Global Fields (4)
| Field | Type |
|---|---|
ngs.createdAt Timestamp when the event was created locally. | pdate |
ngs.id Unique identifier for the log entry. | string |
ngs.indexedAt Timestamp when the log was indexed into the SIEM. | pdate |
ngs.source Origin or source system of the log. | string |
Generic Fields (12)
These are common fields that appear across multiple namespaces. They represent attributes that are inherited or reused from a global schema— things like timestamps, unique identifiers, user IDs, or status codes that every namespace needs. By sharing these fields, we ensure consistency and make it easy to run cross-namespace searches and reports.
| Field | Reference-Specific Fields | Type |
|---|---|---|
gen.product Product name or component generating the log. | consistec.caplon.device_product | strings |
gen.vendor Vendor name of the product generating the log. | consistec.caplon.device_vendor | strings |
gen.dest.ip Destination IP address. | consistec.caplon.dst.ip | text_general |
gen.dest.mac MAC address of the destination device. | consistec.caplon.dst.mac | string |
gen.dest.port Destination port number. | consistec.caplon.dst.port | pint |
gen.hostname Normalized hostname of the system generating the log. | consistec.caplon.hostname | text_general |
gen.protocol Network protocol used (e.g., TCP, UDP, ICMP). | consistec.caplon.network.application consistec.caplon.network.transport | strings |
gen.severity Normalized severity field across log sources. | consistec.caplon.severity | strings |
gen.src.ip Source IP address. | consistec.caplon.src.ip | text_general |
gen.src.mac MAC address of the source device. | consistec.caplon.src.mac | string |
gen.src.port Source port number. | consistec.caplon.src.port | pint |
gen.username Username associated with the event. | consistec.caplon.username | text_general |
Reference-Specific Fields (39)
| Field | Type |
|---|---|
consistec.caplon.back.bytes Number of bytes in the return (back) direction of the flow. | plong |
consistec.caplon.back.packets Number of packets in the return (back) direction of the flow. | plong |
consistec.caplon.category High-level classification of the event type. | text_general |
consistec.caplon.cipher Name of the encryption cipher used for securing the communication. | string |
consistec.caplon.count Count of occurrences for this event type in the reporting interval. | plong |
consistec.caplon.device_product Model or product identifier of the Consistec Caplon device. | string |
consistec.caplon.device_vendor Manufacturer or vendor name of the device that generated the log. | string |
consistec.caplon.device_version Firmware or software version of the Caplon device. | string |
consistec.caplon.dnsComputerName DNS computer name resolution for the source device. | string |
consistec.caplon.dnsDomainName DNS domain name associated with the client or server host. | string |
consistec.caplon.dnsTreeName DNS tree or forest name in Active Directory environments. | string |
consistec.caplon.domain Network domain or zone in which the event occurred. | string |
consistec.caplon.dst.ip Destination IPv4 or IPv6 address of the packet or session. | string |
consistec.caplon.dst.layer OSI layer at which the destination interaction occurred. | string |
consistec.caplon.dst.mac Destination MAC address of the packet or session. | string |
consistec.caplon.dst.port Destination port number of the network packet or flow. | plong |
consistec.caplon.end Timestamp marking the end of the observed session or event. | pdate |
consistec.caplon.event_name Descriptive name of the event or alert category. | text_general |
consistec.caplon.hierarchy Device hierarchy or segment within the network topology. | string |
consistec.caplon.hostname Hostname of the device that generated the log entry. | string |
consistec.caplon.instance Instance name or identifier for this particular Caplon collector or session. | string |
consistec.caplon.main.bytes Number of bytes in the main (forward) direction of the flow. | plong |
consistec.caplon.main.packets Number of packets in the main (forward) direction of the flow. | plong |
consistec.caplon.message Free-form text message or description provided by the device for this event. | text_general |
consistec.caplon.nbComputerName NetBIOS computer name of the source device. | string |
consistec.caplon.nbDomainName NetBIOS domain name associated with the host. | string |
consistec.caplon.network.application Application protocol or service detected in the traffic (e.g., HTTP, FTP). | string |
consistec.caplon.network.transport Underlying transport protocol (e.g., Ethernet, MPLS) used for the packet flow. | string |
consistec.caplon.network.vlan_id Numeric VLAN ID associated with the traffic. | plong |
consistec.caplon.severity Severity level of the event on a predefined scale (e.g., 1-5). | plong |
consistec.caplon.src.ip Source IPv4 or IPv6 address of the packet or session. | string |
consistec.caplon.src.layer OSI layer at which the source interaction occurred. | string |
consistec.caplon.src.mac Source MAC address of the device initiating the connection or event. | string |
consistec.caplon.src.port Source port number of the network packet or flow. | plong |
consistec.caplon.start Timestamp marking the start of the observed session or event. | pdate |
consistec.caplon.targetName Name of the target host or service affected by the event. | string |
consistec.caplon.timestamp Exact event timestamp as recorded by the Caplon device. | pdate |
consistec.caplon.username Authenticated username associated with the session, if available. | string |
consistec.caplon.vlan VLAN identifier associated with the traffic flow or event. | string |
Sample Log Event
Below is a representative JSON log entry showing key fields as they're emitted by the system. Depending on the context of the event, some fields may be omitted if they're not applicable.