Metadata Field Mapping
June 14, 2023 ยท View on GitHub
This table maps old metadata field names to New-Scale field names that correspond to the Common Information Model.
| Old Metadata Field Name | New-Scale Metadata Field Name |
|---|---|
| @host | m_host |
| @metadata.beat | m_metadata_beat |
| @metadata.topic | m_metadata_topic |
| @metadata.type | m_metadata_type |
| @metadata.version | m_metadata_version |
| @timestamp | m_timestamp |
| @version | m_version |
| agent.ephemeral_id | m_agent_ephemeral_id |
| agent.hostname | m_agent_hostname |
| agent.id | m_agent_id |
| agent.type | m_agent_type |
| agent.version | m_agent_version |
| beat_name | m_beat_name |
| beat_version | m_beat_version |
| collector_name | m_collector_name |
| collector_type | m_collector_type |
| computer_name | m_computer_name |
| destinationServiceName | m_destinationServiceName |
| dproc | m_dproc |
| event.action | m_event_action |
| event.code | m_event_code |
| event.created | m_event_created |
| event.kind | m_event_kind |
| event.original | m_event_original |
| event.provider | m_event_provider |
| event_data.PackageName | m_event_data_PackageName |
| event_data.Status | m_event_data_Status |
| event_data.TargetUserName | m_event_data_TargetUserName |
| event_data.Workstation | m_event_data_Workstation |
| event_id | m_event_id |
| exa-message-size | m_exa_message_size |
| exa_rsc.agent.ephemeral_id | m_exa_rsc_agent_ephemeral_id |
| exa_rsc.agent.hostname | m_exa_rsc_agent_hostname |
| exa_rsc.agent.id | m_exa_rsc_agent_id |
| exa_rsc.agent.type | m_exa_rsc_agent_type |
| exa_rsc.agent.version | m_exa_rsc_agent_version |
| exa_rsc.hostname | m_exa_rsc_hostname |
| exa_rsc.input.type | m_exa_rsc_input_type |
| exa_rsc.kafka.headers | m_exa_rsc_kafka_headers |
| exa_rsc.kafka.key | m_exa_rsc_kafka_key |
| exa_rsc.kafka.offset | m_exa_rsc_kafka_offset |
| exa_rsc.kafka.partition | m_exa_rsc_kafka_partition |
| exa_rsc.kafka.topic | m_exa_rsc_kafka_topic |
| exa_rsc.time_off | m_exa_rsc_time_off |
| exa_rsc.timestamp | m_exa_rsc_timestamp |
| exa_rsc.timezone | m_exa_rsc_timezone |
| exa_sc.collector_name | m_exa_sc_collector_name |
| exa_sc.collector_type | m_exa_sc_collector_type |
| exa_sc.hostname | m_exa_sc_hostname |
| forwarder | m_forwarder |
| hostname | m_hostname |
| input.type | m_input_type |
| keywords | m_keywords |
| level | m_level |
| log.file.path | m_log_file_path |
| log.level | m_log_level |
| log.name | m_log_name |
| log.offset | m_log_offset |
| message | m_message |
| opcode | m_opcode |
| path | m_path |
| port | m_port |
| provider_guid | m_provider_guid |
| record.number | m_record_number |
| source.name | m_source_name |
| task | m_task |
| time_off | m_time_off |
| timezone | m_timezone |
| type | m_type |
| winlog.activity_id | m_winlog_activity_id |
| winlog.api | m_winlog_api |
| winlog.channel | m_winlog_channel |
| winlog.computer_name | m_winlog_computer_name |
| winlog.event_data.Binary | m_winlog_event_data_Binary |
| winlog.event_data.LogonType | m_winlog_event_data_LogonType |
| winlog.event_data.PrivilegeList | m_winlog_event_data_PrivilegeList |
| winlog.event_data.SubjectDomainName | m_winlog_event_data_SubjectDomainName |
| winlog.event_data.TargetDomainName | m_winlog_event_data_TargetDomainName |
| winlog.event_data.TargetLogonId | m_winlog_event_data_TargetLogonId |
| winlog.event_data.TargetUserName | m_winlog_event_data_TargetUserName |
| winlog.event_data.TargetUserSid | m_winlog_event_data_TargetUserSid |
| winlog.event_data.lmpackagename | m_winlog_event_data_lmpackagename |
| winlog.event_data.param1 | m_winlog_event_data_param1 |
| winlog.event_data.param2 | m_winlog_event_data_param2 |
| winlog.event_data.param3 | m_winlog_event_data_param3 |
| winlog.event_id | m_winlog_event_id |
| winlog.keywords | m_winlog_keywords |
| winlog.opcode | m_winlog_opcode |
| winlog.process.pid | m_winlog_process_pid |
| winlog.process.thread.id | m_winlog_process_thread_id |
| winlog.provider_guid | m_winlog_provider_guid |
| winlog.provider_name | m_winlog_provider_name |
| winlog.record_id | m_winlog_record_id |
| winlog.task | m_winlog_task |
| winlog.user.domain | m_winlog_user_domain |
| winlog.user.identifier | m_winlog_user_identifier |
| winlog.user.name | m_winlog_user_name |
| winlog.user.type | m_winlog_user_type |