OCI Parser Details
Following are the Oracle-defined parsers available in Oracle Logging Analytics to process the logs collected from Oracle Cloud Infrastructure services:
OCI Cloud Guard Query Results Log Format
Parser name: oci_cloud_guard_query_results_logtype
Example Content:
{ "data": { "executionTime": "2024-06-05T13:51:43Z", "message": "ocid1.cloudguarddatasource.oc1.iad.UniqueID executed on nodename, result 1/1", "result": { "builddistro": "centos7", "buildplatform": "linux", "confighash": "2c01b8234d6c93aea2041b3430f8d7e26fb4f740", "configvalid": "1", "extensions": "active", "instanceid": "ocid1.instance.oc1.iad.UniqueID", "pid": "3212701", "platformmask": "9", "starttime": "1716921925", "uuid": "7e5b5280-3c75-4edf-be65-98363096836c", "version": "5.5.1_66", "watcher": "3212697" }, "resultGroupId": "11566c0c-811b-4193-84f2-c2b1ee50f3e4" }, "id": "10c777d8-231a-4e04-b33b-45d2312f096b", "oracle": { "compartmentid": "ocid1.compartment.oc1..UniqueID", "ingestedtime": "2024-06-05T13:58:09.343Z", "logid": "ocid1.log.oc1.iad.UniqueID", "tenantid": "ocid1.tenancy.oc1..UniqueID" }, "source": "ol9-arm-flexa1-private-internet-standard", "specversion": "1.0", "subject": "ocid1.cloudguarddatasource.oc1.iad.UniqueID", "time": "2024-06-05T13:58:01.112Z", "type": "com.oraclecloud.workloadprotection.cloudguarddatasource.wlp_scheduled_query_logs" }
OCI Cloud Guard Raw Log Format
Parser name: oci_cloud_guard_raw_logtype
Example Content:
{ "data": { "executionTime": "2024-07-08T16:11:26Z", "message": "SECSCAN executed on logan-actions-ad2, result 1/1", "result": { "environment": "overlay", "daemonhost": "unix:///run/odo/docker.sock", "image": "rules:0.2", "imageid": "sha256:ec6790dUniqueID", "state": "running", "chefstatus": "success", "clamscanexitcode": "0", "arch": "x86_64", "builddistro": "centos7", "buildplatform": "linux", "errormessage": "", "instanceid": "ocid1.instance.oc1..UniqueID", "issecscanhost": "false", "command": "root /usr/bin/systemctl restart aidescan.service", "exitcode": "", "fqdn": "api_xyz.logginganalytics.example.com", "hostclass": "LOGAN", "region": "us-ashburn-1", "lastupdated": "2024-07-31T00:52:50Z" } }, "id": "31cbedc5-aaaa-aaaa-UniqueID", "oracle": { "compartmentid": "ocid1.tenancy.oc1..UniqueID", "ingestedtime": "2024-07-08T16:18:18.654Z", "logid": "ocid1.log.oc1..UniqueID", "tenantid": "ocid1.tenancy.oc1..UniqueID" }, "source": "logan-actions-ad2", "specversion": "1.0", "subject": "SECSCAN", "time": "2024-07-08T16:18:10.739Z", "type": "com.oraclecloud.workloadprotection.cloudguardtarget.recipelog" }
OCI Web Application Acceleration Log Format
Parser name: oci_waa_logtype
Example Content:
{ "data":{ "request":{ "id":"727b8fabcc23662a8ad3754d4a3573f2" }, "response":{ "code":"200", "size":"73805" }, "timestamp":"2023-08-14T05:40:24+00:00" }, "id":"6cf12c5a-846f-4394-b882-861c5b698032-waa-192433", "oracle":{ "compartmentid":"ocid1.compartment.oc1.uniqueId", "ingestedtime":"2023-08-14T05:40:33.086Z", "loggroupid":"ocid1.loggroup.oc1.uniqueId", "logid":"ocid1.log.oc1.uniqueId", "resourceid":"ocid1.loadbalancer.oc1.uniqueId", "tenantid":"ocid1.tenancy.oc1.uniqueId" }, "source":"fortLB", "specversion":"1.0", "subject":"", "time":"2023-08-14T05:40:24.526Z", "type":"com.oraclecloud.loadbalancer.waa" }
OKE Control Plane Log Format
Parser name: oci_oke_controlplane_logtype
Example Content:
{ "data": { "level": "info", "msg": "\"Event occurred\" object=\"oci-onm/oci-onm-discovery\" fieldPath=\"\" kind=\"CronJob\" apiVersion=\"batch/v1\" type=\"Normal\" reason=\"SuccessfulDelete\" message=\"Deleted job oci-onm-discovery-28283395\"", "source": "event.go:294" }, "id": "uniqueId", "oracle": { "compartmentid": "ocid1.compartment.oc1.uniqueId", "ingestedtime": "2023-10-11T06:11:01.153Z", "loggroupid": "ocid1.loggroup.oc1.uniqueId", "logid": "ocid1.log.oc1.uniqueId", "tenantid": "ocid1.tenancy.oc1.uniqueId" }, "source": "kube-controller-manager", "specversion": "1.0", "time": "2023-10-11T06:10:08.813Z", "type": "com.oraclecloud.kubernetes.cluster.controlplane" }
OCI Service Connector Hub Log Format
Parser name: oci_service_connector_hub_logtype
Example Content:
{ "data": { "level": "INFO", "message": "Run succeeded - Read 2 messages from source and wrote 2 messages to target", "messageType": "CONNECTOR_RUN_COMPLETED" }, "id": "f83205ef-0bef-47d0-b6b2-362afc4a2e9a", "oracle": { "compartmentid": "ocid1.compartment.uniqueId", "ingestedtime": "2023-08-02T00:10:28.990Z", "loggroupid": "ocid1.loggroup.uniqueId", "logid": "ocid1.log.uniqueId", "resourceid": "ocid1.serviceconnector.uniqueId", "tenantid": "ocid1.tenancy.uniqueId" }, "source": "connectorName", "specversion": "1.0", "time": "2023-08-02T00:10:26.859Z", "type": "com.oraclecloud.sch.serviceconnector.runlog" }
OCI GoldenGate Log Format
Parser name: oci_golden_gate_logtype
Example Content:
[{ "time": "2023-05-25T09:21:05.192Z", "source": "ocid1.goldengatedeployment.uniqueId", "id": "uniqueId", "oracle": { "compartmentid": "ocid1.compartment.uniqueId", "logid": "ocid1.log.uniqueId" }, "specversion": "1.0", "type": "com.oraclecloud.goldengate.deployment.process_logs", "data": { "message": "CSRFTokenProtection: ENABLED.\nCross-Site Request Forgery checks using CSRF-Tokens will be performed.", "level": "INFO", "resourceId": "ocid1.goldengatedeployment.uniqueId", "processName": "distsrvr" } }, { "ts": "2023-05-25T09:21:05.192Z", "source": "ocid1.goldengatedeployment.uniqueId", "id": "uniqueId", "oracle": { "compartmentid": "ocid1.compartment.uniqueId", "logid": "ocid1.log.uniqueId" }, "specversion": "1.0", "type": "com.oraclecloud.goldengate.deployment.process_logs", "data": { "message": "CSRFTokenProtection: ENABLED.\nCross-Site Request Forgery checks using CSRF-Tokens will be performed.", "level": "INFO", "resourceId": "ocid1.goldengatedeployment.uniqueId", "processName": "distsrvr" } }]
OCI Data Flow Spark Diagnostic Log Format
Parser name: oci_data_flow_spark_diagnostics_logtype
Example Content:
{ "data": { "logLevel": "INFO", "message": "Execution complete.", "opcRequestId": "unique_ID", "runId": "ocid1.dataflowrun.realm.region.unique_ID", "thread": "shaded.dataflow.oracle.dfcs.spark.wrapper.DataflowWrapper" }, "id": "unique_ID", "oracle": { "compartmentid": "ocid1.tenancy.oc1.unique_ID", "ingestedtime": "2023-06-23T20:20:06.974Z", "loggroupid": "ocid1.loggroup.realm.region.unique_ID", "logid": "ocid1.log.realm.region.unique_ID", "tenantid": "ocid1.tenancy.realm.region.unique_ID" }, "source": "Sample CSV Processing App", "specversion": "1.0", "subject": "spark-driver", "time": "2023-06-23T20:20:02.245Z", "type": "com.oraclecloud.dataflow.run.driver" }
OCI Application Performance Monitoring Log Format
Parser name: oci_application_performance_monitoring_logtype
Example Content:
{ "data": { "arrivaltime": "2023-03-14T15:21:27.010Z", "content": "{\\\"major-version\\\": 1, \\\"minor-version\\\": 0, \\\"payload-creation-ts-millis\\\": 1678807286000, \\\"resource\\\": {\\\"attributes\\\": [{\\\"key\\\": \\\"Component\\\", \\\"value\\\": \\\"BROWSER\\\"}, {\\\"key\\\": \\\"ServiceName\\\", \\\"value\\\": \\\"myService\\\"}, {\\\"key\\\": \\\"ApmrumLanguage\\\", \\\"value\\\": \\\"en-US\\\"}, {\\\"key\\\": \\\"ApmrumWindowId\\\", \\\"value\\\": \\\"\\\"}, {\\\"key\\\": \\\"SessionId\\\", \\\"value\\\": \\\"session-my1678807286000-3311688\\\"}, {\\\"key\\\": \\\"UserName\\\", \\\"value\\\": \\\"meUser\\\"}]}, \\\"spans\\\": [{\\\"id\\\": \\\"my1678807286000-3311688-2929311\\\", \\\"trace-id\\\": \\\"my1678807286000-3311688\\\", \\\"name\\\": \\\"Page Load myPage\\\", \\\"ts-micros\\\": 1678807284900000, \\\"td-micros\\\": 820619, \\\"kind\\\": \\\"PRODUCER\\\", \\\"attributes\\\": {\\\"ApmrumType\\\": \\\"Page\\\", \\\"WebApplicationName\\\": \\\"myWebapp\\\", \\\"PageInitTime\\\": 870, \\\"PageFirstByteTime\\\": 412, \\\"PageDownloadTime\\\": 17, \\\"PageRenderTime\\\": 994, \\\"PageInteractiveTime\\\": 341, \\\"ApmrumPageUpdateType\\\": \\\"Page Load\\\", \\\"HttpUrl\\\": \\\"http://www.example.com/myIndex.html\\\", \\\"HttpUrlHost\\\": \\\"http://www.example.com\\\", \\\"HttpUrlPath\\\": \\\"/myIndex.html\\\", \\\"HttpStatusCode\\\": 200, \\\"Error\\\": false}, \\\"links\\\": []}, {\\\"id\\\": 5797336, \\\"trace-id\\\": \\\"my1678807286000-3311688\\\", \\\"parent-id\\\": \\\"my1678807286000-3311688-2929311\\\", \\\"name\\\": \\\"Page Load page-0\\\", \\\"ts-micros\\\": 1678807284900000, \\\"td-micros\\\": 990000, \\\"kind\\\": \\\"PRODUCER\\\", \\\"attributes\\\": {\\\"ApmrumType\\\": \\\"Page\\\", \\\"WebApplicationName\\\": \\\"myWebapp\\\", \\\"PageInitTime\\\": 110, \\\"PageFirstByteTime\\\": 304, \\\"PageDownloadTime\\\": 5, \\\"PageRenderTime\\\": 732, \\\"PageInteractiveTime\\\": 401, \\\"ApmrumPageUpdateType\\\": \\\"Page Load\\\", \\\"HttpUrl\\\": \\\"http://www.example.com/myIndex.html\\\", \\\"HttpUrlHost\\\": \\\"http://www.example.com\\\", \\\"HttpUrlPath\\\": \\\"/myIndex.html\\\", \\\"HttpStatusCode\\\": 200, \\\"Error\\\": false}, \\\"links\\\": []}]}", "contentlength": "1616", "dataformat": "apm", "dataformatversion": "1", "message": "The request is rejected due to throttling limits.", "obstype": "public-span", "rejectioncause": "PAYLOAD_THROTTLED" }, "id": "unique_ID", "oracle": { "compartmentid": "ocid1.compartment.oc1.unique_ID", "ingestedtime": "2023-03-14T15:21:35.427Z", "loggroupid": "ocid1.loggroup.oc1.phx.unique_ID", "logid": "ocid1.log.oc1.phx.unique_ID", "tenantid": "ocid1.tenancy.oc1.unique_ID" }, "source": "ocid1.apmdomain.oc1.phx.unique_ID", "specversion": "1.0", "time": "2023-03-14T15:21:27.324Z", "type": "com.oraclecloud.apm.domain.dropped-data" }
OCI Media Flow service Log Format
Parser name: oci_media_flow_service_logtype
Example Content:
{ "data": { "mediaWorkflowId": "ocid1.mediaworkflow.oc1.iad.UniqueID", "mediaWorkflowJobId": "ocid1.mediaworkflowjob.oc1.iad.UniqueID", "message": "Job execution SUCCEEDED", "taskKey": "move", "taskType": "getFiles" }, "id": "e60adf8e-48be-4adc-83f4-315768905600", "oracle": { "compartmentid": "ocid1.compartment.oc1..UniqueID", "ingestedtime": "2023-03-07T07:16:39.975Z", "loggroupid": "ocid1.loggroup.oc1.iad.UniqueID", "logid": "ocid1.log.oc1.iad.UniqueID", "tenantid": "ocid1.tenancy.oc1..UniqueID" }, "source": "ocid1.mediaworkflow.oc1.iad.UniqueID", "specversion": "1.0", "time": "2023-03-07T07:16:37.460Z", "type": "com.oraclecloud.mediaservice.mediaworkflowjob.execution" }
Oracle Operator Access Control Log Format
Parser name: oracle_operator_access_control_logtype
Example Content:
{ "data": { "accessRequestId": "ocid1.opctlaccessrequest.oc1.ap-region.uniqueId", "message": "type=PROCTITLE msg=audit(09/08/2021 09:01:24.335:34495595) : proctitle=ps -ef", "status": "", "systemOcid": "ocid1.exadatainfrastructure.oc1.region.uniqueId", "target": "", "timestamp": "2021-09-08T09:01:24.000Z" }, "id": "b3b102aa-daee-4861-8e2c-123456789123", "oracle": { "compartmentid": "ocid1.tenancy.oc1.uniqueId", "ingestedtime": "2021-09-08T16:02:26.182Z", "loggroupid": "ocid1.loggroup.oc1.region.uniqueId", "logid": "ocid1.log.oc1.region.uniqueId", "tenantid": "ocid1.tenancy.oc1.uniqueId" }, "source": "OperatorAccessControl", "specversion": "1.0", "time": "2021-09-08T16:01:52.989Z", "type": "com.oraclecloud.opctl.audit" }
OCI Load Balancer Access Log Format
Parser name: oci_loadbalancer_access_logtype
Example Content:
{ "data": { "timestamp": "2020-09-28T17:10:39+00:00", "clientAddr": "192.0.2.1:3427", "host": "LB_VirtualAddress", "backendAddr": "192.0.2.100:24443", "requestProcessingTime": "0.003", "backendConnectTime": "0.001", "lbStatusCode": "200", "receivedBytes": 100, "sentBytes": 300, "request": "GET /foo/abc", "sslCipher": "ECDHE-RSA-AES256-GCM-SHA384", "sslProtocol": "TLSv1.2", "userAgent": "curl/7.29.0" }, "id": "adbd63f2-0da7-4d9f-818b-308ee6-a-1849", "oracle": { "compartmentid": "ocid1.compartment.oc1..aaaaaaaaenufxomt", "ingestedtime": "2020-09-28T17:10:47.369Z", "loggroupid": "ocid1.loggroup.oc1.iad.amaaaaaamdyb6aia4c", "logid": "ocid1.log.oc1.iad.amaaaaaamdyb6aiaqgflbcvgcfc", "tenantid": "ocid1.tenancy.oc1..aaaaaaaau6w4ohcbz7otxxy" }, "source": "logan-data-ingest-api-lb", "specversion": "1.0", "subject": "subject", "time": "2020-09-28T17:10:39.266Z", "type": "com.oraclecloud.loadbalancer.access" }
OCI Load Balancer Error Log Format
Parser name: oci_loadbalancer_error_logtype
Example Content:
{ "data": { "errorLog": { "type": "healthChecker", "errorDetails": { "healthStatus": "Healthy to Unhealthy", "backendSetName": "newtest", "backend": "192.0.2.10:80", "details": { "date": 1596583722793, "failures": 3, "successes": 0, "skips": 0, "message": { "statusCode": 200, "expectedRegex": "^notexist$", "msg": "response match result: failed", "base641kData": "CjwhRE9DVFAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBUwgMS4wIFRyYW5zaXRpb25hb++Q+CiAgICA8c3R5bGUgdHlwZT0i" } } } }, "timestamp": "2020-08-04T23:28:52+00:00" }, "id": "7b06a283-140b-4870-8cda--e-0", "oracle": { "compartmentid": "ocid1.compartment.oc1..aaaaaaaaenufx", "ingestedtime": "2020-10-07T06:02:40.433Z", "loggroupid": "ocid1.loggroup.oc1.iad.amaaaaaamdyb6a", "logid": "ocid1.log.oc1.iad.amaaaaaamdyb6aiadglsu6l", "tenantid": "ocid1.tenancy.oc1..aaaaaaaau6w4ohcbz7o" }, "source": "logan-scheduled-search-lb", "specversion": "1.0", "subject": "", "time": "2020-10-07T06:02:34.564Z", "type": "com.oraclecloud.loadbalancer.error" }
OCI Function Log Format
Parser name: oci_function_logtype
Example Content:
{ "data": { "applicationId": "ocid1.fnapp.oc1.region-1.abcdefg", "containerId": "01EMNSA3300000000000000502", "functionId": "ocid1.fnfunc.oci1.region-1.1112233abcdef", "message": "2020-10-15 11:11:35,568 - root - INFO - Headers: {\"host\": [\"localhost\", \"abcdefg.apigateway.region-1.test\"], \"user-agent\": [\"lua-resty-http/0.14 (Lua) ngx_lua/10015\", \"curl/7.29.0\"], \"transfer-encoding\": \"chunked\", \"content-type\": [\"application/octet-stream\", \"application/octet-stream\"], \"date\": \"Thu, 15 Oct 2020 11:11:35 GMT\", \"fn-call-id\": \"01EMNZAH461BT0H4GZJ000VNEQ\", \"fn-deadline\": \"2020-10-15T11:12:05Z\", \"accept\": \"*/*\", \"cdn-loop\": \"v3pC1JgjsYAdqr6Qp6ZcMg\", \"forwarded\": \"for=192.168.0.21\", \"x-forwarded-for\": \"192.168.0.21\", \"x-myheader1\": \"headerValue\", \"x-real-ip\": \"192.168.0.21\", \"fn-http-method\": \"GET\", \"fn-http-request-url\": \"/V2/display-httprequest-info\", \"fn-intent\": \"httprequest\", \"fn-invoke-type\": \"sync\", \"oci-subject-id\": \"ocid1.apigateway.oc1.region-1.abcdef\", \"oci-subject-tenancy-id\": \"ocid1.tenancy.oc1..abcdef1234\", \"oci-subject-type\": \"resource\", \"opc-request-id\": \"/ABCDEF1122F08CD72BCDF9568DA7CC8B/01EMNZAH451BT0H4GZJ000VNEP\", \"x-content-sha256\": \"47DEQpj8HBSa+/TImW+123009abc=\", \"accept-encoding\": \"gzip\"}", "requestId": "/ABCDEF1122F08CD72BCDF9568DA7CC8B/01EMNZAH451BT0H4GZJ000VNEP", "src": "STDERR" }, "id": "ceae7406-f7ba-43c4-ac12-1234", "oracle": { "compartmentid": "ocid1.compartment.oc1..12345abcdef", "ingestedtime": "2020-10-15T11:11:35.802Z", "loggroupid": "ocid1.loggroup.oci1.region-1.22222abcdef", "logid": "ocid1.log.oci1.region-1.12345abcdef", "tenantid": "ocid1.tenancy.oc1..abcdef1234" }, "source": "HTTP-REQUEST", "specversion": "1.0", "subject": "http-request", "time": "2020-10-15T11:11:35.000Z", "type": "function message type" }
OCI Events Log Format
Parser name: oci_events_logtype
Example Content:
{ "data": { "eventId": "0d06215a-e51b-3616-93c6-123456789abc", "message": "Event delivered successfully", "ruleId": "ocid1.eventrule.oc1.abc.abcdef12345678901234567891234567812345678", "target": "ocid1.stream.oc1.def.abcdef12345678901234567891234567812345698" }, "id": "9c3cb4e7-e664-4bc7-a7c7-111223344", "oracle": { "compartmentid": "ocid1.compartment.abc.1111111111111111111111111111111111122222222222", "ingestedtime": "2020-09-22T03:03:04.749Z", "loggroupid": "ocid1.loggroup.oc1.iad.abcdef12345678901234567891234567812345677", "logid": "ocid1.log.oc1.ghi.abcdef12345678901234567891234567812345678", "tenantid": "ocid1.tenancy.oc1..aaaaaabcdef12345678901234567891234567812345666" }, "source": "Stream Create Object events from log bucket to log stream", "specversion": "1.0", "time": "2020-09-22T03:02:54.000Z", "type": "com.oraclecloud.eventsservice.eventrule.ruleexecutionlog" }
OCI Object Storage Access Log Format
Parser name: oci_objectstorage_access_logtype
Example Content:
{ "data": { "apiType": "native", "authenticationType": "instance", "bucketCreator": "Unknown", "bucketId": "ocid1.bucket.oc1.abc.abcdef123456789", "bucketName": "log", "clientIpAddress": "192.0.2.1", "compartmentId": "ocid1.compartment.oc1..abcdefg1234568888", "compartmentName": "compartment_name", "credentials": "abcdef123456789abcdef", "eTag": "45385429-904b-4db1-866e-123", "endTime": "2020-09-29T20:02:31.811Z", "isPar": false, "message": "Object retrieved.", "namespaceName": "namespace_value", "objectName": "object_name", "opcRequestId": "iad-1:x-uGtXG5Wdk3abc", "principalId": "ocid1.instance.oc1.12345", "principalName": "UnknownPrincipal", "region": "us-region-1", "requestAction": "GET", "requestResourcePath": "/n/namespace_value/b/log/o/object_name", "startTime": "2020-09-29T20:02:31.787Z", "statusCode": 200, "tenantId": "ocid1.tenancy.oc1..6w4ohcbz7otxxy6kd", "tenantName": "loganprod", "userAgent": "Oracle-JavaSDK/1.19.3 (Linux/4.14.35-1902.305.4.el7uek.x86_64; Java/1.8.0_251; Java HotSpot(TM) 64-Bit GraalVM EE 19.3.2/25.251-b08-jvmci-20.1-b02-dev)", "vcnId": "477016" }, "id": "20919d7c-2d6d-401a-9858-123", "oracle": { "compartmentid": "ocid1.compartment.oc1..lxenat5opur", "ingestedtime": "2020-09-29T20:02:37.678Z", "loggroupid": "ocid1.loggroup.oc1.gmsmd5c7qmebnsyx7dm", "logid": "ocid1.log.oc1.iz6lu3innhmdyb6aiamaaaaa", "tenantid": "ocid1.tenancy.oc1..1234" }, "source": "log", "specversion": "1.0", "subject": "subject value", "time": "2020-09-29T20:02:31.811Z", "type": "com.oraclecloud.objectstorage.getobject" }
OCI API Gateway Access Log Format
Parser name: oci_api_gw_access_logtype
Example Content:
{ "data": { "bodyBytesSent": 22, "gatewayId": "ocid1.apigateway.oc1.region-1-ocidddddddd", "httpUserAgent": "curl/7.29.0", "message": "GET /V1/weather HTTP/1.1", "opcRequestId": "/12345B88C07D061F8221193082B12345/12345801AEDEEF3BE80938595EEABCDE", "remoteAddr": "192.0.2.1", "requestDuration": 0.161, "requestMethod": "GET", "requestUri": "/V1/weather", "serverProtocol": "HTTP/1.1", "status": 200 }, "id": "571aab5c-f9a9-11ea-a9a1-ABC1234", "oracle": { "compartmentid": "ocid1.compartment.oc1..ABC1234OCID", "ingestedtime": "2020-09-18T12:21:29.526Z", "loggroupid": "ocid1.loggroup.oc1.region-1.12345ABC1234OCID", "logid": "ocid1.log.oc1.region-1.AAAABBBB", "tenantid": "ocid1.tenancy.oc1..AAA11223344" }, "source": "Weather", "specversion": "1.0", "time": "2020-09-18T12:20:29.000Z", "type": "com.oraclecloud.apigateway.apideployment.access" }
OCI API Gateway Execution Log Format
Parser name: oci_api_gw_exec_logtype
Example Content:
{ "data": { "code": "httpBackend.requestSent", "functionId":"ocid1.fnfunc.oc1.region-1.123456", "gatewayId": "ocid1.apigateway.oc1.region-1.AAA11223355", "level": "INFO", "message": "Sending request to upstream", "opcRequestId": "/0431C52F31E68CE19AD638AAE1B05854/F6D390655FD11520B8566BF5046284CE" }, "id": "cb851077-f9a8-11ea-a9a1-ABC1234", "oracle": { "compartmentid": "ocid1.compartment.oc1..ABC1234OCID", "ingestedtime": "2020-09-18T12:17:28.699Z", "loggroupid": "ocid1.loggroup.oc1.region-1.12345ABC1234OCID", "logid": "ocid1.log.oc1.region-1.AAA11223356", "tenantid": "ocid1.tenancy.oc1..AAA11223344" }, "source": "Weather", "specversion": "1.0", "time": "2020-09-18T12:16:35.000Z", "type": "com.oraclecloud.apigateway.apideployment.execution" }
OCI Unified Schema Log Format
Parser name: oci_unifiedschema_logtype
Example Content:
{ "data": { }, "id": "571aab5c-f9a9-11ea-a9a1-ABC1234", "oracle": { "compartmentid": "ocid1.compartment.oc1..ABC1234OCID", "ingestedtime": "2020-09-18T12:21:29.526Z", "loggroupid": "ocid1.loggroup.oc1.region-1.12345ABC1234OCID", "logid": "ocid1.log.oc1.region-1.AAAABBBB", "tenantid": "ocid1.tenancy.oc1..AAA11223344" }, "source": "message source", "specversion": "1.0", "time": "2020-09-18T12:20:29.000Z", "type": "message type" }
OCI VCN Flow Unified Schema Format
Parser name: oci_vcn_flow_unifmt_logtype
Example Content:
{ "data": { "action": "ACCEPT", "bytesOut": 4843, "destinationAddress": "192.0.2.11", "destinationPort": 443, "endTime": 1601204026, "flowid": "27f8550a", "packets": 15, "protocol": 6, "protocolName": "TCP", "sourceAddress": "192.0.2.1", "sourcePort": 46660, "startTime": 1601204026, "status": "OK", "version": "2" }, "id": "409971d6", "oracle": { "compartmentid": "ocid1.compartment.oc1..aaaaaaaaenufxomtrgajc", "ingestedtime": "2020-09-27T10:54:41.449Z", "loggroupid": "ocid1.loggroup.oc1.iad.amaaaaaamdyb6aia4clhgcw", "logid": "ocid1.log.oc1.iad.amaaaaaamdyb6aiaon3xwya2hcrsdnn", "tenantid": "ocid1.tenancy.oc1..aaaaaaaau6w4ohcbz7otxxy6kdtk", "vniccompartmentocid": "ocid1.compartment.oc1..aaaaaaaaywgrjl", "vnicocid": "ocid1.vnic.oc1.iad.abuwcljtw", "vnicsubnetocid": "ocid1.subnet.oc1.iad.aaaaaaaaz" }, "source": "ocid1.subnet.oc1.iad.aaaaaaaaz", "specversion": "1.0", "subject": "ocid1.vnic.oc1.iad.abuwcljtw", "time": "2020-09-27T10:53:46.000Z", "type": "com.oraclecloud.vcn.flowlogs.DataEvent" }
OCI Audit Unified Schema Format
Parser name: oci_audit_unifmt_logtype
Example Content:
{ "data": { "additionalDetails": { "X-Real-Port": 60760 }, "availabilityDomain": "AD1", "compartmentId": "ocid1.tenancy.uniqueId", "compartmentName": "emdemo", "definedTags": null, "eventGroupingId": "eventGroupingId", "eventName": "ParseQuery", "freeformTags": null, "identity": { "authType": "fed", "callerId": null, "callerName": null, "consoleSessionId": "consoleSessionId", "credentials": "***", "ipAddress": "203.0.113.1", "principalId": "ocid1.saml2idp.uniqueId", "principalName": "principalName", "tenantId": "ocid1.tenancy.uniqueId", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36" }, "message": "ParseQuery succeeded", "request": { "action": "POST", "headers": { "Accept": [ "*/*" ], "Accept-Encoding": [ "gzip, deflate, br" ], "Accept-Language": [ "en" ], "Authorization": [ "Signature ***" ], "Connection": [ "keep-alive" ], "Content-Length": [ "273" ], "Content-Type": [ "application/json" ], "Origin": [ "https://cloud.oracle.com" ], "Referer": [ "https://cloud.oracle.com/" ], "Sec-Fetch-Dest": [ "empty" ], "Sec-Fetch-Mode": [ "cors" ], "Sec-Fetch-Site": [ "cross-site" ], "User-Agent": [ "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36" ], "opc-request-id": [ "opc-request-id" ], "sec-ch-ua": [ "\"Not.A/Brand\";v=\"8\", \"Chromium\";v=\"114\", \"Google Chrome\";v=\"114\"" ], "sec-ch-ua-mobile": [ "?0" ], "sec-ch-ua-platform": [ "\"macOS\"" ], "x-content-sha256": [ "sha256" ], "x-date": [ "Fri, 23 Jun 2023 03:25:56 GMT" ] }, "id": "id", "parameters": {}, "path": "/20200601/namespaces/resource/search/actions/parse" }, "resourceId": "resource", "response": { "headers": { "Access-Control-Allow-Credentials": [ "true" ], "Access-Control-Allow-Origin": [ "https://cloud.oracle.com" ], "Access-Control-Expose-Headers": [ "opc-previous-page,opc-next-page,opc-client-info,ETag,opc-total-items,opc-request-id,Location" ], "Content-Length": [ "2407" ], "Content-Type": [ "application/json" ], "Date": [ "Fri, 23 Jun 2023 03:25:57 GMT" ], "Timing-Allow-Origin": [ "https://cloud.oracle.com" ], "Vary": [ "Origin" ], "X-Content-Type-Options": [ "nosniff" ], "X-Frame-Options": [ "SAMEORIGIN" ], "opc-request-id": [ "opc-request-id" ] }, "message": null, "payload": {}, "responseTime": "2023-06-23T03:25:57.342Z", "status": "200" }, "stateChange": { "current": { "columns": [ { "displayName": "Log Source", "internalName": "msrcid", "isCaseSensitive": false, "isEvaluable": true, "isGroupable": true, "isListOfValues": true, "isMultiValued": false, "subSystem": "LOG", "type": "COLUMN", "valueType": "STRING" }, { "displayName": "Type", "internalName": "type", "isCaseSensitive": false, "isEvaluable": true, "isGroupable": true, "isListOfValues": false, "isMultiValued": false, "subSystem": "LOG", "type": "COLUMN", "valueType": "STRING" } ], "commands": [ { "category": "FILTER", "displayQueryString": "'Log Source' = 'OCI Audit Logs' and Type like '%logginganalytics%' and Type = com.oraclecloud.logginganalytics.query", "internalQueryString": "log.msrcid = omc_ociAuditLogSource and log.type like '%logginganalytics%' and log.type = com.oraclecloud.logginganalytics.query", "isHidden": false, "name": "SEARCH", "referencedFields": [ { "displayName": "Log Source", "internalName": "msrcid", "isGroupable": true, "name": "FIELD", "originalDisplayNames": [ "Log Source" ], "valueType": "STRING" }, { "displayName": "Type", "internalName": "type", "isGroupable": true, "name": "FIELD", "originalDisplayNames": [ "Type" ], "valueType": "STRING" } ], "subQueries": [] }, { "category": "FILTER", "displayQueryString": "clusterdetails collection = 'dummyId' on h[1:0],u[dummyId2]", "internalQueryString": "clusterdetails collection = 'dummyId' on h[1:0],u[dummyId2]", "isHidden": false, "name": "CLUSTER_DETAILS" } ], "displayQueryString": "'Log Source' = 'OCI Audit Logs' and Type like '%logginganalytics%' and Type = com.oraclecloud.logginganalytics.query | clusterdetails collection = 'dummyId' on h[1:0],u[dummyId2]", "internalQueryString": "log.msrcid = omc_ociAuditLogSource and log.type like '%logginganalytics%' and log.type = com.oraclecloud.logginganalytics.query | clusterdetails collection = 'dummyId' on h[1:0],u[dummyId2]", "responseTimeInMs": 1 }, "previous": {} } }, "dataschema": "2.0", "id": "id", "oracle": { "compartmentid": "ocid1.tenancy.uniqueId", "ingestedtime": "2023-06-23T03:26:02.913Z", "loggroupid": "_Audit", "tenantid": "ocid1.tenancy.uniqueId" }, "source": "", "specversion": "1.0", "time": "2023-06-23T03:25:57.342Z", "type": "com.oraclecloud.LoggingAnalytics.ParseQuery" } { "data": { "additionalDetails": null, "availabilityDomain": "AD3", "compartmentId": "ocid1.tenancy.oc1..aaaaaaaaa", "compartmentName": "ociateam", "definedTags": null, "eventGroupingId": null, "eventName": "ListCompartments", "freeformTags": null, "identity": { "authType": "natv", "callerId": "loganalytics/C5C0E55526E263A3F9111111111111", "callerName": "loganalytics", "consoleSessionId": null, "credentials": "***", "ipAddress": "192.0.2.1,198.51.100.1", "principalId": "ocid1.user.oc1..aaaaaaaaea", "principalName": "Admin User", "tenantId": "ocid1.tenancy.oc1..aaaaaaaaa", "userAgent": "Oracle-JavaSDK/2.66.0 (Linux/4.14.35-2047.529.3.2.el7uek.x86_64; Java/17.0.8; Java HotSpot(TM) 64-Bit Server VM/17.0.8+9-LTS-jvmci-21.3-b32)" }, "message": "ListCompartments succeeded", "request": { "action": "GET", "headers": { "Accept": [ "application/json" ], "Connection": [ "keep-alive" ], "Date": [ "Thu, 26 Oct 2023 20:57:00 GMT" ], "User-Agent": [ "Oracle-JavaSDK/2.66.0 (Linux/4.14.35-2047.529.3.2.el7uek.x86_64; Java/17.0.8; Java HotSpot(TM) 64-Bit Server VM/17.0.8+9-LTS-jvmci-21.3-b32)" ], "X-Forwarded-For": [ "192.0.2.254,198.51.100.254" ], "X-OCI-LB-NetworkMetadata": [ "{\"originalConnection\":{\"sourceIp\":\"192.0.2.84\",\"sourcePort\":57470,\"destinationIp\":\"192.0.2.12\",\"destinationPort\":443,\"protocol\":\"https\"},\"paResourceConnection\":{\"sourceIp\":\"192.0.2.19\",\"sourcePort\":57470,\"destinationIp\":\"192.0.2.12\",\"destinationPort\":443},\"paResource\":{\"ocid\":\"\",\"vcnOcid\":\"ocid1.vcn.oc1.iad.aaaaaaamdyb6aq\"}}" ], "X-OCI-LB-PrivateAccessMetadata": [ "eyJvcmlnaW5hbENvbm5lAAAAAAAAAAAAAAAAAAAAAA=" ], "X-Real-IP": [ "203.0.113.84" ], "X-Real-Port": [ "57470" ], "oci-original-host": [ "identity.us-ashburn-1.oci.oraclecloud.com" ], "oci-original-url": [ "https://identity.us-ashburn-1.oci.oraclecloud.com/20160918/compartments" ], "oci-splat-audited": [ "true" ], "oci-splat-service-operation-id": [ "compartments.ListCompartments" ], "opc-client-info": [ "Oracle-JavaSDK/2.66.0" ], "opc-obo-principal": [ "{\"tenantId\":\"ocid1.tenancy.oc1..aaaaaaaaa\",\"subjectId\":\"ocid1.user.oc1..aaaaaaaaea\",\"claims\":[{\"key\":\"pstype\",\"value\":\"natv\",\"issuer\":\"authService.oracle.com\"},{\"key\":\"chain\",\"value\":\"\",\"issuer\":\"authService.oracle.com\"},{\"key\":\"tgt\",\"value\":\"ocid1.tenancy.oc1..aaaaaaaaa\",\"issuer\":\"authService.oracle.com\"},{\"key\":\"tgts\",\"value\":\"[\\\"ocid1.tenancy.oc1..aaaaaaaaa\\\"]\",\"issuer\":\"authService.oracle.com\"},{\"key\":\"name-chain\",\"value\":\"\",\"issuer\":\"authService.oracle.com\"},{\"key\":\"mfa_verified\",\"value\":\"true\",\"issuer\":\"authService.oracle.com\"},{\"key\":\"ptype\",\"value\":\"user\",\"issuer\":\"authService.oracle.com\"},{\"key\":\"ttype\",\"value\":\"obo\",\"issuer\":\"authService.oracle.com\"},{\"key\":\"tgt_name\",\"value\":\"identity\",\"issuer\":\"authService.oracle.com\"},{\"key\":\"own\",\"value\":\"ocid1.tenancy.oc1..aaaaaaaaa\",\"issuer\":\"authService.oracle.com\"},{\"key\":\"tgt_names\",\"value\":\"[\\\"identity\\\"]\",\"issuer\":\"authService.oracle.com\"}]}" ], "opc-principal": [ "{\"tenantId\":\"ocid1.tenancy.oc1..aaaaaaaaa\",\"subjectId\":\"loganalytics/C5C0E55526AAAA\",\"claims\":[{\"key\":\"opc-instance\",\"value\":\"ocid1.instance.oc1.iad.aaaaaaaa\",\"issuer\":\"authService.oracle.com\"},{\"key\":\"h_date\",\"value\":\"Thu, 26 Oct 2023 20:57:00 GMT\",\"issuer\":\"h\"},{\"key\":\"h_host\",\"value\":\"identity.us-ashburn-1.oci.oraclecloud.com\",\"issuer\":\"h\"},{\"key\":\"svcHostingTenantId\",\"value\":\"ocid1.tenancy.oc1..aaaaaaaaa\",\"issuer\":\"authService.oracle.com\"},{\"key\":\"ttype\",\"value\":\"x509\",\"issuer\":\"authService.oracle.com\"},{\"key\":\"ptype\",\"value\":\"service\",\"issuer\":\"authService.oracle.com\"},{\"key\":\"h_opc-obo-token\",\"value\":\"DUMMY\",\"issuer\":\"h\"},{\"key\":\"authorization\",\"value\":\"Signature ***\",keyId=\\\"DUMMY\\\",algorithm=\\\"rsa-sha256\\\",signature=\\\"*****\\\",version=\\\"1\\\"\",\"issuer\":\"h\"},{\"key\":\"svc\",\"value\":\"loganalytics\",\"issuer\":\"authService.oracle.com\"},{\"key\":\"is_svc\",\"value\":\"true\",\"issuer\":\"authService.oracle.com\"},{\"key\":\"opc-tenant\",\"value\":\"ocid1.tenancy.oc1..aaaaaaaaa\",\"issuer\":\"authService.oracle.com\"},{\"key\":\"opc-compartment\",\"value\":\"ocid1.compartment.oc1..aaaaaaaa\",\"issuer\":\"authService.oracle.com\"},{\"key\":\"h_(request-target)\",\"value\":\"get /20160918/compartments?compartmentId=ocid1.tenancy.oc1..aaaaaaaaa;page=AFUWCLJTAAAAAAAA&limit=1000&accessLevel=ACCESSIBLE&compartmentIdInSubtree=true\",\"issuer\":\"h\"},{\"key\":\"opc-certtype\",\"value\":\"instance\",\"issuer\":\"authService.oracle.com\"},{\"key\":\"fprint\",\"value\":\"C5:C0:77\",\"issuer\":\"authService.oracle.com\"}]}" ], "opc-request-id": [ "74298AAAAAAAAAAAAAAA" ] }, "id": "74298AAAAAAAAAAAAAAAAA", "parameters": { "accessLevel": [ "ACCESSIBLE" ], "compartmentId": [ "ocid1.tenancy.oc1..aaaaaaaaa" ], "compartmentIdInSubtree": [ "true" ], "limit": [ "1" ], "page": [ "AAAAAAAAAAJleUpyYVdRaU9pSXpOek13SWtiMzJVR0E=" ] }, "path": "/20160918/compartments" }, "resourceId": null, "response": { "headers": { "Cache-Control": [ "no-cache, no-store, must-revalidate" ], "Content-Length": [ "784" ], "Content-Type": [ "application/json" ], "Date": [ "Thu, 26 Oct 2023 20:57:00 GMT" ], "Pragma": [ "no-cache" ], "opc-limit": [ "1" ], "opc-next-page": [ "AAAAAAAAAAJleUpyYVdRaU9pSXpOek13SWl3aVpXNWpJam9pUVRJhZnc=" ], "opc-request-id": [ "742986C36DC6/7A39F697849/87DC14D30B3055B7" ] }, "message": null, "payload": null, "responseTime": "2023-10-26T20:57:00.394Z", "status": "200" }, "stateChange": { "current": null, "previous": null } }, "dataschema": "2.0", "id": "f132bf7a-c3d5-4cdb-b3e4-42344b73d48a", "oracle": { "compartmentid": "ocid1.tenancy.oc1..aaaaaaaaa", "ingestedtime": "2023-10-26T20:57:09.668Z", "loggroupid": "_Audit", "tenantid": "ocid1.tenancy.oc1..aaaaaaaaa" }, "source": "", "specversion": "1.0", "time": "2023-10-26T20:57:00.379Z", "type": "com.oraclecloud.Compartments.ListCompartments" } { "data": { "additionalDetails": { "bucketName": "testBucket", "namespace": "NAMESPACE" }, "availabilityDomain": "PHX-AD-2", "compartmentId": "ocid1.tenancy.oc1..aaaaaaaaa", "compartmentName": "logantest1", "definedTags": {}, "eventGroupingId": "phx-1:WRk50BSDAZ", "eventName": "GetBucket", "freeformTags": {}, "identity": { "authType": "natv", "callerId": null, "callerName": null, "consoleSessionId": null, "credentials": "***", "ipAddress": "192.0.2.16", "principalId": "ocid1.user.oc1..aaaaaaaa", "principalName": "manageUser", "tenantId": "ocid1.tenancy.oc1..aaaaaaaaa", "userAgent": "Apache-HttpClient/4.5.8 (Java/1.8.0_381)" }, "message": "Bucket details retrieved.", "request": { "action": "GET", "headers": { "Accept": [ "application/json" ], "Accept-Encoding": [ "gzip,deflate" ], "Authorization": [ "Signature ***" ], "Connection": [ "Keep-Alive" ], "User-Agent": [ "Apache-HttpClient/4.5.8 (Java/1.8.0_381)" ], "date": [ "Thu, 14 Dec 2023 17:59:28 GMT" ], "host": [ "objectstorage.us-phoenix-1.oraclecloud.com" ] }, "id": "phx-1:WRk50BSDAZ", "parameters": { "fields": [ "approximateCount,approximateSize" ], "param0": [ "NAMESPACE" ], "param1": [ "testBucket" ] }, "path": "/n/NAMESPACE/b/testBucket/?fields=approximateCount%2CapproximateSize" }, "resourceId": "/n/NAMESPACE/b/testBucket/?fields=approximateCount%2CapproximateSize", "response": { "headers": { "Content-Length": [ "827" ], "Content-Type": [ "application/json" ], "access-control-allow-credentials": [ "true" ], "access-control-allow-methods": [ "POST,PUT,GET,HEAD,DELETE,OPTIONS" ], "access-control-allow-origin": [ "*" ], "access-control-expose-headers": [ "access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,cache-control,content-length,content-type,date,etag,opc-client-info,opc-request-id,x-api-id" ], "cache-control": [ "no-store" ], "date": [ "Thu, 14 Dec 2023 17:59:28 GMT" ], "etag": [ "b863c403-7b12-4e49-94ca-5555555555AAAA" ], "opc-request-id": [ "phx-1:WRk50BSDAZ" ], "x-api-id": [ "native" ] }, "message": null, "payload": { "id": "/n/NAMESPACE/b/testBucket/?fields=approximateCount%2CapproximateSize", "resourceName": "/n/NAMESPACE/b/testBucket/?fields=approximateCount%2CapproximateSize" }, "responseTime": "2023-12-14T17:59:28.169Z", "status": "200" }, "stateChange": null }, "dataschema": "2.0", "id": "b60d4c03-3d70-2e32-f9cf-13b9d87d0a24", "oracle": { "compartmentid": "ocid1.tenancy.oc1..aaaaaaaaa", "ingestedtime": "2023-12-14T17:59:32.486Z", "loggroupid": "_Audit", "tenantid": "ocid1.tenancy.oc1..aaaaaaaaa" }, "source": "testBucket", "specversion": "1.0", "time": "2023-12-14T17:59:28.169Z", "type": "com.oraclecloud.objectstorage.getbucket" } { "data": { "additionalDetails": { "actorDisplayName": "Test User6", "actorOcid": "bbbbbbbbbbbbbbbbbbbbbbbbbb", "actorType": "User", "resourceType": "AppRole", "adminRefResourceName": "G", "adminRefResourceType": "User", "adminResourceType": "User", "test": "test", "adminAppRoleAppName": "AUTOANALYTICS", "adminResourceName": "AUTONOMOUS_ANALYTICS_ServiceAdministrator", "clientIp": "192.0.2.2", "domainId": "ocid1.domain.oc1..aaa", "domainName": "idcs-123", "auditEventMapValue": "{\"schemas\"}", "domainDisplayName": "Default", "eventId": "sso.session.create.success", "hostIp": "198.51.100.18", "hostName": "idcs-sso-56d", "message": "Session create success", "rId": "0:1:6:14", "ecId": "vm4Cr1w^j00000000", "reasonValue": "", "ssoApplicationId": "LoginClient_APPID", "ssoApplicationName": "IAM LoginClient", "ssoApplicationType": "APP", "ssoBrowser": "Firefox", "ssoCSR": "false", "ssoComments": "Session create success", "ssoCompletedFactors": "{USERNAME_PASSWORD=AUTH_SUCCESS}", "ssoIdentityProvider": "UserNamePassword", "ssoIdentityProviderType": "LOCAL", "ssoLocalIp": "192.0.2.1", "ssoMatchedSignOnPolicy": "DefaultSignOnPolicy", "ssoMatchedSignOnPolicyName": "Default Sign-On Policy", "ssoMatchedSignOnRule": "DefaultSignOnRule", "ssoMatchedSignOnRuleName": "Default Sign-On Rule", "ssoPlatform": "Mac OS X", "ssoPolicyObligations": "effect:ALLOW,authenticationFactor:IDP,allowUserToSkip2FAEnrolment:false,2FAFrequency:SESSION,reAuthenticate:false,trustedDevice2FAFrequency:", "ssoProtectedResource": "https://cloud.oracle.com", "ssoRp": "LoginClient_APPID", "ssoSessionCreateTime": "2022-03-09T17:18:33Z", "ssoSessionExpiryTime": "2022-03-10T01:18:33Z", "ssoSessionId": "61142895dd5b4d", "ssoUserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:97.0) Gecko/20100101 Firefox/97.0", "idcsCreatedBy": { "value": "0f7f60294be042b" }, "idcsLastModifiedBy": { "value": "0f7f60294be" }, "adminValuesAdded": { "authenticationFactors": [ { "status": "ENROLLED", "type": "TOTP" }, { "publicKey": "DUMMY", "status": "INPROGRESS", "type": "PUSH" } ] } }, "availabilityDomain": "AD3", "compartmentId": "ocid1.tenancy.oc1..aaaaa", "compartmentName": "cc", "definedTags": null, "eventGroupingId": null, "eventName": "InteractiveLogin", "freeformTags": null, "identity": { "authType": null, "callerId": null, "callerName": null, "consoleSessionId": null, "credentials": null, "ipAddress": "192.0.2.64", "principalId": null, "principalName": "gstest6", "tenantId": "ocid1.tenancy.oc1..aa", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:97.0) Gecko/20100101 Firefox/97.0" }, "message": " InteractiveLogin succeeded", "request": { "action": null, "headers": null, "id": "DWsez1ESf10000000", "parameters": null, "path": null }, "resourceId": null, "response": { "headers": null, "message": null, "payload": null, "responseTime": "2022-03-09T17:18:33.983Z", "status": null }, "stateChange": { "current": null, "previous": null } }, "dataschema": "2.0", "id": "fd380a65-c887-4d48-8a52-c405c0c96bc4", "oracle": { "compartmentid": "ocid1.tenancy.oc1..aaaaa", "ingestedtime": "2022-03-09T17:18:38.743Z", "loggroupid": "_Audit", "tenantid": "ocid1.tenancy.oc1..aaaa" }, "source": "", "specversion": "1.0", "time": "2022-03-09T17:18:33.983Z", "type": "com.oraclecloud.IdentitySignOn.InteractiveLogin" }
OCI Audit Log Format
Parser name: omc_oci_audit_logtype
Example Content:
{ "tenantId":"ocid1.tenancy.oc1..aaaaaaaagABCDEFGHKUYGASDGADDGADAGADGDAGJDAGGDjiujvy2hjgxvabc", "compartmentId":"ocid1.tenancy.oc1..aaaaaaaauAADBCISHGDKUHAFFFFFFFFFDDDDDDDDDDDDxjlcnunxo2hbsixyz", "compartmentName":"mycompname", "eventId":"762d978e-f995-4208-93cf-af0e97bca529", "eventName":"GetCapabilities", "eventSource":"Compartments", "eventType":"ServiceAPI", "eventTime":"2019-09-25T15:38:48.784Z", "principalId":"ocid1.user.oc1..aaaaaaaaabcdefghiklm6hh2fv4szofhnz62nkzdvtalajs3nzvrmcdxyza", "credentialId":"ST$ABCDEFGHIJKLM3dfb2MxXzIwMTktMDRABCDEFGHIJKLMOiJSUzI1NiJ9eyJzd-p-9SFwuT86c-M5QC8gDZfMJ6u2Wwuu6eb91U7J3xVZdxRIHiloz20wm3JoGww7Q0YwpwV4Zyrub0c0UrW_xyzKLJYBAADYLBD", "requestAction":"GET", "requestId":"34d8ed99-e62c-4425-96d3-118ea684/1232AD2DD02E066E005B4A35F8B931E8/17BB11E992A4D540996942C24175C3A1", "requestAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36", "requestHeaders":{ "Origin":[ "https://console.us-ashburn-1.oraclecloud.com" ], "Accept":[ "*/*" ], "X-Forwarded-Proto":[ "http" ], "X-Forwarded-Host":[ "identity.us-phoenix-1.oraclecloud.com:80" ], "User-Agent":[ "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36" ], "Referer":[ "https://console.us-ashburn-1.oraclecloud.com/a/identity/users/ocid1.user.oc1..aaaaaaaabfABCDEFGHIJKLMN123456789nz62nkzdvtalajs3nzvrmcdqhvq" ], "Sec-Fetch-Site":[ "same-site" ], "Accept-Encoding":[ "gzip, deflate, br" ], "X-Forwarded-Port":[ "80" ], "x-date":[ "Wed, 25 Sep 2019 15:38:48 GMT" ], "Sec-Fetch-Mode":[ "cors" ], "Authorization":[ "Signature keyId=\"ST$eyJraWQiOiJhABNCDEFILUYADLBDUYDADjciLCJhbGciOiJIj.E-p-EE0FzMWBsv_sixzmzbxuasdKJFYKVBLjkPLzH-9SFwuT86c-M5QC8gDZfMJ6u2WwuuasdklhdanaABCDEFGHloz20wm3JoGww7Q0YwpwV4ajsfdkavkdgkbjdVVVVVVVaasdadw\",version=\"1\",algorithm=\"rsa-sha256\",headers=\"(request-target) host x-date\",signature=\"*****\"" ], "Opc-Request-Id":[ "34d8ed99-e62c-4425-96d3-118ea6844100" ], "X-Forwarded-For":[ "192.0.2.19, 192.0.2.1" ], "Accept-Language":[ "en-US,en;q=0.9,fr;q=0.8" ], "Opc-Client-Info":[ "Oracle-HgConsole/0.0.1" ], "X-Real-IP":[ "192.0.2.1" ], "oci-original-url":[ "http://identity.us-phoenix-1.oraclecloud.com/20160918/compartments/ocid1.tenancy.oc1..aaaaaaaauj75yrhgABCJKFKALBSDYADTVKDA6e5c7nxlxjlcnAJDGDJAHGDA/capabilities" ] }, "requestOrigin":"192.0.2.11", "requestResource":"/20160918/compartments/ocid1.tenancy.oc1..aaaaaaaauj7JAHGDVKADUGashgajssJHGJKDKVSJYTDSVKUDTKSYTSKbs6ca/capabilities", "responseHeaders":{ "Access-Control-Expose-Headers":[ "opc-previous-page,opc-next-page,opc-client-info,ETag,opc-total-items,opc-request-id,Location" ], "Cache-Control":[ "no-cache, no-store, must-revalidate" ], "Access-Control-Allow-Origin":[ "https://console.us-ashburn-1.oraclecloud.com" ], "Access-Control-Allow-Credentials":[ "true" ], "Vary":[ "Origin" ], "Pragma":[ "no-cache" ], "opc-request-id":[ "34d8ed99-e62c-4425-96d3-118ea684/1232ADABCJASHSDGAS234523234231E8/JADFVADTDATDAD40996942C24175C3A1" ], "Date":[ "Wed, 25 Sep 2019 15:38:48 GMT" ], "Content-Type":[ "application/json" ] }, "responseStatus":"200", "responseTime":"2019-09-25T15:38:48.851Z", "responsePayload":{ "resourceName":"logandev", "id":"ocid1.tenancy.oc1..aaaaaaaauj7RABCDEFGHxktbikwiqtywqdqbbbbbbaaaaaaaaanxo2hbs6ca" }, "userName":"user100" }
OCI Audit Log Format v2
Parser name: omc_oci_audit_logtype_v2
Example Content:
{ "eventType":"com.oraclecloud.virtualNetwork.CreateVcn", "cloudEventsVersion":"0.1", "eventTypeVersion":"2.0", "source":"virtualNetwork", "eventId":"1fd6329b-6e11-40a5-bb48-b4db04cce956", "eventTime":"2019-12-08T03:08:53.799Z", "contentType":"application/json", "data":{ "eventGroupingId":"csid0234d20c41bcafe8ae4426aa5e56/6c9d69d339e8464598b2d7", "eventName":"CreateVcn", "compartmentId":"ocid1.compartment.oc1..aaaaaaaa2bhu3kzsu5jhmsstbf4olwmd", "compartmentName":"storage", "availabilityDomain":"AD", "identity":{ "principalName":"user1", "principalId":"ocid1.user.oc1..aaaaaaaa36xdrbtaqilj7zqdkfotn2u53kq5a", "authType":"natf", "tenantId":"ocid1.tenancy.oc1..aaaaaaaagkbzgg6lpzrf47xzy4rjoxg4de6n", "credentials":"ABCDEF0123456789", "userAgent":"Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Firefox/68.0", "consoleSessionId":"ABCDEF34d20c41bcafe8ae4426aa5e56", "ipAddress":"192.0.2.1" }, "request":{ "id":"39e8464598b2d76e3dc9f256/E60985C6435ECBF85AAAABBBCCCCD020", "path":"/20160918/vcns", "action":"POST", "parameters":{ }, "headers":{ "Origin":[ "https://compute.plugins.oci.dummy.com" ], "Accept":[ "*/*" ], "User-Agent":[ "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Firefox/68.0" ], "Referer":[ "https://compute.plugins.oci.dummy.com/compute/instances/create" ], "Connection":[ "keep-alive" ], "Accept-Encoding":[ "gzip, deflate, br" ], "x-date":[ "Sun, 08 Dec 2019 03:08:53 GMT" ], "Authorization":[ "Signature keyId=\"ABCDEF0123456789-SZOT-By3-kG5Jgfbu2Zyw4Xq8va6TymkuoPw\",version=\"1\",headers=\"(request-target) host content-length content-type opc-request-id x-date\",signature=\"*****\"" ], "Accept-Language":[ "en-US,en;q=0.5" ], "Content-Length":[ "231" ], "opc-request-id":[ "ABCDEF0123456789339e8464598b2d76e3dc9f256" ], "Content-Type":[ "application/json" ] } }, "response":{ "status":"404", "responseTime":"2019-12-08T03:08:53.799Z", "headers":{ "Access-Control-Expose-Headers":[ "opc-previous-page,opc-next-page,opc-client-info,ETag,opc-work-request-id,opc-total-items,opc-request-id,Location" ], "Access-Control-Allow-Origin":[ "https://compute.plugins.oci.oraclecloud.com" ], "Access-Control-Allow-Credentials":[ "true" ], "X-Content-Type-Options":[ "nosniff" ], "Connection":[ "keep-alive" ], "Content-Length":[ "111" ], "opc-request-id":[ "ABCDEF0123456789b2d76e3dc9f256/E60985C64112233333B2BA2CB7A8D020" ], "Date":[ "Sun, 08 Dec 2019 03:08:53 GMT" ], "Content-Type":[ "application/json" ] }, "message":"CreateVcn failed with response 'NotAuthorizedOrNotFound'" }, "stateChange":{ "previous": "previous state", "current": "current state" }, "additionalDetails":{ }, "internalDetails":{ } } }
OCI DevOps Log Format
Parser name: oci_devopslog_logtype
Example Content:
{ "specversion": "1.0", "type": "com.oraclecloud.devops.deployment", "source": "Project name", "subject": "ocid1.instance.oc1.region.uniqueID", "id": "e3002eaa-d717-472e-8474-d024943a0f27", "time": "2020-10-18T21:02:40.58Z", "oracle": { "logid": "ocid1.log.oc1.region.uniqueID", "loggroupid": "ocid1.loggroup.oc1.region.uniqueID", "tenantid": "ocid1.tenant.oc1.region.uniqueID", "compartmentid": "ocid1.compartment.oc1.region.uniqueID", "ingestedtime": "2020-10-18T21:02:40.58Z" }, "data": { "deploymentId": "ocid1.devopsdeployment.oc1.region.uniqueID", "deployPipelineId": "ocid1.devopsdeploypipeline.oc1.region.uniqueID", "deployStageId": "ocid1.devopsdeploystage.oc1.region.uniqueID", "message": "Manual Approval stage: Waiting for required approvals", "producer": "DEVOPS_SERVICE" } }
OCI DevOps Build Log Format
Parser name: oci_devopsbuild_logtype
Example Content:
{ "specversion": "1.0", "type": "com.oraclecloud.devops.build", "source": "project name", "subject": "ocid1.devopsbuildrun.oc1.region.uniqueID", "id": "27868e6f-b91d-4318-868e-6fb91d9318e9", "time": "2020-10-18T21:02:40.58Z", "oracle": { "logid": "ocid1.log.oc1.region.uniqueID", "loggroupid": "ocid1.loggroup.oc1.region.uniqueID", "tenantid": "ocid1.tenancy.oc1.uniqueID", "compartmentid": "ocid1.compartment.oc1.uniqueID", "ingestedtime": "2020-10-18T21:02:40.58Z" }, "data": { "buildPipelineId": "ocid1.devopsbuildpipeline.oc1.region.uniqueID", "buildRunId": "ocid1.devopsbuildrun.oc1.region.uniqueID", "buildStageId": "ocid1.devopsbuildpipelinestage.oc1.region.uniqueID", "message": "Starting BUILD_SPEC_EXECUTION", "producer": "DEVOPS_SERVICE" } }
OCI Email Delivery Log Format
Parser name: oci_emaildelivery_logtype
Example Content:
{ "specversion": "1.0", "type": "com.oraclecloud.emaildelivery.emaildomain.outboundrelayed", "source": "example.com", "time": "2021-02-20T09:01:40.000Z", "id": "2eefd817-0a53-4be0-990c-224708aff337", "oracle": { "logid": "ocid1.log.oc1.region.uniqueID" }, "data": { "action": "relay", "messageId": "12345", "sender": "support@example.com", "senderCompartmentId": "ocid1.compartment.oc1.region.uniqueID", "senderId": "ocid1.emailsender.oc1.region.uniqueID", "recipient": "user@example.com", "receivingDomain": "example.com", "sourceAddress": "192.0.2.10", "dkimSelector": "selector1", "messageSizeInKiB": 2, "recipientMailServer": "bmta.email.region.oraclecloud.com (198.51.100.1)", "internalProcessingDurationInMs": 20, "tlsCipher": "TLS_AES_128_GCM_SHA256", "sendingPoolName": "REGOCIVMTAs", "bounceCategory": "bad-mailbox", "bounceCode": "5.1.1", "reportGeneratedTime": "2021-02-24T22:50:22.123Z", "originalMessageAcceptedTime": "2021-02-23T22:50:22.123Z", "headers": { "X-Campaign-ID": "campaign1", "Recipient-Group-ID": "group1", "Sub-Account-ID": "account1" }, "errorType": "Authorization failure", "smtpStatus": "550 5.1.1 unknown or illegal alias: 974-4710-b440-52e9e1a70cb8-user@example.com", "message": "Email approved Body From address: support@example.com is not authorized or not found" } }
OCI Site-to-Site VPN Log Format
Parser name: oci_site2sitevpn_logtype
Example Content:
{ "data": { "message":" \"2062988354_1\": terminating SAs using this connection", "tunnelId":"ocid1.ipsectunnel.oc1.region.uniqueID" }, "id":"e3002eaa-d717-472e-8474-d024943a0f27", "oracle": { "compartmentid":"ocid1.compartment.oc1.region.uniqueID", "ingestedtime":"2021-02-18T18:22:01.453Z", "loggroupid":"ocid1.loggroup.oc1.region.uniqueID", "logid":"ocid1.log.oc1.region.uniqueID", "tenantid":"ocid1.tenancy.oc1.region..uniqueID" }, "source":"ocid1.ipsecconnection.oc1.region.uniqueID", "specversion":"1.0", "time":"2021-02-18T18:21:52.024Z", "type":"com.oraclecloud.vpn.ipseclog.read" }
OCI WAF Log Format
Parser name: oci_waf_logtype
Example Content:
{ "data": { "backendStatusCode": "200", "clientAddr": "192.0.2.150", "countryCode": "us", "host": "hostnamefoo", "listenerPort": "80", "request": { "httpVersion": "HTTP/1.1", "id": "685e4e2015eb0ebeea93123456789", "method": "GET", "path": "/?tst=KztAAU" }, "requestAccessControl": { "matchedRules": "block_test_host_url" }, "requestProtection": { "matchedData": "Matched Data: KztAAU found within ARGS:tst", "matchedIds": "944210_v001", "matchedRules": "Java_Code_Injection" }, "response": { "code": "401", "size": "303" }, "responseAccessControl": { "matchedRules": "1st_rule" }, "responseProtection": {}, "responseProvider": "requestProtection/Java_Code_Injection", "timestamp": "2021-09-29T15:52:47Z" }, "id": "5c328018-f7d1-45ac-8d66-af0ad919bd85-waf-342734", "oracle": { "compartmentid": "ocid1.compartment.oc1.region.uniqueId", "ingestedtime": "2021-09-29T15:52:53.764Z", "loggroupid": "ocid1.loggroup.oc1.region.uniqueId", "logid": "ocid1.log.oc1.region.uniqueId", "resourceid": "ocid1.webappfirewall.oc1.region.uniqueId", "tenantid": "ocid1.tenancy.oc1.region.uniqueId" }, "source": "lbwaf_source", "specversion": "1.0", "subject": "", "time": "2021-09-29T15:52:47.875Z", "type": "com.oraclecloud.loadbalancer.waf" }
OCI Web Application Acceleration Log Format
Parser name: oci_waa_logtype
Example Content:
{ "data":{ "request":{ "id":"727b8fabcc23662a8ad3754d4a3573f2" }, "response":{ "code":"200", "size":"73805" }, "timestamp":"2023-08-14T05:40:24+00:00" }, "id":"6cf12c5a-846f-4394-b882-861c5b698032-waa-192433", "oracle":{ "compartmentid":"ocid1.compartment.oc1.uniqueId", "ingestedtime":"2023-08-14T05:40:33.086Z", "loggroupid":"ocid1.loggroup.oc1.uniqueId", "logid":"ocid1.log.oc1.uniqueId", "resourceid":"ocid1.loadbalancer.oc1.uniqueId", "tenantid":"ocid1.tenancy.oc1.uniqueId" }, "source":"fortLB", "specversion":"1.0", "subject":"", "time":"2023-08-14T05:40:24.526Z", "type":"com.oraclecloud.loadbalancer.waa" }
OCI Integration Activity Stream Log Format
Parser name: oci_integration_actstream_logtype
Example Content:
{ "data": { "actionName": "log2", "actionType": "Logger", "operationName": "execute", "endpointName": "helloWorld", "instanceId": "65202025", "executionTimeInMillis":"1", "integrationFlowIdentifier": "HELLO_WORLD!01.02.0000", "message": "Length of parameter is 4", "userId": "user@domain.com" }, "id": "38c5cc58-f9f6-11eb-bee4-0200170046fa", "oracle": { "compartmentid": "ocid1.compartment.oc1.region.uniqueID", "ingestedtime": "2021-07-10T16:16:01.527Z", "loggroupid": "ocid1.loggroup.oc1.region.uniqueID", "logid": "ocid1.log.oc1.region.uniqueID", "tenantid": "ocid1.tenancy.oc1.region.uniqueID" }, "source": "HelloWorld Integration Instance", "specversion": "1.0", "time": "2021-07-10T16:15:59.469Z", "type": "com.oraclecloud.integration.integrationinstance.activitystream" }
OCI Network Firewall Threat Log Format
Parser name: oci_network_firewall_threat_logtype
Example Content:
{ "data": { "action": "alert", "device_name": "PA-VM", "direction": "server-to-client", "dst": "192.0.2.250", "dstloc": "192.0.2.1-192.0.2.254", "dstuser": "no-value", "firewall-id": "ocid1.networkfirewall.oc1.region.uniqueID", "proto": "udp", "receive_time": "2022/10/18 14:27:15", "rule": "AllowAll", "sessionid": "613924", "severity": "informational", "src": "203.0.113.1", "srcloc": "United States", "srcuser": "no-value", "subtype": "vulnerability", "thr_category": "protocol-anomaly", "threatid": "Non-RFC Compliant DNS Traffic on Port 53/5353" }, "id": "ab991b1b-286a-4968-b1a2-77b31bf0fa12", "oracle": { "compartmentid": "ocid1.tenancy.oc1.region.uniqueID", "ingestedtime": "2022-10-18T14:27:37.295Z", "loggroupid": "ocid1.loggroup.oc1.region.uniqueID", "logid": "ocid1.log.oc1.region.uniqueID", "tenantid": "ocid1.tenancy.oc1.region.uniqueID" }, "source": "ocid1.networkfirewall.oc1.region.uniqueID", "specversion": "1.0", "time": "2022-10-18T14:27:15.000Z", "type": "com.oraclecloud.networkfirewall.threat" }
OCI Network Firewall Traffic Log Format
Parser name: oci_network_firewall_traffic_logtype
Example Content:
{ "data": { "action": "allow", "bytes": "588", "bytes_received": "0", "bytes_sent": "588", "chunks": "0", "chunks_received": "0", "chunks_sent": "0", "config_ver": "2561", "device_name": "PA-VM", "dport": "0", "dst": "192.0.2.2", "dstloc": "India", "firewall-id": "ocid1.networkfirewall.oc1.region.uniqueID", "packets": "6", "pkts_received": "0", "pkts_sent": "6", "proto": "icmp", "receive_time": "2022/08/27 08:00:52", "rule": "AllowAll", "rule_uuid": "ce6bc5b0-3ea8-4592-85f6-b470c4702e1f", "serial": "192743405F7D70D", "sessionid": "32114", "sport": "0", "src": "198.51.100.10", "srcloc": "198.51.100.1-198.51.100.254", "time_received": "2022/08/27 08:00:52" }, "id": "5e905ffe-a528-420d-a9df-7b1b2c221cdf", "oracle": { "compartmentid": "ocid1.tenancy.oc1.region.uniqueID", "ingestedtime": "2022-08-27T08:00:56.004Z", "loggroupid": "ocid1.loggroup.oc1.region.uniqueID", "logid": "ocid1.log.oc1.region.uniqueID", "tenantid": "ocid1.tenancy.oc1.region.uniqueID" }, "source": "ocid1.networkfirewall.oc1.region.uniqueID", "specversion": "1.0", "time": "2022-08-27T08:00:52.000Z", "type": "com.oraclecloud.networkfirewall.traffic" }