| Field Name | Example Values | Field Type | Notes |
|---|---|---|---|
network_application
|
facebook, instagram | keyword/loweronly | Application name - Facebook, etc. |
network_bytes
|
71238 | long | Bytes transferred during a connection, may be calculated by summing bytes sent/received (source_bytes_sent/destination_bytes_sent) - some vendors may report this as packet_length |
network_bytes_rx
|
DEPRECATED - use destination_bytes_sent |
||
network_bytes_tx
|
DEPRECATED - use source_bytes_sent |
||
network_community_id
|
keyword | See: https://github.com/corelight/community-id-spec | |
network_connection_duration
|
0:23:45 | keyword | Duration of time a network connection was established |
network_connection_uid
|
CMdzit1AMNsmfAIiQc | keyword | Unique identifier value for a network connection |
network_data_bytes
|
71238 | long | Total bytes of the data payload |
network_direction
|
inbound, outbound, lateral | keyword | Indicates the direction of the observed network flow. Must be either inbound or outbound, this should be mapped to these values if vendors provide network direction differently. |
network_forwarded_ip
|
10.1.2.3, fe80:5cc3:11:4::2c | ip | |
network_header_bytes
|
71238 | long | Total bytes of packet header information |
network_iana_number
|
6, 17, 41 | integer | https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml |
network_icmp_type
|
echo, time exceeded | keyword | https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml |
network_inner
|
TBD | ||
network_interface_in
|
gi0/1 | keyword/loweronly | Name of interface traffic receiving traffic |
network_interface_out
|
gi0/1 | keyword/loweronly | Name of interface traffic sending traffic |
network_ip_version
|
4, 6 | keyword | IPv4 or IPv6 |
network_name
|
TBD | ||
network_packets
|
71238 | long | Count of packets transferred during a connection, may be calculated by summing packets sent/received (source_packets_sent/destination_packets_sent) |
network_packets_rx
|
DEPRECATED - use destination_packets_sent |
||
network_packets_tx
|
DEPRECATED - use source_packets_sent |
||
network_protocol
|
ipv4, ipv6, icmp | keyword/loweronly | Protocol names, preferrably from the Keyword column in https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml |
network_transport
|
udp, tcp | keyword/loweronly | transport layer protocol of packet/connection |
network_tunnel_type
|
gre, ipsec | keyword/loweronly | tunnel type |
network_tunnel_duration
|
2093847 | long | time in seconds for tunnel duration |
network_type
|
TBD - maybe not needed since network_protocol |
The following content is part of the Graylog Illuminate 6.3 documentation. If you are using another version of Illuminate, please switch to your version. For versions prior to 4.0, please see the legacy documentation.
