Data Source: AWS Cloudfront

Description

Data source object for AWS Cloudfront

Details

Property Value
Source aws
Sourcetype aws:cloudfront:accesslogs

Supported Apps

Event Fields

+ Fields
  <span class="pill kill-chain">_time</span>
  
  <span class="pill kill-chain">action</span>
  
  <span class="pill kill-chain">app</span>
  
  <span class="pill kill-chain">bytes</span>
  
  <span class="pill kill-chain">bytes_in</span>
  
  <span class="pill kill-chain">bytes_out</span>
  
  <span class="pill kill-chain">c_ip</span>
  
  <span class="pill kill-chain">c_port</span>
  
  <span class="pill kill-chain">cached</span>
  
  <span class="pill kill-chain">category</span>
  
  <span class="pill kill-chain">client_ip</span>
  
  <span class="pill kill-chain">cs_bytes</span>
  
  <span class="pill kill-chain">cs_cookie</span>
  
  <span class="pill kill-chain">cs_host</span>
  
  <span class="pill kill-chain">cs_method</span>
  
  <span class="pill kill-chain">cs_protocol</span>
  
  <span class="pill kill-chain">cs_protocol_version</span>
  
  <span class="pill kill-chain">cs_referer</span>
  
  <span class="pill kill-chain">cs_uri_query</span>
  
  <span class="pill kill-chain">cs_uri_stem</span>
  
  <span class="pill kill-chain">cs_user_agent</span>
  
  <span class="pill kill-chain">date</span>
  
  <span class="pill kill-chain">date_hour</span>
  
  <span class="pill kill-chain">date_mday</span>
  
  <span class="pill kill-chain">date_minute</span>
  
  <span class="pill kill-chain">date_month</span>
  
  <span class="pill kill-chain">date_second</span>
  
  <span class="pill kill-chain">date_wday</span>
  
  <span class="pill kill-chain">date_year</span>
  
  <span class="pill kill-chain">date_zone</span>
  
  <span class="pill kill-chain">dest</span>
  
  <span class="pill kill-chain">duration</span>
  
  <span class="pill kill-chain">edge_location_name</span>
  
  <span class="pill kill-chain">eventtype</span>
  
  <span class="pill kill-chain">fle_encrypted_fields</span>
  
  <span class="pill kill-chain">fle_status</span>
  
  <span class="pill kill-chain">host</span>
  
  <span class="pill kill-chain">http_content_type</span>
  
  <span class="pill kill-chain">http_method</span>
  
  <span class="pill kill-chain">http_user_agent</span>
  
  <span class="pill kill-chain">http_user_agent_length</span>
  
  <span class="pill kill-chain">index</span>
  
  <span class="pill kill-chain">linecount</span>
  
  <span class="pill kill-chain">punct</span>
  
  <span class="pill kill-chain">response_time</span>
  
  <span class="pill kill-chain">sc_bytes</span>
  
  <span class="pill kill-chain">sc_content_len</span>
  
  <span class="pill kill-chain">sc_content_type</span>
  
  <span class="pill kill-chain">sc_range_end</span>
  
  <span class="pill kill-chain">sc_range_start</span>
  
  <span class="pill kill-chain">sc_status</span>
  
  <span class="pill kill-chain">source</span>
  
  <span class="pill kill-chain">sourcetype</span>
  
  <span class="pill kill-chain">splunk_server</span>
  
  <span class="pill kill-chain">src</span>
  
  <span class="pill kill-chain">src_ip</span>
  
  <span class="pill kill-chain">src_port</span>
  
  <span class="pill kill-chain">ssl_cipher</span>
  
  <span class="pill kill-chain">ssl_protocol</span>
  
  <span class="pill kill-chain">status</span>
  
  <span class="pill kill-chain">tag</span>
  
  <span class="pill kill-chain">tag::eventtype</span>
  
  <span class="pill kill-chain">time</span>
  
  <span class="pill kill-chain">time_taken</span>
  
  <span class="pill kill-chain">time_to_first_byte</span>
  
  <span class="pill kill-chain">timeendpos</span>
  
  <span class="pill kill-chain">timestartpos</span>
  
  <span class="pill kill-chain">uri_path</span>
  
  <span class="pill kill-chain">url</span>
  
  <span class="pill kill-chain">url_domain</span>
  
  <span class="pill kill-chain">url_length</span>
  
  <span class="pill kill-chain">vendor_product</span>
  
  <span class="pill kill-chain">x_edge_detail_result_type</span>
  
  <span class="pill kill-chain">x_edge_location</span>
  
  <span class="pill kill-chain">x_edge_request_id</span>
  
  <span class="pill kill-chain">x_edge_response_result_type</span>
  
  <span class="pill kill-chain">x_edge_result_type</span>
  
  <span class="pill kill-chain">x_forwarded_for</span>
  
  <span class="pill kill-chain">x_host_header</span>
  
</div>

Example Log

12023-11-07	16:58:21	IAD55-P5	921	44.192.78.55	GET	d3u5aue66f5ui4.cloudfront.net	/plugins/servlet/com.jsos.shell/ShellServlet	200	-	Slackbot-LinkExpanding%201.0%20(+https://api.slack.com/robots)	-	-	LambdaGeneratedResponse	sGwvFCkFU4qlMxatCoJRgW87P7Ee8bKQor3U6lRt6I6jaFvLC7vcPA==	confluence.catjamfest.com	https	232	0.276	-	TLSv1.3	TLS_AES_128_GCM_SHA256	LambdaGeneratedResponse	HTTP/1.1	-	-	57232	0.276	LambdaGeneratedResponse	text/html	527	-	-

Source: GitHub | Version: 1