Skip to content

Instantly share code, notes, and snippets.

@romicgd

romicgd/Azure_AGW_accesslog.jsonparser.properties

Last active November 2, 2018 19:15
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save romicgd/01614a908d26186677acc8c3890f1687 to your computer and use it in GitHub Desktop.
Save romicgd/01614a908d26186677acc8c3890f1687 to your computer and use it in GitHub Desktop.
Download ZIP
ArcSight FlexConnector JSON Folder Follower - mapping of Azure Application Gateway access log
Raw
Azure_AGW_accesslog.jsonparser.properties
trigger.node.location=/records/properties
token.count=10
token[0].name=operationName
token[0].type=String
token[0].location=../operationName
token[1].name=time
token[1].type=String
token[1].location=../time
token[2].name=clientIP
token[2].type=String
token[2].location=clientIP
token[3].name=clientPort
token[3].type=Integer
token[3].location=clientPort
token[4].name=httpMethod
token[4].type=String
token[4].location=httpMethod
token[5].name=requestUri
token[5].type=String
token[5].location=requestUri
token[6].name=requestQuery
token[6].type=String
token[6].location=requestQuery
token[7].name=category
token[7].type=String
token[7].location=../category
token[8].name=resourceId
token[8].type=String
token[8].location=../resourceId
token[9].name=properties
token[9].type=String
token[9].location=.
additionaldata.enabled=true
event.deviceVendor=__stringConstant("Microsoft.Azure")
event.deviceProduct=__stringConstant("ApplicationGateway")
event.sourceHostName=clientIP
event.sourcePort=clientPort
event.message=properties
event.customerURI=requestUri
event.deviceEventClassId=category
event.deviceAction=httpMethod
event.name=resourceId
event.deviceReceiptTime=__createOptionalTimeStampFromString(__concatenate(time, ".000"),"YYYY-MM-DDTHH:mm:ss.SSSX")
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment