![]() The external domain name of the client initializing a network session. The unique identifier or event code of the event signature. The amount of time it took to receive a response in the network session event, if applicable.Īn indication of the type of network session event.įor example: DHCPACK, DHCPNAK, DHCPRELEASE, WebVPN session started, etc2. The amount of time for the completion of the network session event, in seconds. The NetBIOS name of the client initializing a network session. Note: Always use colons instead of dashes, spaces, or no separator. Note: Always force lower case on this field. The internal MAC address of the network session client.įor DHCP events, this is the MAC address of the client acquiring an IP address lease.įor VPN events, this is the MAC address of the client initializing a network session. The internal IP address allocated to the client initializing a network session.įor DHCP and VPN events, this is the IP address leased to the client. The domain name system address of the destination for a network session event. Do not define extractions for this field when writing add-ons. This field is automatically provided by asset and identity correlation features of applications like Splunk Enterprise Security. The Network Sessions are for VPN and DHCP events. The action taken by the reporting device. Other values: Other example values that you might see.Other valid values exist, but Splunk is not relying on them. Prescribed values: Permitted values that can populate the fields, which Splunk is using for a particular purpose. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |