The following list shows the metrics labels related to the message schema. You can use these metrics labels:
- on the analytics pages, and
- in log tapping filters.
dest_ip
IP address where the message was sent to according to the IP header.
dest_port
TCP or UDP port number where the message was sent to according to the transport header.
ip_protocol
Network protocol version used for receiving this message.
protocol
Transport protocol used for receiving this message.
src_ip
IP address that sent the message according to the IP header.
transport
The transport mechanism used to retrieve or receive the message.
connector_label_labels
Labels set on the connector that received the message.
connector_name
The name of the connector that received the log.
connector_type
The type of the connector that received the message.
axostore_axostore
Parameters for sending the message to an AxoStore destination.
axostore_body_raw
Override the option to send the raw message body to the AxoStore destination. (default: false)
axostore_meta_raw
Override the option to send raw metadata to AxoStore destination. (default: true)
clickhouse_clickhouse
Parameters for sending the message to a Clickhouse destination.
clickhouse_body_raw
Override the option to send raw body to the Clickhouse destination. (default: false)
clickhouse_meta_raw
Override the option to send raw metadata to the Clickhouse destination. (default: true)
elasticsearch_elasticsearch
Parameters for sending the message to an Elasticsearch destination.
elasticsearch_fields
Fields to send to Elasticsearch. This overrides the default fields set by the destination connector.
elasticsearch_index
The Elasticsearch index to send the message to.
elasticsearch_message
Override the message to send to Elasticsearch. When set, log.body is ignored.
elasticsearch_timestamp
Override the timestamp to send to Elasticsearch. When set, log.time_unix_nano is ignored.
googlesecops_google_secops
Parameters for sending the message to a Google SecOps destination.
googlesecops_customer_id
This overrides the default customer ID configured in the destination connector.
googlesecops_labels
Labels to send to Google SecOps. This overrides the default labels set by the destination connector.
googlesecops_log_text
The text of the message to send to Google SecOps. When set, log.body is ignored.
googlesecops_log_type
This overrides the default log type configured in the destination connector.
googlesecops_namespace
This overrides the default namespace configured in the destination connector.
googlesecops_ts_rfc3339
The timestamp of the message in RFC3339 format. When set, log.time_unix_nano is ignored.
destination_name
Name of the destination where AxoRouter sent the message.
openobserve_openobserve
Parameters for sending the message to an OpenObserve destination.
openobserve_fields
Fields to send to OpenObserve. This overrides the default fields set by the destination connector.
openobserve_message
Override the message to send to OpenObserve. When set, log.body is ignored.
openobserve_organization
The OpenObserve organization to send the message to.
openobserve_stream
The OpenObserve stream to send the message to.
openobserve_timestamp
Override the timestamp to send to OpenObserve. When set, log.time_unix_nano is ignored.
pubsub_pubsub
Parameters for sending the message to a Google PubSub destination.
pubsub_attributes
Override the attributes key-value pairs for the Pub/Sub Event.
pubsub_data
Override the data to send to Google Pub/Sub. When set, log.body is ignored.
pubsub_project
The ID of the Google Cloud project where the data is sent.
pubsub_topic
The name of the Google Pub/Sub topic to send the data to.
splunk_splunk
Parameters for sending the message to a Splunk destination.
splunk_event
The raw event sent to Splunk. Overrides log.body and avoids automatic formatting completely.
splunk_fields
Fields to send to Splunk. This overrides the default fields set by the destination connector.
splunk_host
The name of the host as sent to Splunk. Usually, this is the hostname of the source where the data originated from.
splunk_index
The name of the Splunk index where the message is sent. The index must exist in Splunk, otherwise sending the data will fail.
splunk_source
The source field sent to Splunk, containing where the event originated. For example, the protocol and port for network-based sources, or the path and filename for log files.
splunk_sourcetype
The Splunk sourcetype value that corresponds to appliance, application, or service that generated the data.
splunk_time
Override the time sent to Splunk. When set, log.time_unix_nano is ignored.
destination_type
Type of the destination, for example, splunkHEC.
edge_connector_label_labels
Labels set on the edge connector that sent the message.
edge_connector_name
The name of the edge connector that sent the message.
edge_connector_rule_id
The ID of the owner ConnectorRule resource in Axoflow that created the edge connector.
edge_connector_type
The type of the edge connector that sent the message.
edge_flow_name
The name of the edge forwarding rule that sent the message.
flow
Name of the flow processing the message.
host_label_labels
The labels set in the inventory for the host the message originates from. Note that if the host is sending data to an AxoRouter connector that doesn’t perform automatic classification, then changing the product and vendor labels can affect the final metadata in the destination, for example, the sourcetype assigned to the data in Splunk.
host_name
The name of the host the message originates from (based on the inventory).
host_candidate_id
Device ID found in the message.
host_candidate_ip
IP address found in the message.
host_candidate_last_hop_name
Host field found in the message’s envelope (which can be either the subject of the message, or the name of the host that forwarded it).
host_candidate_name
Host name found in the message.
kubernetes_container
Kubernetes container name found in the message metadata.
kubernetes_namespace
Name of the Kubernetes namespace found in the message metadata.
product
The product name of the appliance, application, or service that generated the message.
axo_host_label_labels
Labels of the AxoRouter instance that processed the message.
axo_host_name
The name of the AxoRouter instance that processed the message.
service
Name of the service that generated the message. For syslog messages, that’s usually the value of the PROGRAM field.
vendor
The vendor of the appliance, application, or service that generated the message.