Destination Fields
editDestination Fields
editDestination fields describe details about the destination of a packet/event.
Destination fields are usually populated in conjunction with source fields.
Destination Field Details
editField | Description | Level |
---|---|---|
destination.address |
Some event destination addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the Then it should be duplicated to type: keyword |
extended |
destination.bytes |
Bytes sent from the destination to the source. type: long example: |
core |
destination.domain |
Destination domain. type: keyword |
core |
destination.ip |
IP address of the destination. Can be one or multiple IPv4 or IPv6 addresses. type: ip |
core |
destination.mac |
MAC address of the destination. type: keyword |
core |
destination.nat.ip |
Translated ip of destination based NAT sessions (e.g. internet to private DMZ) Typically used with load balancers, firewalls, or routers. type: ip |
extended |
destination.nat.port |
Port the source session is translated to by NAT Device. Typically used with load balancers, firewalls, or routers. type: long |
extended |
destination.packets |
Packets sent from the destination to the source. type: long example: |
core |
destination.port |
Port of the destination. type: long |
core |
Field Reuse
editField sets that can be nested under Destination
editNested fields | Description |
---|---|
Fields describing an Autonomous System (Internet routing prefix). |
|
Fields describing a location. |
|
Fields to describe the user relevant to the event. |