CEFMessage¶
The parsed representation of a CEF Message.
| Name | Type | Optional | Default Value | Documentation |
|---|---|---|---|---|
| date | INT64 | true | The timestamp of the message. | |
| facility | INT32 | true | The facility of the message. | |
| host | STRING | true | The host of the message. | |
| level | INT32 | true | The level of the syslog message as defined by RFC 5424. | |
| message | STRING | false | Unparsed version of the message. | |
| cefVersion | INT32 | false | Version of CEF the message is using. | |
| deviceVendor | STRING | false | Vendor of the device that logged the message. | |
| deviceProduct | STRING | false | The product that logged the message. | |
| deviceVersion | STRING | false | The version of the device that is logging the message. | |
| deviceEventClassId | STRING | false | The internal event id for the message. | |
| name | STRING | false | Name of the event. This is typically a short description. | |
| severity | STRING | false | The severity of the message. | |
| extensions | Map of STRING, STRING | true | Key value pairs of any extensions to the message. |