Source Fields

Source Fields Schema

Field Name	Example Values	Field Type	Notes
source_bytes_sent	29834710	long	Network bytes sent by source, some sources may present this as source bytes tx, bytes tx or something similar.
source_hostname	corpdc01, corpdc01.local, lab01.corpdomain.com	keyword (normalized:loweronly)	NetBIOS or dns hostname, converted to lowercase
source_ip	10.1.2.3, fe80:5cc3:11:4::2c	ip	IPv4 and IPv6 addresses
source_nat_ip	10.1.2.3, fe80:5cc3:11:4::2c	ip
source_nat_port	2384	integer
source_packets_sent	23094823	int	Count of packets sent by source
source_port	45392	integer	numeric port, 0-65535
source_vsys_uuid
source_zone		keyword

Derived and Enriched Fields (values will be derived or added from external sources)

Field Name	Example Values	Field Type	Notes
source_as_*			See: as_* fields
source_category		keyword	Future: from entity mapping
source_geo_*			See: geo_* fields
source_location_name	Chicago, US, Datacenter 01, Bismark - Finance	keyword	Field is derived either from an internal enterprise network definition or the Geo location fields if availble
source_mac	a0:b4:44:01:a9:d1	keyword	MAC address of host, colon-delimited and lower case
source_priority	critical, high, medium, low, informational	keyword	Future: from entity mapping
source_priority_level	1-5	byte	1 = Critical, 2 = High, 3 = Medium, 4 = Low, 5 = Informational
source_reference	IPv4,IPv6, hostname,fqdn	keyword (normalized:loweronly)	Mapped from source_ip or source_hostname in that order