Specify an Alias for a Field
In the search query, you can enter the alias, or abbreviated term, for a field name rather than entering the full name. For the fields shown in the following table, you can also use the presentable field names, such as Agent Address. Search suggests presentable names.
|
Field |
Aliases |
|---|---|
|
agentAddress |
agt agent ip |
|
agentHostName |
ahost |
|
agentId |
aid |
|
agentMacAddress |
amac agent mac |
|
agentReceiptTime |
art |
|
agentTimeZone |
atz |
|
agentTranslatedAddress |
agent translated ip |
|
agentType |
at |
|
agentVersion |
av |
|
applicatonProtocol |
app protocol |
|
baseEventCount |
cnt |
|
bytesIn |
in |
|
bytesOut |
out |
|
categoryBehavior |
behavior |
|
categoryDeviceGroup |
device group |
|
categoryObject |
object |
|
categorySignificance |
significance |
|
categoryTechnique |
technique |
|
destinationAddress |
dst destination ip destinationip dst ip dest ip target ip targetip target |
|
destinationHostName |
dhost destination name |
|
destinationMacAddress |
dmac destination mac |
|
destinationNtDomain |
dntdom |
|
destinationPort |
dpt destination port dstport dest port targetport target port |
|
destinationProcessId |
dpid |
|
destinationProcessName |
dproc |
|
destinationTranslatedAddress |
destination translated ip |
|
destinationuserId |
duid |
|
destinationUserName |
duser dst user dest user destination user dst usr |
|
destinationUserPrivileges |
dpriv |
|
deviceAction |
act |
|
deviceAddress |
dvc deviceaddr deviceip device ip |
|
deviceCustomFloatingPointn Valid values for n are integers between 1 and 4 For example: deviceCustomFloatingPoint1 |
cfpn For example: cfp1 |
|
deviceCustomFloatingPointnLabel Valid values for n are integers between 1 and 4 For example: deviceCustomFloatingPoint1Label |
cfpnLabel For example: cfp1Label |
|
deviceCustomIPv6Addressn Valid values for n are integers between 1 and 4 For example: deviceCustomIPv6Address2 |
c6an device custom ipv6 n For example: c6a2 |
|
deviceCustomIPv6AddressnLabel Valid values for n are integers between 1 and 4 For example: deviceCustomIPv6Address2Label |
c6anLabel For example: c6a2Label |
|
deviceCustomNumbern Valid values for n are integers between 1 and 3 For example, deviceCustomNumber3 |
cnn For example: cn3 |
|
deviceCustomNumbernLabel Valid values for n are integers between 1 and 6 For example: deviceCustomNumber6Label |
cnnLabel For example: cn6Label |
|
deviceCustomStringn Valid values for n are integers between 1 and 6 For example: deviceCustomString5 |
Csn For example: Cs5 |
|
deviceEventCategory |
cat |
|
deviceHostName |
dvchost |
|
deviceMacAddress |
dvcmac device mac |
|
deviceProcessId |
dvcpid |
|
deviceReceiptTime |
rt |
|
deviceTimeZone |
dtz |
|
deviceTranslatedAddress |
device translated ip |
|
endTime |
end |
|
eventOutcome |
outcome |
|
fileNme |
fname |
|
fileSize |
fsize |
|
message |
msg |
|
requestUrl |
request URL |
|
sourceAddress |
src source ip sourceip src ip |
|
sourceHostName |
shost |
|
sourceMacAddress |
smac source mac |
|
sourceNtDomain |
sntdomain |
|
sourcePort |
spt srcport src port |
|
sourceProcessId |
spid |
|
sourceProcessName |
sproc |
|
sourceTranslatedAddress |
source translated ip |
|
sourceUserId |
suid |
|
sourceuserName |
suser src user source user src usr |
|
sourceUserPrivileges |
spriv |
|
startTime |
start |
|
transportProtocol |
proto |