Apigee ログを収集する
以下でサポートされています。
Google SecOpsSIEM
このドキュメントでは、 Google Cloud テレメトリーの取り込みを Google Security Operations で有効にして Apigee ログを収集する方法と、Apigee ログのログフィールドが Google Security Operations の統合データモデル(UDM)フィールドにどのようにマッピングされるかについて説明します。
詳細については、Google Security Operations へのデータの取り込みの概要をご覧ください。
一般的なデプロイは、Google Security Operations への取り込みが有効になっている Apigee ログで構成されています。お客様のデプロイはそれぞれこの表現とは異なる可能性があり、より複雑になることがあります。
デプロイには次のコンポーネントが含まれます。
Google Cloud: ログを収集する Google Cloud サービスとプロダクト。
Apigee ログ: Google Security Operations への取り込みが有効になっている Apigee ログ。
Google Security Operations: Google Security Operations は Apigee のログを保持して分析します。
取り込みラベルによって、未加工のログデータを構造化 UDM 形式に正規化するパーサーが識別されます。このドキュメントの情報は、取り込みラベル GCP_APIGEE_X が付加されたパーサーに適用されます。
準備
デプロイ アーキテクチャ内のすべてのシステムが、UTC タイムゾーンに構成されていることを確認します。
古い Cloud Logging ポリシーまたは新しい Cloud Logging ポリシーが使用されていることを確認します。詳細については、以前の Cloud Logging ポリシーをご覧ください。
Apigee ログを取り込むように Google Cloud を構成する
Apigee ログを Google Security Operations に取り込むには、 Google Cloud ログを Google Security Operations に取り込むのページの手順に沿って操作します。
Apigee ログを取り込むときに問題が発生した場合は、Google Security Operations サポートにお問い合わせください。
フィールド マッピング リファレンス
フィールド マッピング リファレンス: GCP_APIGEE_X 古い Cloud Logging ポリシーログ
次の表に、GCP_APIGEE_X 古い Cloud Logging ポリシー ログタイプのログ フィールドと、対応する UDM フィールドを示します。
| Log field | UDM mapping | Logic |
|---|---|---|
jsonPayload.proxyResponseCode |
intermediary.network.http.response_code |
|
jsonPayload.apiProxy |
intermediary.resource.name |
|
jsonPayload.apiproxy |
intermediary.resource.name |
|
|
intermediary.resource.resource_type |
If the jsonPayload.apiproxy log field value is not empty or the jsonPayload.apiProxy log field value is not empty, then the intermediary.resource.resource_type UDM field is set to BACKEND_SERVICE. |
|
intermediary.resource.attribute.cloud.environment |
If the jsonPayload.apiproxy log field value is not empty or the jsonPayload.apiProxy log field value is not empty, then the intermediary.resource.attribute.cloud.environment UDM field is set to GOOGLE_CLOUD_PLATFORM. |
jsonPayload.apiProduct |
intermediary.resource.attribute.labels[json_payload_api_product] |
|
jsonPayload.apiProxyRevision |
intermediary.resource.attribute.labels[json_payload_api_proxy_revision] |
|
jsonPayload.proxyRequestReceived |
intermediary.resource.attribute.labels[json_payload_proxy_request_received] |
|
jsonPayload.proxyResponseSent |
intermediary.resource.attribute.labels[json_payload_proxy_response_sent] |
|
receiveTimestamp |
metadata.collected_timestamp |
|
timestamp |
metadata.event_timestamp |
|
|
metadata.event_type |
The metadata.event_type UDM field is set to USER_RESOURCE_ACCESS. |
insertId |
metadata.product_log_id |
|
jsonPayload.correlationId |
metadata.product_event_type |
|
|
metadata.product_name |
The metadata.product_name UDM field is set to GCP APIGEE X. |
|
metadata.vendor_name |
The metadata.vendor_name UDM field is set to Google Cloud Platform. |
jsonPayload.verb |
network.http.method |
|
labels.application |
principal.application |
|
jsonPayload.ax_resolved_client_ip |
principal.ip |
|
resource.labels.zone |
principal.resource.attribute.cloud.availability_zone |
|
|
principal.resource.resource_type |
If the resource.type log field value is equal to gce_instance, then the principal.resource.resource_type UDM field is set to VIRTUAL_MACHINE. |
resource.type |
principal.resource.resource_subtype |
|
resource.labels.instance_id |
principal.resource.product_object_id |
|
resource.labels.project_id |
principal.resource_ancestors.product_object_id |
|
|
principal.resource_ancestors.resource_type |
If the resource.labels.project_id log field value is not empty, then the principal.resource_ancestors.resource_type UDM field is set to CLOUD_PROJECT. |
jsonPayload.organization |
principal.resource_ancestors.name |
|
|
principal.resource_ancestors.resource_type |
If the jsonPayload.organization log field value is not empty, then the principal.resource_ancestors.resource_type UDM field is set to CLOUD_ORGANIZATION. |
jsonPayload.clientReceived |
principal.resource.attribute.labels[json_payload_client_received] |
|
jsonPayload.clientSent |
principal.resource.attribute.labels[json_payload_client_sent] |
|
logName |
principal.resource.attribute.labels[Log Name] |
|
resource.labels.project_id |
principal.resource.attribute.labels[Project Id] |
|
jsonPayload.clientId |
principal.user.userid |
|
logName |
security_result.category_details |
|
jsonPayload.faultName |
security_result.description |
|
severity |
security_result.severity |
If the severity log field value is equal to ERROR, then the severity log field is mapped to the security_result.severity UDM field.Else, if the severity log field value is equal to INFO or NOTICE, then the security_result.severity UDM field is set to INFORMATIONAL.Else, if the severity log field value is equal to WARNING or NOTICE, then the security_result.severity UDM field is set to MEDIUM.
|
severity |
security_result.severity_details |
|
jsonPayload.targetResponseCode |
target.network.http.response_code |
|
jsonPayload.requestUri |
target.resource.name |
|
|
target.resource.resource_type |
If the jsonPayload.requestUri log field value is not empty, then the target.resource.resource_type UDM field is set to BACKEND_SERVICE. |
jsonPayload.requestUrl |
target.url |
|
jsonPayload.targetResponseReceived |
target.resource.attribute.labels[json_payload_target_request_received] |
|
jsonPayload.targetRequestSent |
target.resource.attribute.labels[json_payload_target_request_sent] |
|
jsonPayload.bot_reason |
additional.fields[json_payload_bot_reason] |
|
jsonPayload.count_distinct_bot |
additional.fields[json_payload_count_distinct_bot] |
|
jsonPayload.developerApp |
additional.fields[json_payload_developer_app] |
|
jsonPayload.developerId |
additional.fields[json_payload_developer_id] |
|
jsonPayload.minute |
additional.fields[json_payload_minute] |
|
jsonPayload.environment |
additional.fields[json_payload_environment] |
|
jsonPayload.sum_bot_traffic |
additional.fields[json_payload_sum_bot_traffic] |
|
partialSuccess |
additional.fields[partial_success] |
フィールド マッピング リファレンス: GCP_APIGEE_X の新しい Cloud Logging ポリシーログ
次の表に、GCP_APIGEE_X 新しい Cloud Logging ポリシー ログタイプのログ フィールドと、対応する UDM フィールドを示します。
| Log field | UDM mapping | Logic |
|---|---|---|
insertId |
metadata.product_log_id |
|
jsonPayload.request.queryparams.count |
target.resource.attribute.labels[json_payload_request_queryparams_count] |
|
jsonPayload.request.uri |
target.resource.name |
|
|
target.resource.resource_type |
If the jsonPayload.request.uri log field value is not empty, then the target.resource.resource_type UDM field is set to BACKEND_SERVICE. |
jsonPayload.target.host |
target.hostname |
|
jsonPayload.log.sni_host |
target.hostname |
|
jsonPayload.target.host |
target.asset.hostname |
|
jsonPayload.log.sni_host |
target.asset.hostname |
|
jsonPayload.target.sent.start.timestamp |
target.resource.attribute.labels[json_payload_target_sent_start_timestamp] |
|
jsonPayload.response.reason.phrase |
security_result.summary |
|
jsonPayload.response.reason |
security_result.summary |
|
jsonPayload.target.cn |
target.resource.attribute.labels[json_payload_target_cn] |
|
jsonPayload.target.port |
target.port |
|
jsonPayload.request.path |
target.resource.attribute.labels[json_payload_request_path] |
|
jsonPayload.target.ip |
target.ip |
|
jsonPayload.request.queryparam.param_name |
target.resource.attribute.labels[json_payload_request_queryparams_param_name] |
|
jsonPayload.request.queryparam.param_name.values |
target.resource.attribute.labels[json_payload_request_queryparams_param_values] |
|
jsonPayload.client.sent.end.timestamp |
principal.resource.attribute.labels[client sent end timestamp] |
|
jsonPayload.response.content |
security_result.description |
|
jsonPayload.target.organization |
target.resource_ancestors.name |
|
jsonPayload.log.organization |
target.resource_ancestors.name |
|
|
target.resource_ancestors.resource_type |
If the jsonPayload.target.organization log field value is not empty or the jsonPayload.log.organization log field value is not empty, then the target.resource_ancestors.resource_type UDM field is set to CLOUD_ORGANIZATION. |
jsonPayload.target.organization.unit |
target.resource_ancestors.attribute.labels[json_payload_target_organization_unit] |
|
jsonPayload.proxy.client.ip |
src.ip |
|
jsonPayload.error.content |
security_result.about.resource.attribute.labels[error_content] |
|
jsonPayload.response.headers.names |
target.resource.attribute.labels[response_headers_names] |
|
jsonPayload.error.state |
security_result.about.resource.attribute.labels[state] |
|
jsonPayload.proxy.pathsuffix |
intermediary.resource.attribute.labels[pathsuffix] |
|
jsonPayload.log.proxy_basepath |
intermediary.resource.attribute.labels[pathsuffix] |
|
jsonPayload.messageid |
metadata.product_event_type |
|
jsonPayload.request.verb |
network.http.method |
|
jsonPayload.response.status.code |
network.http.response_code |
|
jsonPayload.log.status |
network.http.response_code |
|
jsonPayload.response.code |
network.http.response_code |
|
jsonPayload.request.transportid |
target.resource.attribute.labels[json_payload_request_transport_id] |
|
jsonPayload.request.content |
target.resource.attribute.labels[json_payload_request_content] |
|
jsonPayload.client.received.start.timestamp |
principal.resource.attribute.labels[client_received_start_timestamp] |
|
jsonPayload.target.basepath |
target.resource.attribute.labels[basepath] |
|
jsonPayload.proxy.url |
intermediary.url |
|
jsonPayload.request.url |
target.resource.attribute.labels[json_payload_request_url] |
|
jsonPayload.client.sent.start.timestamp |
principal.resource.attribute.labels[json_payload_client_sent_start_timestamp] |
|
jsonPayload.client.received.end.timestamp |
principal.resource.attribute.labels[client end timestamp] |
|
jsonPayload.target.sent.end.timestamp |
target.resource.attribute.labels[json_payload_target_sent_end_timestamp] |
|
jsonPayload.apigee.metrics.policy..timeTaken |
security_result.rule_labels[apigee_metrics_policy_time_taken] |
|
jsonPayload.target.scheme |
target.network.application_protocol |
|
jsonPayload.request.queryparams.names |
target.resource.attribute.labels[json_payload_request_queryparams_names] |
|
jsonPayload.request.version |
target.resource.attribute.labels[json_payload_request_version] |
|
jsonPayload.request.httpversion |
target.resource.attribute.labels[json_payload_request_version] |
|
jsonPayload.system.timestamp |
additional.fields[jsonPayload_system_timestamp] |
|
jsonPayload.client.scheme |
principal.network.application_protocol |
|
jsonPayload.request.header.header_name |
target.resource.attribute.labels[json_payload_request_header_name] |
|
jsonPayload.request.header.header_name.values |
target.resource.attribute.labels[request_header_name_values] |
|
jsonPayload.target.url |
target.url |
|
jsonPayload.url |
target.url |
|
jsonPayload.response.header.header_name.values |
target.resource.attribute.labels[response_header_name_values] |
|
jsonPayload.request.querystring |
target.resource.attribute.labels[json_payload_request_querystring] |
|
jsonPayload.response.headers.count |
target.resource.attribute.labels[response_headers_count] |
|
|
principal.resource.resource_type |
If the resource.type log field value is equal to gce_instance, then the principal.resource.resource_type UDM field is set to VIRTUAL_MACHINE. |
resource.type |
principal.resource.resource_subtype |
|
resource.labels.instance_id |
principal.resource.product_object_id |
|
resource.labels.project_id |
principal.resource_ancestors.product_object_id |
|
|
principal.resource_ancestors.resource_type |
The if the UDM field is set to CLOUD_PROJECT. |
resource.labels.zone |
principal.resource.attribute.cloud.availability_zone |
|
timestamp |
metadata.event_timestamp |
|
severity |
security_result.severity |
If the severity log field value is equal to ERROR, then the severity log field is mapped to the security_result.severity UDM field. |
severity |
security_result.severity_details |
|
logName |
security_result.category_details |
|
logName |
principal.resource.attribute.labels[Log Name] |
|
receiveTimestamp |
metadata.collected_timestamp |
|
jsonPayload.client.ip |
principal.ip |
|
jsonPayload.log.origin_address |
principal.ip |
|
jsonPayload.client.host |
principal.ip |
|
jsonPayload.request.formparam.param_name.values |
target.resource.attribute.labels[json_payload_request_form_param_name_values] |
|
jsonPayload.request.formparam.param_name |
target.resource.attribute.labels[json_payload_request_form_param_name] |
|
jsonPayload.request.formparams.count |
target.resource.attribute.labels[json_payload_request_form_params_count] |
|
jsonPayload.request.formparams.names |
target.resource.attribute.labels[json_payload_request_form_params_names] |
|
jsonPayload.request.formstring |
target.resource.attribute.labels[json_payload_request_form_string] |
|
jsonPayload.response.transport.message |
target.resource.attribute.labels[response_transport_message] |
|
jsonPayload.response.header.header_name |
target.resource.attribute.labels[response_header_name] |
|
jsonPayload.apigee.metrics.policy.policy_name.timeTaken |
security_result.rule_labels[apigee_metrics_policy_policy_name_timeTaken] |
|
jsonPayload.apiproduct.operation |
intermediary.resource.attribute.labels[api_product_operation] |
|
jsonPayload.apiproduct.operation.resource |
intermediary.resource.attribute.labels[api_product_operation_resource] |
|
jsonPayload.apiproduct.operation.methods |
intermediary.resource.attribute.labels[api_product_operation_methods] |
|
jsonPayload.apiproduct.operation.attributes.key_name |
intermediary.resource.attribute.labels[api_product_operation_attributes_key_name] |
|
jsonPayload.proxy.name |
intermediary.resource.name |
|
jsonPayload.proxy.revision |
intermediary.resource.attribute.labels[json_payload_proxy_revision] |
|
jsonPayload.apiproxy.basepath |
intermediary.resource.attribute.labels[json_payload_api_proxy_basepath] |
|
jsonPayload.client.cn |
principal.resource.attribute.labels[json_payload_client_cn] |
|
jsonPayload.client.country |
principal.location.country_or_region |
|
jsonPayload.client.email.address |
principal.email |
|
jsonPayload.client.locality |
principal.location.city |
|
jsonPayload.client.organization |
principal.resource_ancestors.name |
|
|
principal.resource_ancestors.resource_type |
If the jsonPayload.client.organization log field value is not empty, then the principal.resource_ancestors.resource_type UDM field is set to CLOUD_ORGANIZATION. |
jsonPayload.client.organization.unit |
principal.resource_ancestors.attribute.labels[client_organization_unit] |
|
jsonPayload.client.port |
principal.port |
|
jsonPayload.client.received.end.time |
principal.resource.attribute.labels[client_received_end_time] |
|
jsonPayload.client.received.start.time |
principal.resource.attribute.labels[client_received_start_time] |
|
jsonPayload.client.sent.end.time |
principal.resource.attribute.labels[client_sent_end_time] |
|
jsonPayload.client.sent.start.time |
principal.resource.attribute.labels[client_sent_start_time] |
|
jsonPayload.client.ssl.enabled |
principal.resource.attribute.labels[client_ssl_enabled] |
|
jsonPayload.client.state |
principal.resource.attribute.labels[client_state] |
|
jsonPayload.current.flow.name |
additional.fields[current_flow_name] |
|
jsonPayload.current.flow.description |
additional.fields[current_flow_description] |
|
jsonPayload.environment.name |
additional.fields[environment_name] |
|
jsonPayload.error |
security_result.about.resource.attribute.labels[jsonPayload_error] |
|
jsonPayload.error.message |
security_result.about.resource.attribute.labels[message] |
|
jsonPayload.error.status.code |
security_result.about.resource.attribute.labels[jsonPayload_error_status_code] |
|
jsonPayload.error.reason.phrase |
security_result.about.resource.attribute.labels[jsonPayload_error_reason_phrase] |
|
jsonPayload.error.transport.message |
security_result.about.resource.attribute.labels[jsonPayload_error_transport_message] |
|
jsonPayload.error.header.header_name |
security_result.about.resource.attribute.labels[error_header_name] |
|
jsonPayload.fault.name |
security_result.about.resource.attribute.labels[fault_name] |
|
jsonPayload.fault.reason |
security_result.about.resource.attribute.labels[fault_reason] |
If the jsonPayload.error.faultReason log field value is empty, then the jsonPayload.fault.reason log field is mapped to the security_result.description UDM field.Else, the jsonPayload.fault.reason log field is mapped to the security_result.about.resource.attribute.labels.fault_reason UDM field. |
jsonPayload.fault.category |
security_result.category_details |
|
jsonPayload.fault.subcategory |
security_result.category_details |
|
jsonPayload.literal_value |
additional.fields[jsonPayload_literal_value] |
|
jsonPayload.graphql |
additional.fields[graphql] |
|
jsonPayload.graphql.fragment |
additional.fields[graphql_fragment] |
|
jsonPayload.graphql.fragment.count |
additional.fields[graphql_fragment_count] |
|
jsonPayload.graphql.fragment.INDEX.selectionSet.INDEX |
additional.fields[graphql_fragment_INDEX_selectionSet_INDEX] |
|
jsonPayload.graphql.fragment.INDEX.selectionSet.INDEX.name |
additional.fields[graphql_fragment_INDEX_selectionSet_INDEX_name] |
|
jsonPayload.graphql.fragment.INDEX.selectionSet.count |
additional.fields[graphql_fragment_INDEX_selectionSet_count] |
|
jsonPayload.graphql.fragment.INDEX.selectionSet.name |
additional.fields[graphql_fragment_INDEX_selectionSet_name] |
|
jsonPayload.graphql.operation |
additional.fields[graphql_operation] |
|
jsonPayload.graphql.operation.name |
additional.fields[graphql_operation_name] |
|
jsonPayload.graphql.operation.operationType |
additional.fields[graphql_operation_operationType] |
|
jsonPayload.graphql.operation.selectionSet |
additional.fields[graphql_operation_selectionSet] |
|
jsonPayload.graphql.operation.selectionSet.count |
additional.fields[graphql_operation_selectionSet_count] |
|
jsonPayload.graphql.operation.selectionSet.name |
additional.fields[graphql_operation_selectionSet_name] |
|
jsonPayload.graphql.operation.selectionSet.INDEX |
additional.fields[graphql_operation_selectionSet_INDEX] |
|
jsonPayload.graphql.operation.selectionSet.INDEX.name |
additional.fields[graphql_operation_selectionSet_INDEX_name] |
|
jsonPayload.graphql.operation.selectionSet.INDEX.[selectionSet] |
additional.fields[graphql_operation_selectionSet_INDEX_selectionSet] |
|
jsonPayload.graphql.operation.selectionSet.INDEX.directive |
additional.fields[graphql_operation_selectionSet_INDEX_directive] |
|
jsonPayload.graphql.operation.selectionSet.INDEX.directive.count |
additional.fields[graphql_operation_selectionSet_INDEX_directive_count] |
|
jsonPayload.graphql.operation.selectionSet.INDEX.directive.INDEX |
additional.fields[graphql_operation_selectionSet_INDEX_directive_INDEX] |
|
jsonPayload.graphql.operation.selectionSet.INDEX.directive.INDEX.argument.INDEX |
additional.fields[graphql_operation_selectionSet_INDEX_directive_INDEX_argument_INDEX] |
|
jsonPayload.graphql.operation.selectionSet.INDEX.directive.INDEX.argument.INDEX.name |
additional.fields[graphql_operation_selectionSet_INDEX_directive_INDEX_argument_INDEX_name] |
|
jsonPayload.graphql.operation.selectionSet.INDEX.directive.INDEX.argument.INDEX.value |
additional.fields[graphql_operation_selectionSet_INDEX_directive_INDEX_argument_INDEX_value] |
|
jsonPayload.graphql.operation.selectionSet.INDEX.directive.name |
additional.fields[graphql_operation_selectionSet_INDEX_directive_name] |
|
jsonPayload.graphql.operation.variableDefinitions |
additional.fields[graphql_operation_variableDefinitions] |
|
jsonPayload.graphql.operation.variableDefinitions.count |
additional.fields[graphql_operation_variableDefinitions_count] |
|
jsonPayload.graphql.operation.variableDefinitions.INDEX |
additional.fields[graphql_operation_variableDefinitions_INDEX] |
|
jsonPayload.graphql.operation.variableDefinitions.INDEX.name |
additional.fields[graphql_operation_variableDefinitions_INDEX_name] |
|
jsonPayload.graphql.operation.variableDefinitions.INDEX.type |
additional.fields[graphql_operation_variableDefinitions_INDEX_type] |
|
jsonPayload.is.error |
security_result.about.resource.attribute.labels[is_error] |
|
jsonPayload.loadbalancing.failedservers |
intermediary.resource.attribute.labels[loadbalancing_failed_servers] |
|
jsonPayload.loadbalancing.isfallback |
intermediary.resource.attribute.labels[loadbalancing_is_fallback] |
|
jsonPayload.loadbalancing.targetserver |
intermediary.resource.attribute.labels[loadbalancing_target_server] |
|
jsonPayload.message |
additional.fields[jsonPayload_message] |
|
jsonPayload.message.content |
additional.fields[message_content] |
|
jsonPayload.message.formparam.param_name |
additional.fields[message_formparam_param_name] |
|
jsonPayload.message.formparam.param_name.values |
additional.fields[message_formparam_param_name_values] |
|
jsonPayload.message.formparam.param_name.values.count |
additional.fields[message_formparam_param_name_values_count] |
|
jsonPayload.message.formparams.count |
additional.fields[message_formparams_count] |
|
jsonPayload.message.formparams.names |
additional.fields[message_formparams_names] |
|
jsonPayload.message.formstring |
additional.fields[message_formstring] |
|
jsonPayload.message.header.header_name |
additional.fields[message_header_header_name] |
|
jsonPayload.message.header.header_name.N |
additional.fields[message_header_header_name_N] |
|
jsonPayload.message.header.header_name.values |
additional.fields[message_header_header_name_values] |
|
jsonPayload.message.header.header_name.values.count |
additional.fields[message_header_header_name_values_count] |
|
jsonPayload.message.header.header_name.values.string |
additional.fields[message_header_header_name_values_string] |
|
jsonPayload.message.headers.count |
additional.fields[message_headers_count] |
|
jsonPayload.message.headers.names |
additional.fields[message_headers_names] |
|
jsonPayload.message.path |
additional.fields[message_path] |
|
jsonPayload.message.queryparam.param_name |
additional.fields[message_queryparam_param_name] |
|
jsonPayload.message.queryparam.param_name.N |
additional.fields[message_queryparam_param_name_N] |
|
jsonPayload.message.queryparam.param_name.values |
additional.fields[message_queryparam_param_name_values] |
|
jsonPayload.message.queryparam.param_name.values.count |
additional.fields[message_queryparam_param_name_values_count] |
|
jsonPayload.message.queryparams.count |
additional.fields[message_queryparams_count] |
|
jsonPayload.message.queryparams.names |
additional.fields[message_queryparams_names] |
|
jsonPayload.message.querystring |
additional.fields[message_querystring] |
|
jsonPayload.message.status.code |
additional.fields[message_status_code] |
|
jsonPayload.message.transport.message |
additional.fields[message_transport_message] |
|
jsonPayload.message.uri |
additional.fields[message_uri] |
|
jsonPayload.message.verb |
additional.fields[message_verb] |
|
jsonPayload.message.version |
additional.fields[message_version] |
|
jsonPayload.mint.limitscheck.is_request_blocked |
additional.fields[mint_limitscheck_is_request_blocked] |
|
jsonPayload.mint.limitscheck.is_subscription_found |
additional.fields[mint_limitscheck_is_subscription_found] |
|
jsonPayload.mint.limitscheck.prepaid_developer_balance |
additional.fields[mint_limitscheck_prepaid_developer_balance] |
|
jsonPayload.mint.limitscheck.prepaid_developer_currency |
additional.fields[mint_limitscheck_prepaid_developer_currency] |
|
jsonPayload.mint.limitscheck.purchased_product_name |
additional.fields[mint_limitscheck_purchased_product_name] |
|
jsonPayload.mint.limitscheck.status_message |
additional.fields[mint_limitscheck_status_message] |
|
jsonPayload.mint.mintng_consumption_pricing_rates |
additional.fields[mint_mintng_consumption_pricing_rates] |
|
jsonPayload.mint.mintng_consumption_pricing_type |
additional.fields[mint_mintng_consumption_pricing_type] |
|
jsonPayload.mint.mintng_currency |
additional.fields[mint_mintng_currency] |
|
jsonPayload.mint.mintng_dev_share |
additional.fields[mint_mintng_dev_share] |
|
jsonPayload.mint.mintng_is_apiproduct_monetized |
additional.fields[mint_mintng_is_apiproduct_monetized] |
|
jsonPayload.mint.mintng_price |
additional.fields[mint_mintng_price] |
|
jsonPayload.mint.mintng_price_multiplier |
additional.fields[mint_mintng_price_multiplier] |
|
jsonPayload.mint.mintng_rate |
additional.fields[mint_mintng_rate] |
|
jsonPayload.mint.mintng_rate_before_multipliers |
additional.fields[mint_mintng_rate_before_multipliers] |
|
jsonPayload.mint.mintng_rate_plan_id |
additional.fields[mint_mintng_rate_plan_id] |
|
jsonPayload.mint.mintng_revenue_share_rates |
additional.fields[mint_mintng_revenue_share_rates] |
|
jsonPayload.mint.mintng_revenue_share_type |
additional.fields[mint_mintng_revenue_share_type] |
|
jsonPayload.mint.mintng_tx_success |
additional.fields[mint_mintng_tx_success] |
|
jsonPayload.mint.prepaid_updated_developer_usage |
additional.fields[mint_prepaid_updated_developer_usage] |
|
jsonPayload.mint.rateplan_end_time_ms |
additional.fields[mint_rateplan_end_time_ms] |
|
jsonPayload.mint.rateplan_start_time_ms |
additional.fields[mint_rateplan_start_time_ms] |
|
jsonPayload.mint.status |
additional.fields[mint_status] |
|
jsonPayload.mint.status_code |
additional.fields[mint_status_code] |
|
jsonPayload.mint.subscription_end_time_ms |
additional.fields[mint_subscription_end_time_ms] |
|
jsonPayload.mint.subscription_start_time_ms |
additional.fields[mint_subscription_start_time_ms] |
|
jsonPayload.mint.tx_success_result |
additional.fields[mint_tx_success_result] |
|
jsonPayload.organization.name |
principal.resource_ancestors.name |
|
|
principal.resource_ancestors.resource_type |
If the jsonPayload.organization.name log field value is not empty, then the principal.resource_ancestors.resource_type UDM field is set to CLOUD_ORGANIZATION. |
jsonPayload.proxy.basepath |
intermediary.resource.attribute.labels[proxy_basepath] |
|
jsonPayload.proxy |
intermediary.resource.attribute.labels[proxy] |
|
jsonPayload.proxy.proxyendpoint.name |
intermediary.resource.attribute.labels[proxy_endpoint_name] |
|
jsonPayload.publishmessage.message.id |
additional.fields[publishmessage_message_id] |
|
jsonPayload.ratelimit.policy_name.allowed.count |
security_result.rule_labels[ratelimit_policy_name_allowed_count] |
|
jsonPayload.ratelimit.policy_name.used.count |
security_result.rule_labels[ratelimit_policy_name_used_count] |
|
jsonPayload.ratelimit.policy_name.available.count |
security_result.rule_labels[ratelimit_policy_name_available_count] |
|
jsonPayload.ratelimit.policy_name.exceed.count |
security_result.rule_labels[ratelimit_policy_name_exceed_count] |
|
jsonPayload.ratelimit.policy_name.total.exceed.count |
security_result.rule_labels[ratelimit_policy_name_total_exceed_count] |
|
jsonPayload.ratelimit.policy_name.expiry.time |
security_result.rule_labels[ratelimit_policy_name_expiry_time] |
|
jsonPayload.ratelimit.policy_name.identifier |
security_result.rule_id |
|
jsonPayload.ratelimit.policy_name.class |
security_result.rule_labels[ratelimit_policy_name_class] |
|
jsonPayload.ratelimit.policy_name.class.allowed.count |
security_result.rule_labels[ratelimit_policy_name_class_allowed_count] |
|
jsonPayload.ratelimit.policy_name.class.used.count |
security_result.rule_labels[ratelimit_policy_name_class_used_count] |
|
jsonPayload.ratelimit.policy_name.class.available.count |
security_result.rule_labels[ratelimit_policy_name_class_available_count] |
|
jsonPayload.ratelimit.policy_name.class.exceed.count |
security_result.rule_labels[ratelimit_policy_name_class_exceed_count] |
|
jsonPayload.ratelimit.policy_name.class.total.exceed.count |
security_result.rule_labels[ratelimit_policy_name_class_total_exceed_count] |
|
jsonPayload.ratelimit.policy_name.failed |
security_result.rule_labels[ratelimit_policy_name_failed] |
|
jsonPayload.request |
target.resource.attribute.labels[request] |
|
jsonPayload.request.formparam.param_name.values.count |
target.resource.attribute.labels[request_formparam_name_values_count] |
|
jsonPayload.request.formparam.param_name.N |
target.resource.attribute.labels[request_formparam_name_N] |
|
jsonPayload.request.grpc.rpc.name |
target.resource.attribute.labels[request_grpc_rpc_name] |
|
jsonPayload.request.grpc.service.name |
target.resource.attribute.labels[request_grpc_service_name] |
|
jsonPayload.request.header.header_name.N |
target.resource.attribute.labels[request_header_name_N] |
|
jsonPayload.request.header.header_name.values.count |
target.resource.attribute.labels[request_header_name_values_count] |
|
jsonPayload.request.header.header_name.values.string |
target.resource.attribute.labels[request_header_name_values_string] |
|
jsonPayload.request.headers.count |
target.resource.attribute.labels[request_headers_count] |
|
jsonPayload.request.headers.names |
target.resource.attribute.labels[request_headers_names] |
|
jsonPayload.request.queryparam.param_name.N |
target.resource.attribute.labels[request_queryparam_name_N] |
|
jsonPayload.request.queryparam.param_name.values.count |
target.resource.attribute.labels[request_queryparam_name_values_count] |
|
jsonPayload.request.transport.message |
target.resource.attribute.labels[request_transport_message] |
|
jsonPayload.response |
target.resource.attribute.labels[response] |
|
jsonPayload.response.header.header_name.values.count |
target.resource.attribute.labels[response_header_name_values_count] |
|
jsonPayload.response.header.header_name.values.string |
target.resource.attribute.labels[response_header_name_values_string] |
|
jsonPayload.response.header.header_name.N |
target.resource.attribute.labels[response_header_name_N] |
|
jsonPayload.system.interface.interface_name |
intermediary.ip |
|
|
intermediary.resource_ancestors.resource_type |
If the jsonPayload.system.pod.name log field value is not empty, then the intermediary.resource_ancestors.resource_type UDM field is set to POD. |
jsonPayload.system.pod.name |
intermediary.resource_ancestors.name |
|
jsonPayload.system.region.name |
intermediary.location.country_or_region |
|
jsonPayload.system.time |
intermediary.resource.attribute.labels[system_time] |
|
jsonPayload.system.time.year |
intermediary.resource.attribute.labels[system_time_year] |
|
jsonPayload.system.time.month |
intermediary.resource.attribute.labels[system_time_month] |
|
jsonPayload.system.time.day |
intermediary.resource.attribute.labels[system_time_day] |
|
jsonPayload.system.time.dayofweek |
intermediary.resource.attribute.labels[system_time_dayofweek] |
|
jsonPayload.system.time.hour |
intermediary.resource.attribute.labels[system_time_hour] |
|
jsonPayload.system.time.minute |
intermediary.resource.attribute.labels[system_time_minute] |
|
jsonPayload.system.time.second |
intermediary.resource.attribute.labels[system_time_second] |
|
jsonPayload.system.time.millisecond |
intermediary.resource.attribute.labels[system_time_millisecond] |
|
jsonPayload.system.time.zone |
intermediary.resource.attribute.labels[system_time_zone] |
|
jsonPayload.system.uuid |
intermediary.resource.attribute.labels[system_uuid] |
|
jsonPayload.target.copy.pathsuffix |
target.resource.attribute.labels[target_copy_pathsuffix] |
|
jsonPayload.target.copy.queryparams |
target.resource.attribute.labels[target_copy_queryparams] |
|
jsonPayload.target.country |
target.location.country_or_region |
|
jsonPayload.target.email.address |
target.user.email_addresses |
|
jsonPayload.developer.email |
target.user.email_addresses |
|
jsonPayload.target.expectedcn |
target.resource.attribute.labels[target_expectedcn] |
|
jsonPayload.target.locality |
target.location.city |
|
jsonPayload.target.name |
target.resource.attribute.labels[target_name] |
|
jsonPayload.target.received.end.time |
target.resource.attribute.labels[target_received_end_time] |
|
jsonPayload.target.received.start.time |
target.resource.attribute.labels[target_received_start_time] |
|
jsonPayload.target.received.start.timestamp |
target.resource.attribute.labels[target_received_start_timestamp] |
|
jsonPayload.target.sent.end.time |
target.resource.attribute.labels[target_sent_end_time] |
|
jsonPayload.target.sent.start.time |
target.resource.attribute.labels[target_sent_start_time] |
|
jsonPayload.target.ssl.enabled |
target.resource.attribute.labels[target_ssl_enabled] |
|
jsonPayload.target.state |
target.resource.attribute.labels[target_state] |
|
jsonPayload.variable.expectedcn |
additional.fields[variable_expectedcn] |
|
jsonPayload.request.host |
target.resource.attribute.labels[json_payload_request_host] |
|
jsonPayload.request_msg.header.host |
target.resource.attribute.labels[json_payload_request_host] |
|
jsonPayload.request.user-agent |
network.http.user_agent |
|
jsonPayload.request.header.user-agent |
network.http.user_agent |
|
jsonPayload.request.x-b3-traceid |
target.resource.attribute.labels[json_payload_request_x_b3_traceid] |
|
jsonPayload.request.header.x-b3-traceid |
target.resource.attribute.labels[json_payload_request_x_b3_traceid] |
|
jsonPayload.request.header.x-cloud-trace-context |
target.resource.attribute.labels[json_payload_request_x_cloud_trace_context] |
|
jsonPayload.request.x-cloud-trace-context |
target.resource.attribute.labels[json_payload_request_x_cloud_trace_context] |
|
jsonPayload.apiproduct.name |
intermediary.resource.attribute.labels[jsonPayload_api_product_name] |
|
jsonPayload.app.name |
target.application |
|
jsonPayload.developer.app.name |
target.application |
|
jsonPayload.cachehit |
additional.fields[jsonPayload_cachehit] |