Recoger registros de Apigee
Disponible en:
SecOps de Google
SIEM
En este documento se describe cómo puede recoger registros de Apigee habilitando la ingestión de telemetría en Google Security Operations y cómo se asignan los campos de registro de Apigee a los campos del modelo de datos unificado (UDM) de Google Security Operations. Google Cloud
Para obtener más información, consulta Ingestión de datos en Google Security Operations.
Un despliegue típico consiste en registros de Apigee habilitados para la ingestión en Google Security Operations. Cada implementación de cliente puede ser diferente de esta representación y puede ser más compleja.
La implementación contiene los siguientes componentes:
Google Cloud: los Google Cloud servicios y productos de los que recoges registros.
Registros de Apigee: los registros de Apigee que están habilitados para la ingestión en Google Security Operations.
Google Security Operations: Google Security Operations conserva y analiza los registros de Apigee.
Una etiqueta de ingestión identifica el analizador que normaliza los datos de registro sin procesar en formato UDM estructurado. La información de este documento se aplica al analizador con la etiqueta de ingestión GCP_APIGEE_X.
Antes de empezar
Asegúrate de que todos los sistemas de la arquitectura de implementación estén configurados en la zona horaria UTC.
Asegúrate de que se use la política de registro de Cloud antigua o la nueva. Para obtener más información, consulta la política antigua de Cloud Logging.
Sigue los pasos de la guía de integración de Google SecOps de Apigee para configurar la política, que contiene la nueva política de registro.
Configurar Google Cloud para ingerir registros de Apigee
Para ingerir registros de Apigee en Google Security Operations, sigue los pasos que se indican en la página Ingerir registros en Google Security Operations Google Cloud .
Si tienes problemas al ingerir registros de Apigee, ponte en contacto con el equipo de Asistencia de Google Security Operations.
Formatos de registro de Apigee admitidos
El analizador de Apigee admite registros en formato JSON.
Registros de ejemplo de Apigee admitidos
JSON
{ "insertId": "12wnv8zf7np8nh", "jsonPayload": { "proxy.name": "myproxy", "app.name": "", "environment.name": "test-env", "system.region.name": "us-west1", "developer.email": "", "target.country": "", "request.content-length": "", "client.state": "", "response.status.code": "200", "request.content-type": "", "response.content-type": "application/xml; charset\u003dutf-8", "proxy.revision": "6", "response.content-length": "141", "proxy.proxyendpoint.name": "default", "organization.name": "test-dummy-57377", "error.state": "", "error": "false", "fault.name": "", "client.locality": "", "target.state": "", "proxy.pathsuffix": "", "client.port": "50386", "system.uuid": "7f2fde33-5f39-4866-a073-e6c31a4664e2", "target.scheme": "https", "request.user-agent": "curl/8.5.0", "target.locality": "", "messageid": "f8093238-2f51-42ab-ae44-dec9f451c7474", "target.port": "443", "target.ip": "198.51.100.0", "apiproduct.name": "", "request.url": "https://", "request.x-cloud-trace-context": "e3d3fea1742455ede2dad1d975361511/11739831648342702971", "request.httpversion": "1.1", "target.host": "mocktarget.apigee.net", "target.url": "https://mocktarget.apigee.net/xml", "proxy.basepath": "/myproxy", "target.cn": "mocktarget.apigee.net", "client.country": "", "client.cn": "", "cachehit": "", "target.organization": "", "client.ip": "198.51.100.0", "system.timestamp": "1754652492121", "request.host": "", "request.verb": "GET", "request.x-b3-traceid": "31339f721d4be35ff2932fa471979252", "client.scheme": "https", "error.message": "" }, "resource": { "type": "api", "labels": { "project_id": "test-dummy-57377", "version": "", "location": "", "method": "", "service": "" } }, "timestamp": "2025-08-08T11:28:12.203938277Z", "severity": "INFO", "logName": "projects/test-dummy-57377/logs/apigee-secops-integration-test-env", "receiveTimestamp": "2025-08-08T11:28:12.203938277Z" }
Referencia de asignación de campos
Referencia de asignación de campos: GCP_APIGEE_X Old Cloud Logging policy logs
En la siguiente tabla se enumeran los campos de registro del tipo de registro de la política de GCP_APIGEE_X Cloud Logging antiguo y sus campos de UDM correspondientes.
| Log field | UDM mapping | Logic |
|---|---|---|
jsonPayload.proxyResponseCode |
intermediary.network.http.response_code |
|
jsonPayload.apiProxy |
intermediary.resource.name |
|
jsonPayload.apiproxy |
intermediary.resource.name |
|
|
intermediary.resource.resource_type |
If the jsonPayload.apiproxy log field value is not empty or the jsonPayload.apiProxy log field value is not empty, then the intermediary.resource.resource_type UDM field is set to BACKEND_SERVICE. |
|
intermediary.resource.attribute.cloud.environment |
If the jsonPayload.apiproxy log field value is not empty or the jsonPayload.apiProxy log field value is not empty, then the intermediary.resource.attribute.cloud.environment UDM field is set to GOOGLE_CLOUD_PLATFORM. |
jsonPayload.apiProduct |
intermediary.resource.attribute.labels[json_payload_api_product] |
|
jsonPayload.apiProxyRevision |
intermediary.resource.attribute.labels[json_payload_api_proxy_revision] |
|
jsonPayload.proxyRequestReceived |
intermediary.resource.attribute.labels[json_payload_proxy_request_received] |
|
jsonPayload.proxyResponseSent |
intermediary.resource.attribute.labels[json_payload_proxy_response_sent] |
|
receiveTimestamp |
metadata.collected_timestamp |
|
timestamp |
metadata.event_timestamp |
|
|
metadata.event_type |
The metadata.event_type UDM field is set to USER_RESOURCE_ACCESS. |
insertId |
metadata.product_log_id |
|
jsonPayload.correlationId |
metadata.product_event_type |
|
|
metadata.product_name |
The metadata.product_name UDM field is set to GCP APIGEE X. |
|
metadata.vendor_name |
The metadata.vendor_name UDM field is set to Google Cloud Platform. |
jsonPayload.verb |
network.http.method |
|
labels.application |
principal.application |
|
jsonPayload.ax_resolved_client_ip |
principal.ip |
|
resource.labels.zone |
principal.resource.attribute.cloud.availability_zone |
|
|
principal.resource.resource_type |
If the resource.type log field value is equal to gce_instance, then the principal.resource.resource_type UDM field is set to VIRTUAL_MACHINE. |
resource.type |
principal.resource.resource_subtype |
|
resource.labels.instance_id |
principal.resource.product_object_id |
|
resource.labels.project_id |
principal.resource_ancestors.product_object_id |
|
|
principal.resource_ancestors.resource_type |
If the resource.labels.project_id log field value is not empty, then the principal.resource_ancestors.resource_type UDM field is set to CLOUD_PROJECT. |
jsonPayload.organization |
principal.resource_ancestors.name |
|
|
principal.resource_ancestors.resource_type |
If the jsonPayload.organization log field value is not empty, then the principal.resource_ancestors.resource_type UDM field is set to CLOUD_ORGANIZATION. |
jsonPayload.clientReceived |
principal.resource.attribute.labels[json_payload_client_received] |
|
jsonPayload.clientSent |
principal.resource.attribute.labels[json_payload_client_sent] |
|
logName |
principal.resource.attribute.labels[Log Name] |
|
resource.labels.project_id |
principal.resource.attribute.labels[Project Id] |
|
jsonPayload.clientId |
principal.user.userid |
|
logName |
security_result.category_details |
|
jsonPayload.faultName |
security_result.description |
|
severity |
security_result.severity |
If the severity log field value is equal to ERROR, then the severity log field is mapped to the security_result.severity UDM field.Else, if the severity log field value is equal to INFO or NOTICE, then the security_result.severity UDM field is set to INFORMATIONAL.Else, if the severity log field value is equal to WARNING or NOTICE, then the security_result.severity UDM field is set to MEDIUM.
|
severity |
security_result.severity_details |
|
jsonPayload.targetResponseCode |
target.network.http.response_code |
|
jsonPayload.requestUri |
target.resource.name |
|
|
target.resource.resource_type |
If the jsonPayload.requestUri log field value is not empty, then the target.resource.resource_type UDM field is set to BACKEND_SERVICE. |
jsonPayload.requestUrl |
target.url |
|
jsonPayload.targetResponseReceived |
target.resource.attribute.labels[json_payload_target_request_received] |
|
jsonPayload.targetRequestSent |
target.resource.attribute.labels[json_payload_target_request_sent] |
|
jsonPayload.bot_reason |
additional.fields[json_payload_bot_reason] |
|
jsonPayload.count_distinct_bot |
additional.fields[json_payload_count_distinct_bot] |
|
jsonPayload.developerApp |
additional.fields[json_payload_developer_app] |
|
jsonPayload.developerId |
additional.fields[json_payload_developer_id] |
|
jsonPayload.minute |
additional.fields[json_payload_minute] |
|
jsonPayload.environment |
additional.fields[json_payload_environment] |
|
jsonPayload.sum_bot_traffic |
additional.fields[json_payload_sum_bot_traffic] |
|
partialSuccess |
additional.fields[partial_success] |
Referencia de asignación de campos: GCP_APIGEE_X New Cloud Logging policy logs
En la siguiente tabla se enumeran los campos de registro del tipo de registro de la política de GCP_APIGEE_X nuevo Cloud Logging y sus campos de UDM correspondientes.
| Log field | UDM mapping | Logic |
|---|---|---|
insertId |
metadata.product_log_id |
|
jsonPayload.request.queryparams.count |
target.resource.attribute.labels[json_payload_request_queryparams_count] |
|
jsonPayload.request.uri |
target.resource.name |
|
|
target.resource.resource_type |
If the jsonPayload.request.uri log field value is not empty, then the target.resource.resource_type UDM field is set to BACKEND_SERVICE. |
jsonPayload.target.host |
target.hostname |
|
jsonPayload.log.sni_host |
target.hostname |
|
jsonPayload.target.host |
target.asset.hostname |
|
jsonPayload.log.sni_host |
target.asset.hostname |
|
jsonPayload.target.sent.start.timestamp |
target.resource.attribute.labels[json_payload_target_sent_start_timestamp] |
|
jsonPayload.response.reason.phrase |
security_result.summary |
|
jsonPayload.response.reason |
security_result.summary |
|
jsonPayload.target.cn |
target.resource.attribute.labels[json_payload_target_cn] |
|
jsonPayload.target.port |
target.port |
|
jsonPayload.request.path |
target.resource.attribute.labels[json_payload_request_path] |
|
jsonPayload.target.ip |
target.ip |
|
jsonPayload.request.queryparam.param_name |
target.resource.attribute.labels[json_payload_request_queryparams_param_name] |
|
jsonPayload.request.queryparam.param_name.values |
target.resource.attribute.labels[json_payload_request_queryparams_param_values] |
|
jsonPayload.client.sent.end.timestamp |
principal.resource.attribute.labels[client sent end timestamp] |
|
jsonPayload.response.content |
security_result.description |
|
jsonPayload.target.organization |
target.resource_ancestors.name |
|
jsonPayload.log.organization |
target.resource_ancestors.name |
|
|
target.resource_ancestors.resource_type |
If the jsonPayload.target.organization log field value is not empty or the jsonPayload.log.organization log field value is not empty, then the target.resource_ancestors.resource_type UDM field is set to CLOUD_ORGANIZATION. |
jsonPayload.target.organization.unit |
target.resource_ancestors.attribute.labels[json_payload_target_organization_unit] |
|
jsonPayload.proxy.client.ip |
src.ip |
|
jsonPayload.error.content |
security_result.about.resource.attribute.labels[error_content] |
|
jsonPayload.response.headers.names |
target.resource.attribute.labels[response_headers_names] |
|
jsonPayload.error.state |
security_result.about.resource.attribute.labels[state] |
|
jsonPayload.proxy.pathsuffix |
intermediary.resource.attribute.labels[pathsuffix] |
|
jsonPayload.log.proxy_basepath |
intermediary.resource.attribute.labels[pathsuffix] |
|
jsonPayload.messageid |
metadata.product_event_type |
|
jsonPayload.request.verb |
network.http.method |
|
jsonPayload.response.status.code |
network.http.response_code |
|
jsonPayload.log.status |
network.http.response_code |
|
jsonPayload.response.code |
network.http.response_code |
|
jsonPayload.request.transportid |
target.resource.attribute.labels[json_payload_request_transport_id] |
|
jsonPayload.request.content |
target.resource.attribute.labels[json_payload_request_content] |
|
jsonPayload.client.received.start.timestamp |
principal.resource.attribute.labels[client_received_start_timestamp] |
|
jsonPayload.target.basepath |
target.resource.attribute.labels[basepath] |
|
jsonPayload.proxy.url |
intermediary.url |
|
jsonPayload.request.url |
target.resource.attribute.labels[json_payload_request_url] |
|
jsonPayload.client.sent.start.timestamp |
principal.resource.attribute.labels[json_payload_client_sent_start_timestamp] |
|
jsonPayload.client.received.end.timestamp |
principal.resource.attribute.labels[client end timestamp] |
|
jsonPayload.target.sent.end.timestamp |
target.resource.attribute.labels[json_payload_target_sent_end_timestamp] |
|
jsonPayload.apigee.metrics.policy..timeTaken |
security_result.rule_labels[apigee_metrics_policy_time_taken] |
|
jsonPayload.target.scheme |
target.network.application_protocol |
|
jsonPayload.request.queryparams.names |
target.resource.attribute.labels[json_payload_request_queryparams_names] |
|
jsonPayload.request.version |
target.resource.attribute.labels[json_payload_request_version] |
|
jsonPayload.request.httpversion |
target.resource.attribute.labels[json_payload_request_version] |
|
jsonPayload.system.timestamp |
additional.fields[jsonPayload_system_timestamp] |
|
jsonPayload.client.scheme |
principal.network.application_protocol |
|
jsonPayload.request.header.header_name |
target.resource.attribute.labels[json_payload_request_header_name] |
|
jsonPayload.request.header.header_name.values |
target.resource.attribute.labels[request_header_name_values] |
|
jsonPayload.target.url |
target.url |
|
jsonPayload.url |
target.url |
|
jsonPayload.response.header.header_name.values |
target.resource.attribute.labels[response_header_name_values] |
|
jsonPayload.request.querystring |
target.resource.attribute.labels[json_payload_request_querystring] |
|
jsonPayload.response.headers.count |
target.resource.attribute.labels[response_headers_count] |
|
|
principal.resource.resource_type |
If the resource.type log field value is equal to gce_instance, then the principal.resource.resource_type UDM field is set to VIRTUAL_MACHINE. |
resource.type |
principal.resource.resource_subtype |
|
resource.labels.instance_id |
principal.resource.product_object_id |
|
resource.labels.project_id |
principal.resource_ancestors.product_object_id |
|
|
principal.resource_ancestors.resource_type |
The if the UDM field is set to CLOUD_PROJECT. |
resource.labels.zone |
principal.resource.attribute.cloud.availability_zone |
|
timestamp |
metadata.event_timestamp |
|
severity |
security_result.severity |
If the severity log field value is equal to ERROR, then the severity log field is mapped to the security_result.severity UDM field. |
severity |
security_result.severity_details |
|
logName |
security_result.category_details |
|
logName |
principal.resource.attribute.labels[Log Name] |
|
receiveTimestamp |
metadata.collected_timestamp |
|
jsonPayload.client.ip |
principal.ip |
|
jsonPayload.log.origin_address |
principal.ip |
|
jsonPayload.client.host |
principal.ip |
|
jsonPayload.request.formparam.param_name.values |
target.resource.attribute.labels[json_payload_request_form_param_name_values] |
|
jsonPayload.request.formparam.param_name |
target.resource.attribute.labels[json_payload_request_form_param_name] |
|
jsonPayload.request.formparams.count |
target.resource.attribute.labels[json_payload_request_form_params_count] |
|
jsonPayload.request.formparams.names |
target.resource.attribute.labels[json_payload_request_form_params_names] |
|
jsonPayload.request.formstring |
target.resource.attribute.labels[json_payload_request_form_string] |
|
jsonPayload.response.transport.message |
target.resource.attribute.labels[response_transport_message] |
|
jsonPayload.response.header.header_name |
target.resource.attribute.labels[response_header_name] |
|
jsonPayload.apigee.metrics.policy.policy_name.timeTaken |
security_result.rule_labels[apigee_metrics_policy_policy_name_timeTaken] |
|
jsonPayload.apiproduct.operation |
intermediary.resource.attribute.labels[api_product_operation] |
|
jsonPayload.apiproduct.operation.resource |
intermediary.resource.attribute.labels[api_product_operation_resource] |
|
jsonPayload.apiproduct.operation.methods |
intermediary.resource.attribute.labels[api_product_operation_methods] |
|
jsonPayload.apiproduct.operation.attributes.key_name |
intermediary.resource.attribute.labels[api_product_operation_attributes_key_name] |
|
jsonPayload.proxy.name |
intermediary.resource.name |
|
jsonPayload.proxy.revision |
intermediary.resource.attribute.labels[json_payload_proxy_revision] |
|
jsonPayload.apiproxy.basepath |
intermediary.resource.attribute.labels[json_payload_api_proxy_basepath] |
|
jsonPayload.client.cn |
principal.resource.attribute.labels[json_payload_client_cn] |
|
jsonPayload.client.country |
principal.location.country_or_region |
|
jsonPayload.client.email.address |
principal.email |
|
jsonPayload.client.locality |
principal.location.city |
|
jsonPayload.client.organization |
principal.resource_ancestors.name |
|
|
principal.resource_ancestors.resource_type |
If the jsonPayload.client.organization log field value is not empty, then the principal.resource_ancestors.resource_type UDM field is set to CLOUD_ORGANIZATION. |
jsonPayload.client.organization.unit |
principal.resource_ancestors.attribute.labels[client_organization_unit] |
|
jsonPayload.client.port |
principal.port |
|
jsonPayload.client.received.end.time |
principal.resource.attribute.labels[client_received_end_time] |
|
jsonPayload.client.received.start.time |
principal.resource.attribute.labels[client_received_start_time] |
|
jsonPayload.client.sent.end.time |
principal.resource.attribute.labels[client_sent_end_time] |
|
jsonPayload.client.sent.start.time |
principal.resource.attribute.labels[client_sent_start_time] |
|
jsonPayload.client.ssl.enabled |
principal.resource.attribute.labels[client_ssl_enabled] |
|
jsonPayload.client.state |
principal.resource.attribute.labels[client_state] |
|
jsonPayload.current.flow.name |
additional.fields[current_flow_name] |
|
jsonPayload.current.flow.description |
additional.fields[current_flow_description] |
|
jsonPayload.environment.name |
additional.fields[environment_name] |
|
jsonPayload.error |
security_result.about.resource.attribute.labels[jsonPayload_error] |
|
jsonPayload.error.message |
security_result.about.resource.attribute.labels[message] |
|
jsonPayload.error.status.code |
security_result.about.resource.attribute.labels[jsonPayload_error_status_code] |
|
jsonPayload.error.reason.phrase |
security_result.about.resource.attribute.labels[jsonPayload_error_reason_phrase] |
|
jsonPayload.error.transport.message |
security_result.about.resource.attribute.labels[jsonPayload_error_transport_message] |
|
jsonPayload.error.header.header_name |
security_result.about.resource.attribute.labels[error_header_name] |
|
jsonPayload.fault.name |
security_result.about.resource.attribute.labels[fault_name] |
|
jsonPayload.fault.reason |
security_result.about.resource.attribute.labels[fault_reason] |
If the jsonPayload.error.faultReason log field value is empty, then the jsonPayload.fault.reason log field is mapped to the security_result.description UDM field.Else, the jsonPayload.fault.reason log field is mapped to the security_result.about.resource.attribute.labels.fault_reason UDM field. |
jsonPayload.fault.category |
security_result.category_details |
|
jsonPayload.fault.subcategory |
security_result.category_details |
|
jsonPayload.literal_value |
additional.fields[jsonPayload_literal_value] |
|
jsonPayload.graphql |
additional.fields[graphql] |
|
jsonPayload.graphql.fragment |
additional.fields[graphql_fragment] |
|
jsonPayload.graphql.fragment.count |
additional.fields[graphql_fragment_count] |
|
jsonPayload.graphql.fragment.INDEX.selectionSet.INDEX |
additional.fields[graphql_fragment_INDEX_selectionSet_INDEX] |
|
jsonPayload.graphql.fragment.INDEX.selectionSet.INDEX.name |
additional.fields[graphql_fragment_INDEX_selectionSet_INDEX_name] |
|
jsonPayload.graphql.fragment.INDEX.selectionSet.count |
additional.fields[graphql_fragment_INDEX_selectionSet_count] |
|
jsonPayload.graphql.fragment.INDEX.selectionSet.name |
additional.fields[graphql_fragment_INDEX_selectionSet_name] |
|
jsonPayload.graphql.operation |
additional.fields[graphql_operation] |
|
jsonPayload.graphql.operation.name |
additional.fields[graphql_operation_name] |
|
jsonPayload.graphql.operation.operationType |
additional.fields[graphql_operation_operationType] |
|
jsonPayload.graphql.operation.selectionSet |
additional.fields[graphql_operation_selectionSet] |
|
jsonPayload.graphql.operation.selectionSet.count |
additional.fields[graphql_operation_selectionSet_count] |
|
jsonPayload.graphql.operation.selectionSet.name |
additional.fields[graphql_operation_selectionSet_name] |
|
jsonPayload.graphql.operation.selectionSet.INDEX |
additional.fields[graphql_operation_selectionSet_INDEX] |
|
jsonPayload.graphql.operation.selectionSet.INDEX.name |
additional.fields[graphql_operation_selectionSet_INDEX_name] |
|
jsonPayload.graphql.operation.selectionSet.INDEX.[selectionSet] |
additional.fields[graphql_operation_selectionSet_INDEX_selectionSet] |
|
jsonPayload.graphql.operation.selectionSet.INDEX.directive |
additional.fields[graphql_operation_selectionSet_INDEX_directive] |
|
jsonPayload.graphql.operation.selectionSet.INDEX.directive.count |
additional.fields[graphql_operation_selectionSet_INDEX_directive_count] |
|
jsonPayload.graphql.operation.selectionSet.INDEX.directive.INDEX |
additional.fields[graphql_operation_selectionSet_INDEX_directive_INDEX] |
|
jsonPayload.graphql.operation.selectionSet.INDEX.directive.INDEX.argument.INDEX |
additional.fields[graphql_operation_selectionSet_INDEX_directive_INDEX_argument_INDEX] |
|
jsonPayload.graphql.operation.selectionSet.INDEX.directive.INDEX.argument.INDEX.name |
additional.fields[graphql_operation_selectionSet_INDEX_directive_INDEX_argument_INDEX_name] |
|
jsonPayload.graphql.operation.selectionSet.INDEX.directive.INDEX.argument.INDEX.value |
additional.fields[graphql_operation_selectionSet_INDEX_directive_INDEX_argument_INDEX_value] |
|
jsonPayload.graphql.operation.selectionSet.INDEX.directive.name |
additional.fields[graphql_operation_selectionSet_INDEX_directive_name] |
|
jsonPayload.graphql.operation.variableDefinitions |
additional.fields[graphql_operation_variableDefinitions] |
|
jsonPayload.graphql.operation.variableDefinitions.count |
additional.fields[graphql_operation_variableDefinitions_count] |
|
jsonPayload.graphql.operation.variableDefinitions.INDEX |
additional.fields[graphql_operation_variableDefinitions_INDEX] |
|
jsonPayload.graphql.operation.variableDefinitions.INDEX.name |
additional.fields[graphql_operation_variableDefinitions_INDEX_name] |
|
jsonPayload.graphql.operation.variableDefinitions.INDEX.type |
additional.fields[graphql_operation_variableDefinitions_INDEX_type] |
|
jsonPayload.is.error |
security_result.about.resource.attribute.labels[is_error] |
|
jsonPayload.loadbalancing.failedservers |
intermediary.resource.attribute.labels[loadbalancing_failed_servers] |
|
jsonPayload.loadbalancing.isfallback |
intermediary.resource.attribute.labels[loadbalancing_is_fallback] |
|
jsonPayload.loadbalancing.targetserver |
intermediary.resource.attribute.labels[loadbalancing_target_server] |
|
jsonPayload.message |
additional.fields[jsonPayload_message] |
|
jsonPayload.message.content |
additional.fields[message_content] |
|
jsonPayload.message.formparam.param_name |
additional.fields[message_formparam_param_name] |
|
jsonPayload.message.formparam.param_name.values |
additional.fields[message_formparam_param_name_values] |
|
jsonPayload.message.formparam.param_name.values.count |
additional.fields[message_formparam_param_name_values_count] |
|
jsonPayload.message.formparams.count |
additional.fields[message_formparams_count] |
|
jsonPayload.message.formparams.names |
additional.fields[message_formparams_names] |
|
jsonPayload.message.formstring |
additional.fields[message_formstring] |
|
jsonPayload.message.header.header_name |
additional.fields[message_header_header_name] |
|
jsonPayload.message.header.header_name.N |
additional.fields[message_header_header_name_N] |
|
jsonPayload.message.header.header_name.values |
additional.fields[message_header_header_name_values] |
|
jsonPayload.message.header.header_name.values.count |
additional.fields[message_header_header_name_values_count] |
|
jsonPayload.message.header.header_name.values.string |
additional.fields[message_header_header_name_values_string] |
|
jsonPayload.message.headers.count |
additional.fields[message_headers_count] |
|
jsonPayload.message.headers.names |
additional.fields[message_headers_names] |
|
jsonPayload.message.path |
additional.fields[message_path] |
|
jsonPayload.message.queryparam.param_name |
additional.fields[message_queryparam_param_name] |
|
jsonPayload.message.queryparam.param_name.N |
additional.fields[message_queryparam_param_name_N] |
|
jsonPayload.message.queryparam.param_name.values |
additional.fields[message_queryparam_param_name_values] |
|
jsonPayload.message.queryparam.param_name.values.count |
additional.fields[message_queryparam_param_name_values_count] |
|
jsonPayload.message.queryparams.count |
additional.fields[message_queryparams_count] |
|
jsonPayload.message.queryparams.names |
additional.fields[message_queryparams_names] |
|
jsonPayload.message.querystring |
additional.fields[message_querystring] |
|
jsonPayload.message.status.code |
additional.fields[message_status_code] |
|
jsonPayload.message.transport.message |
additional.fields[message_transport_message] |
|
jsonPayload.message.uri |
additional.fields[message_uri] |
|
jsonPayload.message.verb |
additional.fields[message_verb] |
|
jsonPayload.message.version |
additional.fields[message_version] |
|
jsonPayload.mint.limitscheck.is_request_blocked |
additional.fields[mint_limitscheck_is_request_blocked] |
|
jsonPayload.mint.limitscheck.is_subscription_found |
additional.fields[mint_limitscheck_is_subscription_found] |
|
jsonPayload.mint.limitscheck.prepaid_developer_balance |
additional.fields[mint_limitscheck_prepaid_developer_balance] |
|
jsonPayload.mint.limitscheck.prepaid_developer_currency |
additional.fields[mint_limitscheck_prepaid_developer_currency] |
|
jsonPayload.mint.limitscheck.purchased_product_name |
additional.fields[mint_limitscheck_purchased_product_name] |
|
jsonPayload.mint.limitscheck.status_message |
additional.fields[mint_limitscheck_status_message] |
|
jsonPayload.mint.mintng_consumption_pricing_rates |
additional.fields[mint_mintng_consumption_pricing_rates] |
|
jsonPayload.mint.mintng_consumption_pricing_type |
additional.fields[mint_mintng_consumption_pricing_type] |
|
jsonPayload.mint.mintng_currency |
additional.fields[mint_mintng_currency] |
|
jsonPayload.mint.mintng_dev_share |
additional.fields[mint_mintng_dev_share] |
|
jsonPayload.mint.mintng_is_apiproduct_monetized |
additional.fields[mint_mintng_is_apiproduct_monetized] |
|
jsonPayload.mint.mintng_price |
additional.fields[mint_mintng_price] |
|
jsonPayload.mint.mintng_price_multiplier |
additional.fields[mint_mintng_price_multiplier] |
|
jsonPayload.mint.mintng_rate |
additional.fields[mint_mintng_rate] |
|
jsonPayload.mint.mintng_rate_before_multipliers |
additional.fields[mint_mintng_rate_before_multipliers] |
|
jsonPayload.mint.mintng_rate_plan_id |
additional.fields[mint_mintng_rate_plan_id] |
|
jsonPayload.mint.mintng_revenue_share_rates |
additional.fields[mint_mintng_revenue_share_rates] |
|
jsonPayload.mint.mintng_revenue_share_type |
additional.fields[mint_mintng_revenue_share_type] |
|
jsonPayload.mint.mintng_tx_success |
additional.fields[mint_mintng_tx_success] |
|
jsonPayload.mint.prepaid_updated_developer_usage |
additional.fields[mint_prepaid_updated_developer_usage] |
|
jsonPayload.mint.rateplan_end_time_ms |
additional.fields[mint_rateplan_end_time_ms] |
|
jsonPayload.mint.rateplan_start_time_ms |
additional.fields[mint_rateplan_start_time_ms] |
|
jsonPayload.mint.status |
additional.fields[mint_status] |
|
jsonPayload.mint.status_code |
additional.fields[mint_status_code] |
|
jsonPayload.mint.subscription_end_time_ms |
additional.fields[mint_subscription_end_time_ms] |
|
jsonPayload.mint.subscription_start_time_ms |
additional.fields[mint_subscription_start_time_ms] |
|
jsonPayload.mint.tx_success_result |
additional.fields[mint_tx_success_result] |
|
jsonPayload.organization.name |
principal.resource_ancestors.name |
|
|
principal.resource_ancestors.resource_type |
If the jsonPayload.organization.name log field value is not empty, then the principal.resource_ancestors.resource_type UDM field is set to CLOUD_ORGANIZATION. |
jsonPayload.proxy.basepath |
intermediary.resource.attribute.labels[proxy_basepath] |
|
jsonPayload.proxy |
intermediary.resource.attribute.labels[proxy] |
|
jsonPayload.proxy.proxyendpoint.name |
intermediary.resource.attribute.labels[proxy_endpoint_name] |
|
jsonPayload.publishmessage.message.id |
additional.fields[publishmessage_message_id] |
|
jsonPayload.ratelimit.policy_name.allowed.count |
security_result.rule_labels[ratelimit_policy_name_allowed_count] |
|
jsonPayload.ratelimit.policy_name.used.count |
security_result.rule_labels[ratelimit_policy_name_used_count] |
|
jsonPayload.ratelimit.policy_name.available.count |
security_result.rule_labels[ratelimit_policy_name_available_count] |
|
jsonPayload.ratelimit.policy_name.exceed.count |
security_result.rule_labels[ratelimit_policy_name_exceed_count] |
|
jsonPayload.ratelimit.policy_name.total.exceed.count |
security_result.rule_labels[ratelimit_policy_name_total_exceed_count] |
|
jsonPayload.ratelimit.policy_name.expiry.time |
security_result.rule_labels[ratelimit_policy_name_expiry_time] |
|
jsonPayload.ratelimit.policy_name.identifier |
security_result.rule_id |
|
jsonPayload.ratelimit.policy_name.class |
security_result.rule_labels[ratelimit_policy_name_class] |
|
jsonPayload.ratelimit.policy_name.class.allowed.count |
security_result.rule_labels[ratelimit_policy_name_class_allowed_count] |
|
jsonPayload.ratelimit.policy_name.class.used.count |
security_result.rule_labels[ratelimit_policy_name_class_used_count] |
|
jsonPayload.ratelimit.policy_name.class.available.count |
security_result.rule_labels[ratelimit_policy_name_class_available_count] |
|
jsonPayload.ratelimit.policy_name.class.exceed.count |
security_result.rule_labels[ratelimit_policy_name_class_exceed_count] |
|
jsonPayload.ratelimit.policy_name.class.total.exceed.count |
security_result.rule_labels[ratelimit_policy_name_class_total_exceed_count] |
|
jsonPayload.ratelimit.policy_name.failed |
security_result.rule_labels[ratelimit_policy_name_failed] |
|
jsonPayload.request |
target.resource.attribute.labels[request] |
|
jsonPayload.request.formparam.param_name.values.count |
target.resource.attribute.labels[request_formparam_name_values_count] |
|
jsonPayload.request.formparam.param_name.N |
target.resource.attribute.labels[request_formparam_name_N] |
|
jsonPayload.request.grpc.rpc.name |
target.resource.attribute.labels[request_grpc_rpc_name] |
|
jsonPayload.request.grpc.service.name |
target.resource.attribute.labels[request_grpc_service_name] |
|
jsonPayload.request.header.header_name.N |
target.resource.attribute.labels[request_header_name_N] |
|
jsonPayload.request.header.header_name.values.count |
target.resource.attribute.labels[request_header_name_values_count] |
|
jsonPayload.request.header.header_name.values.string |
target.resource.attribute.labels[request_header_name_values_string] |
|
jsonPayload.request.headers.count |
target.resource.attribute.labels[request_headers_count] |
|
jsonPayload.request.headers.names |
target.resource.attribute.labels[request_headers_names] |
|
jsonPayload.request.queryparam.param_name.N |
target.resource.attribute.labels[request_queryparam_name_N] |
|
jsonPayload.request.queryparam.param_name.values.count |
target.resource.attribute.labels[request_queryparam_name_values_count] |
|
jsonPayload.request.transport.message |
target.resource.attribute.labels[request_transport_message] |
|
jsonPayload.response |
target.resource.attribute.labels[response] |
|
jsonPayload.response.header.header_name.values.count |
target.resource.attribute.labels[response_header_name_values_count] |
|
jsonPayload.response.header.header_name.values.string |
target.resource.attribute.labels[response_header_name_values_string] |
|
jsonPayload.response.header.header_name.N |
target.resource.attribute.labels[response_header_name_N] |
|
jsonPayload.system.interface.interface_name |
intermediary.ip |
|
|
intermediary.resource_ancestors.resource_type |
If the jsonPayload.system.pod.name log field value is not empty, then the intermediary.resource_ancestors.resource_type UDM field is set to POD. |
jsonPayload.system.pod.name |
intermediary.resource_ancestors.name |
|
jsonPayload.system.region.name |
intermediary.location.country_or_region |
|
jsonPayload.system.time |
intermediary.resource.attribute.labels[system_time] |
|
jsonPayload.system.time.year |
intermediary.resource.attribute.labels[system_time_year] |
|
jsonPayload.system.time.month |
intermediary.resource.attribute.labels[system_time_month] |
|
jsonPayload.system.time.day |
intermediary.resource.attribute.labels[system_time_day] |
|
jsonPayload.system.time.dayofweek |
intermediary.resource.attribute.labels[system_time_dayofweek] |
|
jsonPayload.system.time.hour |
intermediary.resource.attribute.labels[system_time_hour] |
|
jsonPayload.system.time.minute |
intermediary.resource.attribute.labels[system_time_minute] |
|
jsonPayload.system.time.second |
intermediary.resource.attribute.labels[system_time_second] |
|
jsonPayload.system.time.millisecond |
intermediary.resource.attribute.labels[system_time_millisecond] |
|
jsonPayload.system.time.zone |
intermediary.resource.attribute.labels[system_time_zone] |
|
jsonPayload.system.uuid |
intermediary.resource.attribute.labels[system_uuid] |
|
jsonPayload.target.copy.pathsuffix |
target.resource.attribute.labels[target_copy_pathsuffix] |
|
jsonPayload.target.copy.queryparams |
target.resource.attribute.labels[target_copy_queryparams] |
|
jsonPayload.target.country |
target.location.country_or_region |
|
jsonPayload.target.email.address |
target.user.email_addresses |
|
jsonPayload.developer.email |
target.user.email_addresses |
|
jsonPayload.target.expectedcn |
target.resource.attribute.labels[target_expectedcn] |
|
jsonPayload.target.locality |
target.location.city |
|
jsonPayload.target.name |
target.resource.attribute.labels[target_name] |
|
jsonPayload.target.received.end.time |
target.resource.attribute.labels[target_received_end_time] |
|
jsonPayload.target.received.start.time |
target.resource.attribute.labels[target_received_start_time] |
|
jsonPayload.target.received.start.timestamp |
target.resource.attribute.labels[target_received_start_timestamp] |
|
jsonPayload.target.sent.end.time |
target.resource.attribute.labels[target_sent_end_time] |
|
jsonPayload.target.sent.start.time |
target.resource.attribute.labels[target_sent_start_time] |
|
jsonPayload.target.ssl.enabled |
target.resource.attribute.labels[target_ssl_enabled] |
|
jsonPayload.target.state |
target.resource.attribute.labels[target_state] |
|
jsonPayload.variable.expectedcn |
additional.fields[variable_expectedcn] |
|
jsonPayload.request.host |
target.resource.attribute.labels[json_payload_request_host] |
|
jsonPayload.request_msg.header.host |
target.resource.attribute.labels[json_payload_request_host] |
|
jsonPayload.request.user-agent |
network.http.user_agent |
|
jsonPayload.request.header.user-agent |
network.http.user_agent |
|
jsonPayload.request.x-b3-traceid |
target.resource.attribute.labels[json_payload_request_x_b3_traceid] |
|
jsonPayload.request.header.x-b3-traceid |
target.resource.attribute.labels[json_payload_request_x_b3_traceid] |
|
jsonPayload.request.header.x-cloud-trace-context |
target.resource.attribute.labels[json_payload_request_x_cloud_trace_context] |
|
jsonPayload.request.x-cloud-trace-context |
target.resource.attribute.labels[json_payload_request_x_cloud_trace_context] |
|
jsonPayload.apiproduct.name |
intermediary.resource.attribute.labels[jsonPayload_api_product_name] |
|
jsonPayload.app.name |
target.application |
|
jsonPayload.developer.app.name |
target.application |
|
jsonPayload.cachehit |
additional.fields[jsonPayload_cachehit] |
Siguientes pasos
¿Necesitas más ayuda? Recibe respuestas de los miembros de la comunidad y de los profesionales de Google SecOps.