SumoLogic · JV0812 · Oct 22, 2024 · Oct 9, 2024 · Oct 9, 2024 · Oct 14, 2024
@@ -30,7 +30,7 @@ description: Parse the common fields in your Akamai Cloud Monitor log using the
       "reqPath":"/jobs",
       "respCT":"",
       "respLen":"",
-      "bytes":"",
+      "bytes":"3278",
       "UA":"Chrome/35.0.1916.114",
       "fwdHost":""
    },
@@ -52,15 +52,15 @@ description: Parse the common fields in your Akamai Cloud Monitor log using the
       "downloadTime":"19",
       "netOriginLatency":"00",
       "originName":"down",
-      "originIP":"",
+      "originIP":"65.07.36.537",
       "originInitIP":"10.10.10.10",
       "originRetry":"0",
       "lastMileRTT":"46",
       "cacheStatus":"1",
       "firstByte":"1",
       "lastByte":"1",
       "asnum":"4812",
-      "edgeIP":""
+      "edgeIP":"65.07.36.537"
    },
    "geo":{  
       "country":"us",
@@ -86,11 +86,11 @@ parse "\"reqMethod\":\"*\"" as method, "\"status\":\"*\"" as status, "\"fwdHost\
 **Resulting Fields:**
 
 | Field | Description | Example |
-|:-----------|:-----------------|:--------------|
-| method    |   | GET |
-| status    |   | 200 |
-| origin    |   |   |
-| bytes     |   |   |
-| edgeip    |   |   |
-| country   |   | us           |
-| cookie    |   | 898051433939 |
+|:-|:-|:-|
+| method    | HTTP request method. | GET |
+| status    | HTTP response status code.  | 200 |
+| origin    | Host of the request.  | example.com  |
+| bytes     | Size of the response in bytes.  | 3267  |
+| edgeip    | IP address of the edge server.  |  `65.07.36.537`  |
+| country   | Base country of the request.  | us           |
+| cookie    | Cookies sent with the request.  | `898051433939` |
@@ -26,10 +26,10 @@ parse regex "^(?<src_ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})"
 
 | Field | Description | Example |
 |:--|:--|:--|
-| src_ip | IP address of the client (remote host) which made the request to the server | 221.125.19.252 |
-| method | Method used by the client | GET |
-| url | Resource requested by the client | `v` |
-| status_code | Status code that the server sends back to the client | 200 |
-| size | Size of the object returned to the client | 8825 |
-| referrer | Site that the client reports having been referred from | [http://www.google.com/url?sa=t&rct=j...source=web&cd=4](http://www.google.com/url?sa=t&rct=j&q=log-reduce&source=web&cd=4) |
-| user_agent  | Identifying information that the client browser reports about itself | Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_7; en-us) AppleWebKit/533.21.1 (KHTML, like Gecko) Chrome/19.0.1084.30 Safari/536.5 |
+| src_ip | IP address of the client (remote host) from which the request is made to the server. | 221.125.19.252 |
+| method | Method used by the client. | GET |
+| url | Resource requested by the client. | `/_js/master.js` |
+| status_code | Status code that the server sends back to the client. | 200 |
+| size | Size of the object returned to the client. | 8825 |
+| referrer | Displays the site that the client reports having been referred from. | `http://www.google.com/url?sa=t&rct=j...source=web&cd=4` |
+| user_agent  | Identifying information that the client browser reports about itself. | Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_7; en-us) <br/> AppleWebKit/533.21.1 (KHTML, like Gecko) <br/> Chrome/19.0.1084.30 <br/> Safari/536.5 |
@@ -10,7 +10,6 @@ description: Create a field extraction rule for Apache Tomcat 7 Access Logs.
 
 **Rule Description:** Parse the Remote IP address, Method, Requested URL path, HTTP status code, Time Taken, and Bytes Sent.
 
-
 **Sample Log:**
 
 ```
@@ -27,11 +26,11 @@ description: Create a field extraction rule for Apache Tomcat 7 Access Logs.
 
 | Field Name | Description | Example |
 |:--|:--|:--|
-| ip |   | 192.100.20.135 |
-| method |   | GET |
-| url |   | /ServiceAPI/mappings/123456/load |
-| status |   | 200 |
-| time_taken |   | 1414 |
-| bytes_sent |   | 6234 |
-
- 
+| ip | The client IP address.  | 192.100.20.135 |
+| method | HTTP request method.  | GET |
+| url | Resource requested by the client. | `/ServiceAPI/mappings/123456/load` |
+| status | HTTP response status code.  | 200 |
+| time_taken | Time taken to process the request. | 1414 |
+| bytes_sent | Count of bytes sent. | 6234 |
+
+
@@ -4,12 +4,9 @@ title: Apache Tomcat Access Logs
 description: Parse the common fields in your Apache Tomcat Access Logs using the FER template.
 ---
 
-
-
 **Log Type**: Apache Tomcat Access
 
-**Template Description**: Parsing the common fields in your Apache
-Tomcat Access log.
+**Template Description**: Parsing the common fields in your Apache Tomcat Access log.
 
 **Sample Log**:
 
@@ -32,9 +29,9 @@ parse regex "(?<ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}? )"
 
 | Field | Description | Example |
 |:--|:--|:--|
-| ip         | The Client IP                                        | 250.67.103.48   |
-| method     | Request method                                       | POST            |
-| url        | Resource requested by the client                     | /blog/index.php |
-| status     | Status code that the server sends back to the client | 200             |
-| time_taken | Time taken to process the request                    | 3280            |
-| bytes_sent | Bytes sent count                                     | 4               |
+| ip         | The client IP address.                               | `250.67.103.48` |
+| method     | HTTP request method.                                 | POST            |
+| url        | Resource requested by the client.                    | `/blog/index.php`|
+| status     | HTTP response status code.                           | 200             |
+| time_taken | Time taken to process the request.                   | 3280            |
+| bytes_sent | Count of bytes sent.                                 | 4               |
@@ -4,11 +4,9 @@ title: AWS CloudTrail Logs
 description: Parse the common fields in your AWS CloudTrail Logs using the FER template.
 ---
 
-
 **Log Type**: AWS CloudTrail
 
-**Template Description**: Parsing the common fields in your AWS
-CloudTrail log.
+**Template Description**: Parsing the common fields in your AWS CloudTrail log.
 
 **Sample Log**:
 
@@ -56,10 +54,10 @@ parse "eventSource\":\"*\"" as event_source
 
 | Field | Description | Example |
 |:--|:--|:--|
-| event_source | The service that the request was made to | IAM |
-| source_ipaddress | The IP address that the request was made from | 34.87.4.6 |
-| event_name | The requested action, which is one of the actions in the API for that service | GetAccountPasswordPolicy |
-| aws_Region | The AWS region that the request was made to | us-west-2 |
-| user | The friendly name of the identity that made the call | bsmith |
+| event_source | The service that the request was made for. | IAM |
+| source_ipaddress | The IP address from which the request was made. | `34.87.4.6` |
+| event_name | Describes the requested action, which is one of the actions in the API for the respective service. | GetAccountPasswordPolicy |
+| aws_Region | The AWS region that the request was made for. | us-west-2 |
+| user | The friendly name of the identity that made the call. | bsmith |
 
 
@@ -4,8 +4,6 @@ title: AWS Elastic Load Balancing Logs
 description: Parse the common fields in your AWS Elastic Load Balancing Logs using the FER template.
 ---
 
-
-
 **Log Type**: AWS Elastic Load Balancing
 
 **Template Description:** Parsing the common fields in your AWS Elastic
@@ -27,21 +25,21 @@ parse "* * *:* *:* * * * * * * * \"* *://*:*/* HTTP" as datetime, ELB_Server, cl
 
 | Field | Description | Example |
 |:--|:--|:--|
-| datetime | Time when the load balancer received the request from the client | 2017-08-10T18:25:56 |
-| ELB_Server | Name of the load balancer | stag-www-lb |
-| clientIP | IP address of the requesting client | 137.190.87.41 |
-| port | Port of the requesting client | 52888 |
-| backend | IP address of the registered instance that processed this request | 10.168.203.134 |
-| backend_port | Port of the registered instance that processed this request | 23667 |
-| requestProc | [HTTP listener] The total time elapsed, in seconds, from the time the load balancer received the request until the time it sent it to a registered instance.<br/>[TCP listener] The total time elapsed, in seconds, from the time the load balancer accepted a TCP/SSL connection from a client to the time the load balancer sends the first byte of data to a registered instance | 0.000803 |
-| ba_Response | [HTTP listener] The total time elapsed, in seconds, from the time the load balancer sent the request to a registered instance until the instance started to send the response headers.<br/>[TCP listener] The total time elapsed, in seconds, for the load balancer to successfully establish a connection to a registered instance | 0.048702 |
-| cli_Response | [HTTP listener] The total time elapsed (in seconds) from the time the load balancer received the response header from the registered instance until it started to send the response to the client. This includes both the queuing time at the load balancer and the connection acquisition time from the load balancer to the back end.<br/>[TCP listener] The total time elapsed, in seconds, from the time the load balancer received the first byte from the registered instance until it started to send the response to the client | 0.002085 |
-| ELB_StatusCode | The status code of the response from the load balancer | 200 |
-| be_StatusCode | The status code of the response from the registered instance | 200 |
-| rcvd | The size of the request, in bytes, received from the client | 2836 |
-| send | The size of the response, in bytes, sent to the client | 1169667 |
-| method | The request method from the client | POST |
-| protocol | The request protocol from the client | https |
-| domain | The request domain from the client | dinihou.bounceme.net |
-| server_port | The request server port from the client | 443 |
-| path | The request path from the client | api/v1/search/jobs/597F6F78E33C7C00 |
+| datetime | Timestamp when the load balancer received the request from the client. | 2017-08-10T18:25:56 |
+| ELB_Server | Name of the load balancer. | stag-www-lb |
+| clientIP | The client IP address.   | `137.190.87.41` |
+| port | The client port number. | 52888 |
+| backend | IP address of the registered instance that processed this request. | `10.168.203.134` |
+| backend_port | Port number of the registered instance that processed this request. | 23667 |
+| requestProc | [HTTP listener] The total time elapsed, in seconds, from the time the load balancer received the request until the time it sent it to a registered instance.<br/>[TCP listener] The total time elapsed, in seconds, from the time the load balancer accepted a TCP/SSL connection from a client to the time the load balancer sends the first byte of data to a registered instance. | 0.000803 |
+| ba_Response | [HTTP listener] The total time elapsed, in seconds, from the time the load balancer sent the request to a registered instance until the instance started to send the response headers.<br/>[TCP listener] The total time elapsed, in seconds, for the load balancer to successfully establish a connection to a registered instance. | 0.048702 |
+| cli_Response | [HTTP listener] The total time elapsed (in seconds) from the time the load balancer received the response header from the registered instance until it started to send the response to the client. This includes both the queuing time at the load balancer and the connection acquisition time from the load balancer to the back end.<br/>[TCP listener] The total time elapsed, in seconds, from the time the load balancer received the first byte from the registered instance until it started to send the response to the client. | 0.002085 |
+| ELB_StatusCode | The status code of the response from the load balancer. | 200 |
+| be_StatusCode | The status code of the response from the registered instance. | 200 |
+| rcvd | The size of the request, in bytes, received from the client. | 2836 |
+| send | The size of the response, in bytes, sent to the client. | 1169667 |
+| method | HTTP request method. | POST |
+| protocol | The request protocol from the client. | https |
+| domain | The request domain from the client. | dinihou.bounceme.net |
+| server_port | The request server port from the client .| 443 |
+| path | The  path requested from the client. | `api/v1/search/jobs/597F6F78E33C7C00` |
@@ -4,8 +4,6 @@ title: Amazon S3 Usage Logs
 description: Parse the common fields in your Amazon S3 Usage Logs using the FER template.
 ---
 
-
-
 **Log Type**: Amazon S3 Usage
 
 **Template Description:** Parsing the common fields in your Amazon S3
@@ -28,20 +26,20 @@ parse "* * [*] * * * * * \"* HTTP/1.1\" * * * * * * * \"*\" *" as bucket_owner,
 | Field | Description | Example |
 |:--|:--|:--|
 | bucket_owner | The canonical user ID of the owner of the source bucket. | 6ec976a42247d687d5d1c87bb53e87c60c925765f87415f472d240c5d18337a7 |
-| bucket | The name of the bucket that the request was processed against | stag-bloomfilter-000000000000141d |
-| time | The time at which the request was received | 2017-07-13 |
-| remoteIP | The apparent Internet address of the requester | 62.118.225.244 |
-| requester | The canonical user ID of the requester, or a - for unauthenticated requests | user/stag-bloomfilter |
-| request_ID | The request ID is a string generated by Amazon S3 to uniquely identify each request | B5C788A74FDFA7E7 |
+| bucket | The name of the bucket that the request was processed against. | stag-bloomfilter-000000000000141d |
+| time | The timestamp at which the request was received. | 2017-07-13 |
+| remoteIP | The apparent internet address of the requester. | 62.118.225.244 |
+| requester | The canonical user ID of the requester, or "-" for unauthenticated requests. | user/stag-bloomfilter |
+| request_ID | The request ID is a string generated by Amazon S3 to uniquely identify each request. | B5C788A74FDFA7E7 |
 | operation | The operation listed here is declared as SOAP.operation, REST.HTTP_method.resource_type,WEBSITE.HTTP_method.resource_type, or BATCH.DELETE.OBJECT | REST.PUT.OBJECT |
-| key | The "key" part of the request, URL encoded, or "-" if the operation does not take a key parameter | 636C271B3F171BB8-000000000138CE3D-1405616382510-v1 |
-| request_URI  | The Request-URI part of the HTTP request | GET /636C271B3F171BB8-000000000138CE3D-1405616382510-v1 |
-| status_code  | The numeric HTTP status code of the response | 200 |
-| error_code   | The Amazon S3 Error Code, or "-" if no error occurred | NoSuchKey |
-| bytes_sent   | The number of response bytes sent, excluding HTTP protocol overhead, or "-" if zero | 5982 |
-|  object_size | The total size of the object in question |  50768 |
-|  total_time  | The number of milliseconds the request was in flight from the server's perspective |  27 |
-|  turn_time   |  The number of milliseconds that Amazon S3 spent processing your request |  24 |
-|  referrer    |  The value of the HTTP Referrer header, if present |  "http://www.amazon.com/webservice" |
-|  user_agent  |  The value of the HTTP User-Agent header |  aws-sdk-java/1.7.11 Linux/3.2.0-57-virtual OpenJDK_64-Bit_Server_VM/23.2-b09/1.7.0_09 |
-|  version_ID  |  The version ID in the request, or "-" if the operation does not take a versionId parameter |  3HL4kqtJvjVBH40Nrjfkd |
+| key | The "key" part of the request, URL encoded, or "-" if the operation does not take a key parameter. | 636C271B3F171BB8-000000000138CE3D-1405616382510-v1 |
+| request_URI  | HTTP request method. | GET /636C271B3F171BB8-000000000138CE3D-1405616382510-v1 |
+| status_code  | HTTP response status code. | 200 |
+| error_code   | The Amazon S3 Error Code, or "-" if no error occurred. | NoSuchKey |
+| bytes_sent   | The number of response bytes sent, excluding HTTP protocol overhead, or "-" if zero. | 5982 |
+|  object_size | The total size of the object in question. |  50768 |
+|  total_time  | The number of milliseconds that the request was in flight from the server's perspective. |  27 |
+|  turn_time   |  The number of milliseconds that the Amazon S3 spent processing your request. |  24 |
+|  referrer    |  The website from which the client reports are referred. |  "http://www.amazon.com/webservice" |
+|  user_agent  |  Information about the client browser. |  aws-sdk-java/1.7.11 Linux/3.2.0-57-virtual OpenJDK_64-Bit_Server_VM/23.2-b09/1.7.0_09 |
+|  version_ID  |  The version ID in the request, or "-" if the operation does not take a versionId parameter. |  3HL4kqtJvjVBH40Nrjfkd |
@@ -24,16 +24,16 @@ parse regex "^[^#].*?(?<s_ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) (?<cs_method>\S
 
 | Field | Description | Example |
 |:--|:--|:--|
-| s_ip | IP address of the server on which the log file entry was generated | 10.0.0.103 |
-| cs_method | Requested action | POST |
-| cs_uri_stem | Target of the action | /ConfigWeb/ManageUsers.aspx |
-| cs_uri_query | The query, if any, that the client was trying to perform | name=.NET+StockTrader+Web+Application&cfgSvc=Trade.StockTraderWebApplicationConfigurationImplementation.ConfigurationService&version=Version+5.0&hoster=Microsoft+Corporation&platform=Windows+Server+2008+R2+with+.NET+Framework+v4.0.30319&action=addUser&identify=0 |
-| s_port | Server port number that is configured for the service | 80 |
-| cs_username | Name of the authenticated user who accessed your server | localadmin |
-| c_ip | IP address of the client that made the request | 164.110.188.119 |
+| s_ip | IP address of the server on which the log file entry was generated. | `10.0.0.103` |
+| cs_method | HTTP request method | POST |
+| cs_uri_stem | Target URL for the action.| `/ConfigWeb/ManageUsers.aspx` |
+| cs_uri_query | The query that the client was trying to perform. | name=.NET+StockTrader+Web+Application&cfgSvc=Trade.StockTraderWebApplicationConfigurationImplementation.ConfigurationService&version=Version+5.0&hoster=Microsoft+Corporation&platform=Windows+Server+2008+R2+with+.NET+Framework+v4.0.30319&action=addUser&identify=0 |
+| s_port | Server port number that is configured for the service. | 80 |
+| cs_username | Name of the authenticated user who accessed your server. | localadmin |
+| c_ip | IP address of the client that made the request. | `164.110.188.119` |
 | cs_User_Agent | Browser type that the client used | 500 |
-| cs_Referer | Site that the user last visited | 0 |
-| sc_status | HTTP status code | 0 |
-| sc_substatus | Substatus error code | 4786 |
-| sc_win32_status | Windows status code | 194110 |
-| time_taken | Length of time that the action took, in milliseconds | 552 |
+| cs_Referer | The website from which the client reports are referred. | 0 |
+| sc_status | HTTP response status code. | 0 |
+| sc_substatus | Substatus of the error code. | 4786 |
+| sc_win32_status | Windows status code. | 194110 |
+| time_taken | Time taken to complete the action (in milliseconds). | 552 |
@@ -27,10 +27,10 @@ parse regex "^(?<src_ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})"
 
 | Field | Description | Example |
 |:--|:--|:--|
-| src_ip | IP from which request was made | 205.197.2.175 |
-| method | HTTP request type | GET |
-| url | Resource requested by the client | /wp-content/uploads/Screen-Shot-2017-04-13-at-7.12.35-PM-231x300.png |
-| status_code | HTTP response code from server | 304 |
-|  size | Size of server response in bytes | 0 |
-|  referrer | Referral URL | [https://www.sumologic.com/aws/elb/aws-elastic-load-balancers-classic-vs-application/](https://www.sumologic.com/aws/elb/aws-elastic-load-balancers-classic-vs-application/) |
-|  user_agent | Information about the client browser | Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:54.0) Gecko/20100101 Firefox/54.0 |
+| src_ip | The source IP address. | `205.197.2.175` |
+| method | HTTP request method. | GET |
+| url | Resource requested by the client. | `/wp-content/uploads/Screen-Shot-2017-04-13-at-7.12.35-PM-231x300.png` |
+| status_code | HTTP response status code. | 304 |
+|  size | The size of the object returned to the client. | 0 |
+|  referrer | The website from which the client reports are referred. | `https://www.sumologic.com/aws/elb/aws-elastic-load-balancers-classic-vs-application` |
+|  user_agent | Information about the client browser. | Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:54.0) Gecko/20100101 Firefox/54.0 |