Data Source: Cisco Network Visibility Module OSquery

Date: 2025-06-30

ID: d59bcd3c-da06-41c6-b33e-8b8d23078f68

Author: Nasreddine Bencherchali, Splunk

Description

Data source object for OSquery events from Cisco Network Visibility Module

Details

Property	Value
Source	`not_applicable`
Sourcetype	`cisco:nvm:osquery`

Supported Apps

Cisco NVM Add-on for Splunk (version 4.0.7)

Event Fields

+ Fields

  <span class="pill kill-chain">current_page</span>
  
  <span class="pill kill-chain">date_hour</span>
  
  <span class="pill kill-chain">date_mday</span>
  
  <span class="pill kill-chain">date_minute</span>
  
  <span class="pill kill-chain">date_month</span>
  
  <span class="pill kill-chain">date_second</span>
  
  <span class="pill kill-chain">date_wday</span>
  
  <span class="pill kill-chain">date_year</span>
  
  <span class="pill kill-chain">date_zone</span>
  
  <span class="pill kill-chain">eventtype</span>
  
  <span class="pill kill-chain">fv</span>
  
  <span class="pill kill-chain">host</span>
  
  <span class="pill kill-chain">index</span>
  
  <span class="pill kill-chain">linecount</span>
  
  <span class="pill kill-chain">osquery_version</span>
  
  <span class="pill kill-chain">punct</span>
  
  <span class="pill kill-chain">qid</span>
  
  <span class="pill kill-chain">qjr</span>
  
  <span class="pill kill-chain">qpi</span>
  
  <span class="pill kill-chain">qpn</span>
  
  <span class="pill kill-chain">qt</span>
  
  <span class="pill kill-chain">query_id</span>
  
  <span class="pill kill-chain">query_json_response</span>
  
  <span class="pill kill-chain">query_timestamp</span>
  
  <span class="pill kill-chain">qv</span>
  
  <span class="pill kill-chain">source</span>
  
  <span class="pill kill-chain">sourcetype</span>
  
  <span class="pill kill-chain">splunk_server</span>
  
  <span class="pill kill-chain">splunk_server_group</span>
  
  <span class="pill kill-chain">tag</span>
  
  <span class="pill kill-chain">tag::eventtype</span>
  
  <span class="pill kill-chain">timeendpos</span>
  
  <span class="pill kill-chain">timestartpos</span>
  
  <span class="pill kill-chain">total_pages</span>
  
  <span class="pill kill-chain">udid</span>
  
</div>

Example Log

1Jun 30 09:20:43 127.0.0.1 Jun 30 09:20:43 ip-172-31-30-201  fv="nvzFlow_v8" udid="10E8A7F940225180BFDB748D2AE336EA7285CB8C" qv="5.5.1-dirty" qid="38654705666" qt="1751275242" qpi="1" qpn="1" qjr="[{\"active\":\"1\",\"autoupdate\":\"1\",\"creator\":\"null\",\"description\":\"\",\"disabled\":\"0\",\"identifier\":\"addons-search-detection@mozilla.com\",\"location\":\"app-builtin\",\"name\":\"Add-ons Search Detection\",\"native\":\"\",\"path\":\"null\",\"source_url\":\"null\",\"type\":\"extension\",\"uid\":\"500\",\"version\":\"2.0.0\",\"visible\":\"1\"},{\"active\":\"0\",\"autoupdate\":\"1\",\"creator\":\"Mozilla <screenshots-feedback@mozilla.com>\",\"description\":\"Take clips and screenshots from the Web and save them temporarily or permanently.\",\"disabled\":\"1\",\"identifier\":\"screenshots@mozilla.org\",\"location\":\"app-system-defaults\",\"name\":\"Firefox Screenshots\",\"native\":\"\",\"path\":\"C:\\Program Files\\Mozilla Firefox\\browser\\features\\screenshots@mozilla.org.xpi\",\"source_url\":\"null\",\"type\":\"extension\",\"uid\":\"500\",\"version\":\"39.0.1\",\"visible\":\"1\"},{\"active\":\"1\",\"autoupdate\":\"1\",\"creator\":\"null\",\"description\":\"\",\"disabled\":\"0\",\"identifier\":\"formautofill@mozilla.org\",\"location\":\"app-system-defaults\",\"name\":\"Form Autofill\",\"native\":\"\",\"path\":\"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi\",\"source_url\":\"null\",\"type\":\"extension\",\"uid\":\"500\",\"version\":\"1.0.1\",\"visible\":\"1\"},{\"active\":\"1\",\"autoupdate\":\"1\",\"creator\":\"null\",\"description\":\"Fixes for web compatibility with Picture-in-Picture\",\"disabled\":\"0\",\"identifier\":\"pictureinpicture@mozilla.org\",\"location\":\"app-system-defaults\",\"name\":\"Picture-In-Picture\",\"native\":\"\",\"path\":\"C:\\Program Files\\Mozilla Firefox\\browser\\features\\pictureinpicture@mozilla.org.xpi\",\"source_url\":\"null\",\"type\":\"extension\",\"uid\":\"500\",\"version\":\"1.0.0\",\"visible\":\"1\"},{\"active\":\"1\",\"autoupdate\":\"1\",\"creator\":\"null\",\"description\":\"Urgent post-release fixes for web compatibility.\",\"disabled\":\"0\",\"identifier\":\"webcompat@mozilla.org\",\"location\":\"app-system-defaults\",\"name\":\"Web Compatibility Interventions\",\"native\":\"\",\"path\":\"C:\\Program Files\\Mozilla Firefox\\browser\\features\\webcompat@mozilla.org.xpi\",\"source_url\":\"null\",\"type\":\"extension\",\"uid\":\"500\",\"version\":\"137.7.0\",\"visible\":\"1\"},{\"active\":\"0\",\"autoupdate\":\"1\",\"creator\":\"Thomas Wisniewski <twisniewski@mozilla.com>\",\"description\":\"Report site compatibility issues on webcompat.com\",\"disabled\":\"1\",\"identifier\":\"webcompat-reporter@mozilla.org\",\"location\":\"app-system-defaults\",\"name\":\"WebCompat Reporter\",\"native\":\"\",\"path\":\"C:\\Program Files\\Mozilla Firefox\\browser\\features\\webcompat-reporter@mozilla.org.xpi\",\"source_url\":\"null\",\"type\":\"extension\",\"uid\":\"500\",\"version\":\"2.1.0\",\"visible\":\"1\"}]"

Source: GitHub | Version: 1