Overview

Some message collectors have a common field definitions configuration to map datafields on to an output format. This may change the output field name, or data type. If the field definitions are not configured, all datafields will be mapped directly.

Stack Configuration

Tables

field_definitions

Parameter	Type	Required	Default	Description
field_name	string	N	Same as df_name	Name of field
field_type	enum (STRING \| INT32 \| UINT32 \| INT64 \| UINT64 \| FLOAT \| DOUBLE \| BOOL)	N	Closest mapping from the datafield type	Type of field
df_name	string	Y		Datafield name

Key: field_definitions.

Example

Message collector specific configuration removed for clarity.

{
  "msgCollector": {
    "tables": {
      "field_definitions": [
        {
          "df_name": "ip.src_host"
        },
        {
          "field_name": "dst_host"
          "df_name": "ip.dst_host"
        },
        {
          "field_name": "src_port",
          "field_type": "STRING",
          "df_name": "ip.src_port"
        }
      ]
    }
  }
}