Metadata Field Mapping

June 14, 2023 ยท View on GitHub

This table maps old metadata field names to New-Scale field names that correspond to the Common Information Model.

Old Metadata Field NameNew-Scale Metadata Field Name
@hostm_host
@metadata.beatm_metadata_beat
@metadata.topicm_metadata_topic
@metadata.typem_metadata_type
@metadata.versionm_metadata_version
@timestampm_timestamp
@versionm_version
agent.ephemeral_idm_agent_ephemeral_id
agent.hostnamem_agent_hostname
agent.idm_agent_id
agent.typem_agent_type
agent.versionm_agent_version
beat_namem_beat_name
beat_versionm_beat_version
collector_namem_collector_name
collector_typem_collector_type
computer_namem_computer_name
destinationServiceNamem_destinationServiceName
dprocm_dproc
event.actionm_event_action
event.codem_event_code
event.createdm_event_created
event.kindm_event_kind
event.originalm_event_original
event.providerm_event_provider
event_data.PackageNamem_event_data_PackageName
event_data.Statusm_event_data_Status
event_data.TargetUserNamem_event_data_TargetUserName
event_data.Workstationm_event_data_Workstation
event_idm_event_id
exa-message-sizem_exa_message_size
exa_rsc.agent.ephemeral_idm_exa_rsc_agent_ephemeral_id
exa_rsc.agent.hostnamem_exa_rsc_agent_hostname
exa_rsc.agent.idm_exa_rsc_agent_id
exa_rsc.agent.typem_exa_rsc_agent_type
exa_rsc.agent.versionm_exa_rsc_agent_version
exa_rsc.hostnamem_exa_rsc_hostname
exa_rsc.input.typem_exa_rsc_input_type
exa_rsc.kafka.headersm_exa_rsc_kafka_headers
exa_rsc.kafka.keym_exa_rsc_kafka_key
exa_rsc.kafka.offsetm_exa_rsc_kafka_offset
exa_rsc.kafka.partitionm_exa_rsc_kafka_partition
exa_rsc.kafka.topicm_exa_rsc_kafka_topic
exa_rsc.time_offm_exa_rsc_time_off
exa_rsc.timestampm_exa_rsc_timestamp
exa_rsc.timezonem_exa_rsc_timezone
exa_sc.collector_namem_exa_sc_collector_name
exa_sc.collector_typem_exa_sc_collector_type
exa_sc.hostnamem_exa_sc_hostname
forwarderm_forwarder
hostnamem_hostname
input.typem_input_type
keywordsm_keywords
levelm_level
log.file.pathm_log_file_path
log.levelm_log_level
log.namem_log_name
log.offsetm_log_offset
messagem_message
opcodem_opcode
pathm_path
portm_port
provider_guidm_provider_guid
record.numberm_record_number
source.namem_source_name
taskm_task
time_offm_time_off
timezonem_timezone
typem_type
winlog.activity_idm_winlog_activity_id
winlog.apim_winlog_api
winlog.channelm_winlog_channel
winlog.computer_namem_winlog_computer_name
winlog.event_data.Binarym_winlog_event_data_Binary
winlog.event_data.LogonTypem_winlog_event_data_LogonType
winlog.event_data.PrivilegeListm_winlog_event_data_PrivilegeList
winlog.event_data.SubjectDomainNamem_winlog_event_data_SubjectDomainName
winlog.event_data.TargetDomainNamem_winlog_event_data_TargetDomainName
winlog.event_data.TargetLogonIdm_winlog_event_data_TargetLogonId
winlog.event_data.TargetUserNamem_winlog_event_data_TargetUserName
winlog.event_data.TargetUserSidm_winlog_event_data_TargetUserSid
winlog.event_data.lmpackagenamem_winlog_event_data_lmpackagename
winlog.event_data.param1m_winlog_event_data_param1
winlog.event_data.param2m_winlog_event_data_param2
winlog.event_data.param3m_winlog_event_data_param3
winlog.event_idm_winlog_event_id
winlog.keywordsm_winlog_keywords
winlog.opcodem_winlog_opcode
winlog.process.pidm_winlog_process_pid
winlog.process.thread.idm_winlog_process_thread_id
winlog.provider_guidm_winlog_provider_guid
winlog.provider_namem_winlog_provider_name
winlog.record_idm_winlog_record_id
winlog.taskm_winlog_task
winlog.user.domainm_winlog_user_domain
winlog.user.identifierm_winlog_user_identifier
winlog.user.namem_winlog_user_name
winlog.user.typem_winlog_user_type