tools/config/devo-web.yml

title: Devo sourcetype mappings for web sources
order: 20
backends:
  - devo
logsources:
  web:
    category: webserver
    index: web.all.access
  proxy:
    category: proxy
    index: proxy.all.access
  apache:
    product: apache
    index: web.all.access
fieldmappings:
  c-uri: url
  c-useragent: userAgent
  sc-status: statusCode
  useragent: userAgent
  cs-method: method
  clientip: srcIp
  uri_query: select uriquery(url) as url_query
  r-dns: select urihost(url) as url_dns
  cs-host: srcHost
  c-uri-query: select uriquery(url) as url_query
  c-uri-stem: url
  c-uri-extension: select uripath(url) as uri_path
  cs-uri-query: select uriquery(url) as url_query
master: Added new Devo backend for the sigmac tool. Added three new backend configurations to support the Devo backend. Added a new test suite to cover the Devo backend cases. 2021-06-21 14:06:04 +02:00			`title: Devo sourcetype mappings for web sources`
			`order: 20`
			`backends:`
			`- devo`
			`logsources:`
			`web:`
			`category: webserver`
			`index: web.all.access`
			`proxy:`
			`category: proxy`
			`index: proxy.all.access`
			`apache:`
			`product: apache`
			`index: web.all.access`
			`fieldmappings:`
			`c-uri: url`
			`c-useragent: userAgent`
			`sc-status: statusCode`
			`useragent: userAgent`
			`cs-method: method`
			`clientip: srcIp`
			`uri_query: select uriquery(url) as url_query`
			`r-dns: select urihost(url) as url_dns`
			`cs-host: srcHost`
			`c-uri-query: select uriquery(url) as url_query`
			`c-uri-stem: url`
			`c-uri-extension: select uripath(url) as uri_path`
			`cs-uri-query: select uriquery(url) as url_query`