Auto-Generated Documentation
This set of documentation is automatically generated from source, and will help ensure any change to functionality will always be documented and available on release.
OriginalClient¶
A client is defined as the initiator of a network connection for events regarding sessions, connections, or bidirectional flow records.
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| address | Keyword | The original client in a session that has changed clients. Some event client addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the .address field. | Optional | None |
| autonomous_systems | AS | The original client in a session that has changed clients. Collection of connected Internal Protocol routing prefixes | Optional | None |
| bytes | Integer | The original client in a session that has changed clients. Bytes sent from the client to the server. | Optional | None |
| domain | Domain | The original client in a session that has changed clients. The domain name of the client system. | Optional | None |
| geo | Geo | The original client in a session that has changed clients. Geo fields can carry data about a specific location related to an event. | Optional | None |
| ip | IP | The original client in a session that has changed clients. IP address of the client (IPv4 or IPv6). | Optional | None |
| mac | MAC | The original client in a session that has changed clients. MAC address of the client. | Optional | None |
| nat | Nat | The original client in a session that has changed clients. Translated NAT sessions (e.g. internal client to internet). | Optional | None |
| packets | Integer | The original client in a session that has changed clients. Packets sent from the destination to the source. | Optional | None |
| port | Integer | The original client in a session that has changed clients. Port of the client. | Optional | None |