",
"type":"string",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"DNS.RR"
},
{
"name":"dns_response_latency_ms",
"label":"DNS.Response Latency (ms)",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"type":"int"
},
{
"name":"sip_call_id",
"type":"string",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"SIP.Call-ID"
},
{
"name":"sip_originator_description",
"type":"string",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"SIP.Originator"
},
{
"name":"sip_responder_description",
"type":"string",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"SIP.Responder"
},
{
"name":"sip_user_agent",
"type":"string",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"SIP.User-Agent"
},
{
"name":"sip_server",
"type":"string",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"SIP.Server"
},
{
"name":"sip_originator_sdp_connect_ip",
"type":"string",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"SIP.Originator IP"
},
{
"name":"sip_originator_sdp_media_port",
"type":"int",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"SIP.Originator Port"
},
{
"name":"sip_originator_sdp_media_type",
"type":"string",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"SIP.Originator Media Type"
},
{
"name":"sip_originator_sdp_content",
"type":"string",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"SIP.Originator Content"
},
{
"name":"sip_responder_sdp_connect_ip",
"type":"string",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"SIP.Responder IP"
},
{
"name":"sip_responder_sdp_media_port",
"type":"int",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"SIP.Responder Port"
},
{
"name":"sip_responder_sdp_media_type",
"type":"string",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"SIP.Responder Media Type"
},
{
"name":"sip_responder_sdp_content",
"type":"string",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"SIP.Responder Content"
},
{
"name":"sip_duration_s",
"type":"int",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"SIP.Duration (s)"
},
{
"name":"sip_bye",
"type":"string",
"doc":
{
"visibility":"enabled",
"ttl":null
},
"label":"SIP.Bye"
}
]
}
Reference in New Issue View Git Blame Copy Permalink