<span class="pill kill-chain">_time</span>
<span class="pill kill-chain">action</span>
<span class="pill kill-chain">app</span>
<span class="pill kill-chain">bytes</span>
<span class="pill kill-chain">bytes_in</span>
<span class="pill kill-chain">bytes_out</span>
<span class="pill kill-chain">c_ip</span>
<span class="pill kill-chain">c_port</span>
<span class="pill kill-chain">cached</span>
<span class="pill kill-chain">category</span>
<span class="pill kill-chain">client_ip</span>
<span class="pill kill-chain">cs_bytes</span>
<span class="pill kill-chain">cs_cookie</span>
<span class="pill kill-chain">cs_host</span>
<span class="pill kill-chain">cs_method</span>
<span class="pill kill-chain">cs_protocol</span>
<span class="pill kill-chain">cs_protocol_version</span>
<span class="pill kill-chain">cs_referer</span>
<span class="pill kill-chain">cs_uri_query</span>
<span class="pill kill-chain">cs_uri_stem</span>
<span class="pill kill-chain">cs_user_agent</span>
<span class="pill kill-chain">date</span>
<span class="pill kill-chain">date_hour</span>
<span class="pill kill-chain">date_mday</span>
<span class="pill kill-chain">date_minute</span>
<span class="pill kill-chain">date_month</span>
<span class="pill kill-chain">date_second</span>
<span class="pill kill-chain">date_wday</span>
<span class="pill kill-chain">date_year</span>
<span class="pill kill-chain">date_zone</span>
<span class="pill kill-chain">dest</span>
<span class="pill kill-chain">duration</span>
<span class="pill kill-chain">edge_location_name</span>
<span class="pill kill-chain">eventtype</span>
<span class="pill kill-chain">fle_encrypted_fields</span>
<span class="pill kill-chain">fle_status</span>
<span class="pill kill-chain">host</span>
<span class="pill kill-chain">http_content_type</span>
<span class="pill kill-chain">http_method</span>
<span class="pill kill-chain">http_user_agent</span>
<span class="pill kill-chain">http_user_agent_length</span>
<span class="pill kill-chain">index</span>
<span class="pill kill-chain">linecount</span>
<span class="pill kill-chain">punct</span>
<span class="pill kill-chain">response_time</span>
<span class="pill kill-chain">sc_bytes</span>
<span class="pill kill-chain">sc_content_len</span>
<span class="pill kill-chain">sc_content_type</span>
<span class="pill kill-chain">sc_range_end</span>
<span class="pill kill-chain">sc_range_start</span>
<span class="pill kill-chain">sc_status</span>
<span class="pill kill-chain">source</span>
<span class="pill kill-chain">sourcetype</span>
<span class="pill kill-chain">splunk_server</span>
<span class="pill kill-chain">src</span>
<span class="pill kill-chain">src_ip</span>
<span class="pill kill-chain">src_port</span>
<span class="pill kill-chain">ssl_cipher</span>
<span class="pill kill-chain">ssl_protocol</span>
<span class="pill kill-chain">status</span>
<span class="pill kill-chain">tag</span>
<span class="pill kill-chain">tag::eventtype</span>
<span class="pill kill-chain">time</span>
<span class="pill kill-chain">time_taken</span>
<span class="pill kill-chain">time_to_first_byte</span>
<span class="pill kill-chain">timeendpos</span>
<span class="pill kill-chain">timestartpos</span>
<span class="pill kill-chain">uri_path</span>
<span class="pill kill-chain">url</span>
<span class="pill kill-chain">url_domain</span>
<span class="pill kill-chain">url_length</span>
<span class="pill kill-chain">vendor_product</span>
<span class="pill kill-chain">x_edge_detail_result_type</span>
<span class="pill kill-chain">x_edge_location</span>
<span class="pill kill-chain">x_edge_request_id</span>
<span class="pill kill-chain">x_edge_response_result_type</span>
<span class="pill kill-chain">x_edge_result_type</span>
<span class="pill kill-chain">x_forwarded_for</span>
<span class="pill kill-chain">x_host_header</span>
</div>
Data Source: AWS Cloudfront
Description
Data source object for AWS Cloudfront
Details
Property | Value |
---|---|
Source | aws |
Sourcetype | aws:cloudfront:accesslogs |
Supported Apps
- Splunk Add-on for AWS (version 7.8.0)
Event Fields
Example Log
12023-11-07 16:58:21 IAD55-P5 921 44.192.78.55 GET d3u5aue66f5ui4.cloudfront.net /plugins/servlet/com.jsos.shell/ShellServlet 200 - Slackbot-LinkExpanding%201.0%20(+https://api.slack.com/robots) - - LambdaGeneratedResponse sGwvFCkFU4qlMxatCoJRgW87P7Ee8bKQor3U6lRt6I6jaFvLC7vcPA== confluence.catjamfest.com https 232 0.276 - TLSv1.3 TLS_AES_128_GCM_SHA256 LambdaGeneratedResponse HTTP/1.1 - - 57232 0.276 LambdaGeneratedResponse text/html 527 - -
Source: GitHub | Version: 1