blue-team-tools/tools/config/devo-web.yml

title: Devo sourcetype mappings for web sources
order: 20
backends:
  - devo
logsources:
  web:
    category: webserver
    index: web.all.access
  proxy:
    category: proxy
    index: proxy.all.access
  apache:
    service: apache
    index: web.all.access
fieldmappings:
  c-uri: url
  c-useragent: userAgent
  sc-status: statusCode
  useragent: userAgent
  cs-method: method
  clientip: srcIp
  uri_query: select uriquery(url) as url_query
  r-dns: select urihost(url) as url_dns
  cs-host: srcHost
  c-uri-query: select uriquery(url) as url_query
  c-uri-stem: url
  c-uri-extension: select uripath(url) as uri_path
  cs-uri-query: select uriquery(url) as url_query