Collecter les journaux Apigee

Compatible avec :

Ce document explique comment collecter les journaux Apigee en activant l'ingestion de télémétrie dans Google Security Operations. Il explique également comment les champs de journaux Apigee sont mappés aux champs du modèle de données unifié (UDM) de Google Security Operations. Google Cloud

Pour en savoir plus, consultez Ingestion de données dans Google Security Operations.

Un déploiement type consiste à activer les journaux Apigee pour l'ingestion dans Google Security Operations. Chaque déploiement client peut différer de cette représentation et être plus complexe.

Le déploiement contient les composants suivants :

  • Google Cloud : services et produits Google Cloud à partir desquels vous collectez les journaux.

  • Journaux Apigee : journaux Apigee dont l'ingestion dans Google Security Operations est activée.

  • Google Security Operations : Google Security Operations conserve et analyse les journaux d'Apigee.

Un libellé d'ingestion identifie l'analyseur qui normalise les données de journaux brutes au format UDM structuré. Les informations de ce document s'appliquent au parseur avec le libellé d'ingestion GCP_APIGEE_X.

Avant de commencer

  • Assurez-vous que tous les systèmes de l'architecture de déploiement sont configurés dans le fuseau horaire UTC.

  • Assurez-vous d'utiliser l'ancienne ou la nouvelle règle Cloud Logging. Pour en savoir plus, consultez Ancienne règle Cloud Logging.

Configurer Google Cloud pour ingérer les journaux Apigee

Pour ingérer les journaux Apigee dans Google Security Operations, suivez les étapes de la page Ingérer les journaux Google Cloud dans Google Security Operations.

Si vous rencontrez des problèmes lors de l'ingestion des journaux Apigee, contactez l'assistance Google Security Operations.

Formats de journaux Apigee compatibles

L'analyseur Apigee est compatible avec les journaux au format JSON.

Journaux d'exemple Apigee acceptés

  • JSON

      {
    "text": {
      "metadata": {
        "reportTimestamp": "2021-10-22T01:25:16Z",
        "messageId": "1634865916094",
        "org": "ascension",
        "env": "prod"
      },
      "totalNumberOfBots": 1,
      "bots": [
        {
          "ipAddress": "198.51.100.0",
          "botDetectedLast": "2021-10-22T00:49:51Z",
          "ipIsp": "Google LLC",
          "ipCountry": "United States",
          "botReason": [
            "Flooder"
          ],
          "callCount": "666",
          "topUrl": "/price-estimator/v1/shoppable-service/search/taxonomy/",
          "ipCity": "NO_CITY"
        }
      ]
    }
  }

Référence du mappage de champs

Référence du mappage des champs : journaux de l'ancienne règle GCP_APIGEE_X Cloud Logging

Le tableau suivant répertorie les champs de journaux de l'ancien type de journal des règles Cloud Logging GCP_APIGEE_X et les champs UDM correspondants.

Log field UDM mapping Logic
jsonPayload.proxyResponseCode intermediary.network.http.response_code
jsonPayload.apiProxy intermediary.resource.name
jsonPayload.apiproxy intermediary.resource.name
intermediary.resource.resource_type If the jsonPayload.apiproxy log field value is not empty or the jsonPayload.apiProxy log field value is not empty, then the intermediary.resource.resource_type UDM field is set to BACKEND_SERVICE.
intermediary.resource.attribute.cloud.environment If the jsonPayload.apiproxy log field value is not empty or the jsonPayload.apiProxy log field value is not empty, then the intermediary.resource.attribute.cloud.environment UDM field is set to GOOGLE_CLOUD_PLATFORM.
jsonPayload.apiProduct intermediary.resource.attribute.labels[json_payload_api_product]
jsonPayload.apiProxyRevision intermediary.resource.attribute.labels[json_payload_api_proxy_revision]
jsonPayload.proxyRequestReceived intermediary.resource.attribute.labels[json_payload_proxy_request_received]
jsonPayload.proxyResponseSent intermediary.resource.attribute.labels[json_payload_proxy_response_sent]
receiveTimestamp metadata.collected_timestamp
timestamp metadata.event_timestamp
metadata.event_type The metadata.event_type UDM field is set to USER_RESOURCE_ACCESS.
insertId metadata.product_log_id
jsonPayload.correlationId metadata.product_event_type
metadata.product_name The metadata.product_name UDM field is set to GCP APIGEE X.
metadata.vendor_name The metadata.vendor_name UDM field is set to Google Cloud Platform.
jsonPayload.verb network.http.method
labels.application principal.application
jsonPayload.ax_resolved_client_ip principal.ip
resource.labels.zone principal.resource.attribute.cloud.availability_zone
principal.resource.resource_type If the resource.type log field value is equal to gce_instance, then the principal.resource.resource_type UDM field is set to VIRTUAL_MACHINE.
resource.type principal.resource.resource_subtype
resource.labels.instance_id principal.resource.product_object_id
resource.labels.project_id principal.resource_ancestors.product_object_id
principal.resource_ancestors.resource_type If the resource.labels.project_id log field value is not empty, then the principal.resource_ancestors.resource_type UDM field is set to CLOUD_PROJECT.
jsonPayload.organization principal.resource_ancestors.name
principal.resource_ancestors.resource_type If the jsonPayload.organization log field value is not empty, then the principal.resource_ancestors.resource_type UDM field is set to CLOUD_ORGANIZATION.
jsonPayload.clientReceived principal.resource.attribute.labels[json_payload_client_received]
jsonPayload.clientSent principal.resource.attribute.labels[json_payload_client_sent]
logName principal.resource.attribute.labels[Log Name]
resource.labels.project_id principal.resource.attribute.labels[Project Id]
jsonPayload.clientId principal.user.userid
logName security_result.category_details
jsonPayload.faultName security_result.description
severity security_result.severity If the severity log field value is equal to ERROR, then the severity log field is mapped to the security_result.severity UDM field.

Else, if the severity log field value is equal to INFO or NOTICE, then the security_result.severity UDM field is set to INFORMATIONAL.

Else, if the severity log field value is equal to WARNING or NOTICE, then the security_result.severity UDM field is set to MEDIUM.
severity security_result.severity_details
jsonPayload.targetResponseCode target.network.http.response_code
jsonPayload.requestUri target.resource.name
target.resource.resource_type If the jsonPayload.requestUri log field value is not empty, then the target.resource.resource_type UDM field is set to BACKEND_SERVICE.
jsonPayload.requestUrl target.url
jsonPayload.targetResponseReceived target.resource.attribute.labels[json_payload_target_request_received]
jsonPayload.targetRequestSent target.resource.attribute.labels[json_payload_target_request_sent]
jsonPayload.bot_reason additional.fields[json_payload_bot_reason]
jsonPayload.count_distinct_bot additional.fields[json_payload_count_distinct_bot]
jsonPayload.developerApp additional.fields[json_payload_developer_app]
jsonPayload.developerId additional.fields[json_payload_developer_id]
jsonPayload.minute additional.fields[json_payload_minute]
jsonPayload.environment additional.fields[json_payload_environment]
jsonPayload.sum_bot_traffic additional.fields[json_payload_sum_bot_traffic]
partialSuccess additional.fields[partial_success]

Référence du mappage des champs : journaux de la nouvelle stratégie Cloud Logging GCP_APIGEE_X

Le tableau suivant répertorie les champs de journaux du type de journal GCP_APIGEE_X "Nouvelle stratégie Cloud Logging" et les champs UDM correspondants.

Log field UDM mapping Logic
insertId metadata.product_log_id
jsonPayload.request.queryparams.count target.resource.attribute.labels[json_payload_request_queryparams_count]
jsonPayload.request.uri target.resource.name
target.resource.resource_type If the jsonPayload.request.uri log field value is not empty, then the target.resource.resource_type UDM field is set to BACKEND_SERVICE.
jsonPayload.target.host target.hostname
jsonPayload.log.sni_host target.hostname
jsonPayload.target.host target.asset.hostname
jsonPayload.log.sni_host target.asset.hostname
jsonPayload.target.sent.start.timestamp target.resource.attribute.labels[json_payload_target_sent_start_timestamp]
jsonPayload.response.reason.phrase security_result.summary
jsonPayload.response.reason security_result.summary
jsonPayload.target.cn target.resource.attribute.labels[json_payload_target_cn]
jsonPayload.target.port target.port
jsonPayload.request.path target.resource.attribute.labels[json_payload_request_path]
jsonPayload.target.ip target.ip
jsonPayload.request.queryparam.param_name target.resource.attribute.labels[json_payload_request_queryparams_param_name]
jsonPayload.request.queryparam.param_name.values target.resource.attribute.labels[json_payload_request_queryparams_param_values]
jsonPayload.client.sent.end.timestamp principal.resource.attribute.labels[client sent end timestamp]
jsonPayload.response.content security_result.description
jsonPayload.target.organization target.resource_ancestors.name
jsonPayload.log.organization target.resource_ancestors.name
target.resource_ancestors.resource_type If the jsonPayload.target.organization log field value is not empty or the jsonPayload.log.organization log field value is not empty, then the target.resource_ancestors.resource_type UDM field is set to CLOUD_ORGANIZATION.
jsonPayload.target.organization.unit target.resource_ancestors.attribute.labels[json_payload_target_organization_unit]
jsonPayload.proxy.client.ip src.ip
jsonPayload.error.content security_result.about.resource.attribute.labels[error_content]
jsonPayload.response.headers.names target.resource.attribute.labels[response_headers_names]
jsonPayload.error.state security_result.about.resource.attribute.labels[state]
jsonPayload.proxy.pathsuffix intermediary.resource.attribute.labels[pathsuffix]
jsonPayload.log.proxy_basepath intermediary.resource.attribute.labels[pathsuffix]
jsonPayload.messageid metadata.product_event_type
jsonPayload.request.verb network.http.method
jsonPayload.response.status.code network.http.response_code
jsonPayload.log.status network.http.response_code
jsonPayload.response.code network.http.response_code
jsonPayload.request.transportid target.resource.attribute.labels[json_payload_request_transport_id]
jsonPayload.request.content target.resource.attribute.labels[json_payload_request_content]
jsonPayload.client.received.start.timestamp principal.resource.attribute.labels[client_received_start_timestamp]
jsonPayload.target.basepath target.resource.attribute.labels[basepath]
jsonPayload.proxy.url intermediary.url
jsonPayload.request.url target.resource.attribute.labels[json_payload_request_url]
jsonPayload.client.sent.start.timestamp principal.resource.attribute.labels[json_payload_client_sent_start_timestamp]
jsonPayload.client.received.end.timestamp principal.resource.attribute.labels[client end timestamp]
jsonPayload.target.sent.end.timestamp target.resource.attribute.labels[json_payload_target_sent_end_timestamp]
jsonPayload.apigee.metrics.policy..timeTaken security_result.rule_labels[apigee_metrics_policy_time_taken]
jsonPayload.target.scheme target.network.application_protocol
jsonPayload.request.queryparams.names target.resource.attribute.labels[json_payload_request_queryparams_names]
jsonPayload.request.version target.resource.attribute.labels[json_payload_request_version]
jsonPayload.request.httpversion target.resource.attribute.labels[json_payload_request_version]
jsonPayload.system.timestamp additional.fields[jsonPayload_system_timestamp]
jsonPayload.client.scheme principal.network.application_protocol
jsonPayload.request.header.header_name target.resource.attribute.labels[json_payload_request_header_name]
jsonPayload.request.header.header_name.values target.resource.attribute.labels[request_header_name_values]
jsonPayload.target.url target.url
jsonPayload.url target.url
jsonPayload.response.header.header_name.values target.resource.attribute.labels[response_header_name_values]
jsonPayload.request.querystring target.resource.attribute.labels[json_payload_request_querystring]
jsonPayload.response.headers.count target.resource.attribute.labels[response_headers_count]
principal.resource.resource_type If the resource.type log field value is equal to gce_instance, then the principal.resource.resource_type UDM field is set to VIRTUAL_MACHINE.
resource.type principal.resource.resource_subtype
resource.labels.instance_id principal.resource.product_object_id
resource.labels.project_id principal.resource_ancestors.product_object_id
principal.resource_ancestors.resource_type The if the resource.labels.project_id log field value is not empty, then principal.resource_ancestors.resource_type UDM field is set to CLOUD_PROJECT.
resource.labels.zone principal.resource.attribute.cloud.availability_zone
timestamp metadata.event_timestamp
severity security_result.severity If the severity log field value is equal to ERROR, then the severity log field is mapped to the security_result.severity UDM field.
severity security_result.severity_details
logName security_result.category_details
logName principal.resource.attribute.labels[Log Name]
receiveTimestamp metadata.collected_timestamp
jsonPayload.client.ip principal.ip
jsonPayload.log.origin_address principal.ip
jsonPayload.client.host principal.ip
jsonPayload.request.formparam.param_name.values target.resource.attribute.labels[json_payload_request_form_param_name_values]
jsonPayload.request.formparam.param_name target.resource.attribute.labels[json_payload_request_form_param_name]
jsonPayload.request.formparams.count target.resource.attribute.labels[json_payload_request_form_params_count]
jsonPayload.request.formparams.names target.resource.attribute.labels[json_payload_request_form_params_names]
jsonPayload.request.formstring target.resource.attribute.labels[json_payload_request_form_string]
jsonPayload.response.transport.message target.resource.attribute.labels[response_transport_message]
jsonPayload.response.header.header_name target.resource.attribute.labels[response_header_name]
jsonPayload.apigee.metrics.policy.policy_name.timeTaken security_result.rule_labels[apigee_metrics_policy_policy_name_timeTaken]
jsonPayload.apiproduct.operation intermediary.resource.attribute.labels[api_product_operation]
jsonPayload.apiproduct.operation.resource intermediary.resource.attribute.labels[api_product_operation_resource]
jsonPayload.apiproduct.operation.methods intermediary.resource.attribute.labels[api_product_operation_methods]
jsonPayload.apiproduct.operation.attributes.key_name intermediary.resource.attribute.labels[api_product_operation_attributes_key_name]
jsonPayload.proxy.name intermediary.resource.name
jsonPayload.proxy.revision intermediary.resource.attribute.labels[json_payload_proxy_revision]
jsonPayload.apiproxy.basepath intermediary.resource.attribute.labels[json_payload_api_proxy_basepath]
jsonPayload.client.cn principal.resource.attribute.labels[json_payload_client_cn]
jsonPayload.client.country principal.location.country_or_region
jsonPayload.client.email.address principal.email
jsonPayload.client.locality principal.location.city
jsonPayload.client.organization principal.resource_ancestors.name
principal.resource_ancestors.resource_type If the jsonPayload.client.organization log field value is not empty, then the principal.resource_ancestors.resource_type UDM field is set to CLOUD_ORGANIZATION.
jsonPayload.client.organization.unit principal.resource_ancestors.attribute.labels[client_organization_unit]
jsonPayload.client.port principal.port
jsonPayload.client.received.end.time principal.resource.attribute.labels[client_received_end_time]
jsonPayload.client.received.start.time principal.resource.attribute.labels[client_received_start_time]
jsonPayload.client.sent.end.time principal.resource.attribute.labels[client_sent_end_time]
jsonPayload.client.sent.start.time principal.resource.attribute.labels[client_sent_start_time]
jsonPayload.client.ssl.enabled principal.resource.attribute.labels[client_ssl_enabled]
jsonPayload.client.state principal.resource.attribute.labels[client_state]
jsonPayload.current.flow.name additional.fields[current_flow_name]
jsonPayload.current.flow.description additional.fields[current_flow_description]
jsonPayload.environment.name additional.fields[environment_name]
jsonPayload.error security_result.about.resource.attribute.labels[jsonPayload_error]
jsonPayload.error.message security_result.about.resource.attribute.labels[message]
jsonPayload.error.status.code security_result.about.resource.attribute.labels[jsonPayload_error_status_code]
jsonPayload.error.reason.phrase security_result.about.resource.attribute.labels[jsonPayload_error_reason_phrase]
jsonPayload.error.transport.message security_result.about.resource.attribute.labels[jsonPayload_error_transport_message]
jsonPayload.error.header.header_name security_result.about.resource.attribute.labels[error_header_name]
jsonPayload.fault.name security_result.about.resource.attribute.labels[fault_name]
jsonPayload.fault.reason security_result.about.resource.attribute.labels[fault_reason] If the jsonPayload.error.faultReason log field value is empty, then the jsonPayload.fault.reason log field is mapped to the security_result.description UDM field.

Else, the jsonPayload.fault.reason log field is mapped to the security_result.about.resource.attribute.labels.fault_reason UDM field.
jsonPayload.fault.category security_result.category_details
jsonPayload.fault.subcategory security_result.category_details
jsonPayload.literal_value additional.fields[jsonPayload_literal_value]
jsonPayload.graphql additional.fields[graphql]
jsonPayload.graphql.fragment additional.fields[graphql_fragment]
jsonPayload.graphql.fragment.count additional.fields[graphql_fragment_count]
jsonPayload.graphql.fragment.INDEX.selectionSet.INDEX additional.fields[graphql_fragment_INDEX_selectionSet_INDEX]
jsonPayload.graphql.fragment.INDEX.selectionSet.INDEX.name additional.fields[graphql_fragment_INDEX_selectionSet_INDEX_name]
jsonPayload.graphql.fragment.INDEX.selectionSet.count additional.fields[graphql_fragment_INDEX_selectionSet_count]
jsonPayload.graphql.fragment.INDEX.selectionSet.name additional.fields[graphql_fragment_INDEX_selectionSet_name]
jsonPayload.graphql.operation additional.fields[graphql_operation]
jsonPayload.graphql.operation.name additional.fields[graphql_operation_name]
jsonPayload.graphql.operation.operationType additional.fields[graphql_operation_operationType]
jsonPayload.graphql.operation.selectionSet additional.fields[graphql_operation_selectionSet]
jsonPayload.graphql.operation.selectionSet.count additional.fields[graphql_operation_selectionSet_count]
jsonPayload.graphql.operation.selectionSet.name additional.fields[graphql_operation_selectionSet_name]
jsonPayload.graphql.operation.selectionSet.INDEX additional.fields[graphql_operation_selectionSet_INDEX]
jsonPayload.graphql.operation.selectionSet.INDEX.name additional.fields[graphql_operation_selectionSet_INDEX_name]
jsonPayload.graphql.operation.selectionSet.INDEX.[selectionSet] additional.fields[graphql_operation_selectionSet_INDEX_selectionSet]
jsonPayload.graphql.operation.selectionSet.INDEX.directive additional.fields[graphql_operation_selectionSet_INDEX_directive]
jsonPayload.graphql.operation.selectionSet.INDEX.directive.count additional.fields[graphql_operation_selectionSet_INDEX_directive_count]
jsonPayload.graphql.operation.selectionSet.INDEX.directive.INDEX additional.fields[graphql_operation_selectionSet_INDEX_directive_INDEX]
jsonPayload.graphql.operation.selectionSet.INDEX.directive.INDEX.argument.INDEX additional.fields[graphql_operation_selectionSet_INDEX_directive_INDEX_argument_INDEX]
jsonPayload.graphql.operation.selectionSet.INDEX.directive.INDEX.argument.INDEX.name additional.fields[graphql_operation_selectionSet_INDEX_directive_INDEX_argument_INDEX_name]
jsonPayload.graphql.operation.selectionSet.INDEX.directive.INDEX.argument.INDEX.value additional.fields[graphql_operation_selectionSet_INDEX_directive_INDEX_argument_INDEX_value]
jsonPayload.graphql.operation.selectionSet.INDEX.directive.name additional.fields[graphql_operation_selectionSet_INDEX_directive_name]
jsonPayload.graphql.operation.variableDefinitions additional.fields[graphql_operation_variableDefinitions]
jsonPayload.graphql.operation.variableDefinitions.count additional.fields[graphql_operation_variableDefinitions_count]
jsonPayload.graphql.operation.variableDefinitions.INDEX additional.fields[graphql_operation_variableDefinitions_INDEX]
jsonPayload.graphql.operation.variableDefinitions.INDEX.name additional.fields[graphql_operation_variableDefinitions_INDEX_name]
jsonPayload.graphql.operation.variableDefinitions.INDEX.type additional.fields[graphql_operation_variableDefinitions_INDEX_type]
jsonPayload.is.error security_result.about.resource.attribute.labels[is_error]
jsonPayload.loadbalancing.failedservers intermediary.resource.attribute.labels[loadbalancing_failed_servers]
jsonPayload.loadbalancing.isfallback intermediary.resource.attribute.labels[loadbalancing_is_fallback]
jsonPayload.loadbalancing.targetserver intermediary.resource.attribute.labels[loadbalancing_target_server]
jsonPayload.message additional.fields[jsonPayload_message]
jsonPayload.message.content additional.fields[message_content]
jsonPayload.message.formparam.param_name additional.fields[message_formparam_param_name]
jsonPayload.message.formparam.param_name.values additional.fields[message_formparam_param_name_values]
jsonPayload.message.formparam.param_name.values.count additional.fields[message_formparam_param_name_values_count]
jsonPayload.message.formparams.count additional.fields[message_formparams_count]
jsonPayload.message.formparams.names additional.fields[message_formparams_names]
jsonPayload.message.formstring additional.fields[message_formstring]
jsonPayload.message.header.header_name additional.fields[message_header_header_name]
jsonPayload.message.header.header_name.N additional.fields[message_header_header_name_N]
jsonPayload.message.header.header_name.values additional.fields[message_header_header_name_values]
jsonPayload.message.header.header_name.values.count additional.fields[message_header_header_name_values_count]
jsonPayload.message.header.header_name.values.string additional.fields[message_header_header_name_values_string]
jsonPayload.message.headers.count additional.fields[message_headers_count]
jsonPayload.message.headers.names additional.fields[message_headers_names]
jsonPayload.message.path additional.fields[message_path]
jsonPayload.message.queryparam.param_name additional.fields[message_queryparam_param_name]
jsonPayload.message.queryparam.param_name.N additional.fields[message_queryparam_param_name_N]
jsonPayload.message.queryparam.param_name.values additional.fields[message_queryparam_param_name_values]
jsonPayload.message.queryparam.param_name.values.count additional.fields[message_queryparam_param_name_values_count]
jsonPayload.message.queryparams.count additional.fields[message_queryparams_count]
jsonPayload.message.queryparams.names additional.fields[message_queryparams_names]
jsonPayload.message.querystring additional.fields[message_querystring]
jsonPayload.message.status.code additional.fields[message_status_code]
jsonPayload.message.transport.message additional.fields[message_transport_message]
jsonPayload.message.uri additional.fields[message_uri]
jsonPayload.message.verb additional.fields[message_verb]
jsonPayload.message.version additional.fields[message_version]
jsonPayload.mint.limitscheck.is_request_blocked additional.fields[mint_limitscheck_is_request_blocked]
jsonPayload.mint.limitscheck.is_subscription_found additional.fields[mint_limitscheck_is_subscription_found]
jsonPayload.mint.limitscheck.prepaid_developer_balance additional.fields[mint_limitscheck_prepaid_developer_balance]
jsonPayload.mint.limitscheck.prepaid_developer_currency additional.fields[mint_limitscheck_prepaid_developer_currency]
jsonPayload.mint.limitscheck.purchased_product_name additional.fields[mint_limitscheck_purchased_product_name]
jsonPayload.mint.limitscheck.status_message additional.fields[mint_limitscheck_status_message]
jsonPayload.mint.mintng_consumption_pricing_rates additional.fields[mint_mintng_consumption_pricing_rates]
jsonPayload.mint.mintng_consumption_pricing_type additional.fields[mint_mintng_consumption_pricing_type]
jsonPayload.mint.mintng_currency additional.fields[mint_mintng_currency]
jsonPayload.mint.mintng_dev_share additional.fields[mint_mintng_dev_share]
jsonPayload.mint.mintng_is_apiproduct_monetized additional.fields[mint_mintng_is_apiproduct_monetized]
jsonPayload.mint.mintng_price additional.fields[mint_mintng_price]
jsonPayload.mint.mintng_price_multiplier additional.fields[mint_mintng_price_multiplier]
jsonPayload.mint.mintng_rate additional.fields[mint_mintng_rate]
jsonPayload.mint.mintng_rate_before_multipliers additional.fields[mint_mintng_rate_before_multipliers]
jsonPayload.mint.mintng_rate_plan_id additional.fields[mint_mintng_rate_plan_id]
jsonPayload.mint.mintng_revenue_share_rates additional.fields[mint_mintng_revenue_share_rates]
jsonPayload.mint.mintng_revenue_share_type additional.fields[mint_mintng_revenue_share_type]
jsonPayload.mint.mintng_tx_success additional.fields[mint_mintng_tx_success]
jsonPayload.mint.prepaid_updated_developer_usage additional.fields[mint_prepaid_updated_developer_usage]
jsonPayload.mint.rateplan_end_time_ms additional.fields[mint_rateplan_end_time_ms]
jsonPayload.mint.rateplan_start_time_ms additional.fields[mint_rateplan_start_time_ms]
jsonPayload.mint.status additional.fields[mint_status]
jsonPayload.mint.status_code additional.fields[mint_status_code]
jsonPayload.mint.subscription_end_time_ms additional.fields[mint_subscription_end_time_ms]
jsonPayload.mint.subscription_start_time_ms additional.fields[mint_subscription_start_time_ms]
jsonPayload.mint.tx_success_result additional.fields[mint_tx_success_result]
jsonPayload.organization.name principal.resource_ancestors.name
principal.resource_ancestors.resource_type If the jsonPayload.organization.name log field value is not empty, then the principal.resource_ancestors.resource_type UDM field is set to CLOUD_ORGANIZATION.
jsonPayload.proxy.basepath intermediary.resource.attribute.labels[proxy_basepath]
jsonPayload.proxy intermediary.resource.attribute.labels[proxy]
jsonPayload.proxy.proxyendpoint.name intermediary.resource.attribute.labels[proxy_endpoint_name]
jsonPayload.publishmessage.message.id additional.fields[publishmessage_message_id]
jsonPayload.ratelimit.policy_name.allowed.count security_result.rule_labels[ratelimit_policy_name_allowed_count]
jsonPayload.ratelimit.policy_name.used.count security_result.rule_labels[ratelimit_policy_name_used_count]
jsonPayload.ratelimit.policy_name.available.count security_result.rule_labels[ratelimit_policy_name_available_count]
jsonPayload.ratelimit.policy_name.exceed.count security_result.rule_labels[ratelimit_policy_name_exceed_count]
jsonPayload.ratelimit.policy_name.total.exceed.count security_result.rule_labels[ratelimit_policy_name_total_exceed_count]
jsonPayload.ratelimit.policy_name.expiry.time security_result.rule_labels[ratelimit_policy_name_expiry_time]
jsonPayload.ratelimit.policy_name.identifier security_result.rule_id
jsonPayload.ratelimit.policy_name.class security_result.rule_labels[ratelimit_policy_name_class]
jsonPayload.ratelimit.policy_name.class.allowed.count security_result.rule_labels[ratelimit_policy_name_class_allowed_count]
jsonPayload.ratelimit.policy_name.class.used.count security_result.rule_labels[ratelimit_policy_name_class_used_count]
jsonPayload.ratelimit.policy_name.class.available.count security_result.rule_labels[ratelimit_policy_name_class_available_count]
jsonPayload.ratelimit.policy_name.class.exceed.count security_result.rule_labels[ratelimit_policy_name_class_exceed_count]
jsonPayload.ratelimit.policy_name.class.total.exceed.count security_result.rule_labels[ratelimit_policy_name_class_total_exceed_count]
jsonPayload.ratelimit.policy_name.failed security_result.rule_labels[ratelimit_policy_name_failed]
jsonPayload.request target.resource.attribute.labels[request]
jsonPayload.request.formparam.param_name.values.count target.resource.attribute.labels[request_formparam_name_values_count]
jsonPayload.request.formparam.param_name.N target.resource.attribute.labels[request_formparam_name_N]
jsonPayload.request.grpc.rpc.name target.resource.attribute.labels[request_grpc_rpc_name]
jsonPayload.request.grpc.service.name target.resource.attribute.labels[request_grpc_service_name]
jsonPayload.request.header.header_name.N target.resource.attribute.labels[request_header_name_N]
jsonPayload.request.header.header_name.values.count target.resource.attribute.labels[request_header_name_values_count]
jsonPayload.request.header.header_name.values.string target.resource.attribute.labels[request_header_name_values_string]
jsonPayload.request.headers.count target.resource.attribute.labels[request_headers_count]
jsonPayload.request.headers.names target.resource.attribute.labels[request_headers_names]
jsonPayload.request.queryparam.param_name.N target.resource.attribute.labels[request_queryparam_name_N]
jsonPayload.request.queryparam.param_name.values.count target.resource.attribute.labels[request_queryparam_name_values_count]
jsonPayload.request.transport.message target.resource.attribute.labels[request_transport_message]
jsonPayload.response target.resource.attribute.labels[response]
jsonPayload.response.header.header_name.values.count target.resource.attribute.labels[response_header_name_values_count]
jsonPayload.response.header.header_name.values.string target.resource.attribute.labels[response_header_name_values_string]
jsonPayload.response.header.header_name.N target.resource.attribute.labels[response_header_name_N]
jsonPayload.system.interface.interface_name intermediary.ip
intermediary.resource_ancestors.resource_type If the jsonPayload.system.pod.name log field value is not empty, then the intermediary.resource_ancestors.resource_type UDM field is set to POD.
jsonPayload.system.pod.name intermediary.resource_ancestors.name
jsonPayload.system.region.name intermediary.location.country_or_region
jsonPayload.system.time intermediary.resource.attribute.labels[system_time]
jsonPayload.system.time.year intermediary.resource.attribute.labels[system_time_year]
jsonPayload.system.time.month intermediary.resource.attribute.labels[system_time_month]
jsonPayload.system.time.day intermediary.resource.attribute.labels[system_time_day]
jsonPayload.system.time.dayofweek intermediary.resource.attribute.labels[system_time_dayofweek]
jsonPayload.system.time.hour intermediary.resource.attribute.labels[system_time_hour]
jsonPayload.system.time.minute intermediary.resource.attribute.labels[system_time_minute]
jsonPayload.system.time.second intermediary.resource.attribute.labels[system_time_second]
jsonPayload.system.time.millisecond intermediary.resource.attribute.labels[system_time_millisecond]
jsonPayload.system.time.zone intermediary.resource.attribute.labels[system_time_zone]
jsonPayload.system.uuid intermediary.resource.attribute.labels[system_uuid]
jsonPayload.target.copy.pathsuffix target.resource.attribute.labels[target_copy_pathsuffix]
jsonPayload.target.copy.queryparams target.resource.attribute.labels[target_copy_queryparams]
jsonPayload.target.country target.location.country_or_region
jsonPayload.target.email.address target.user.email_addresses
jsonPayload.developer.email target.user.email_addresses
jsonPayload.target.expectedcn target.resource.attribute.labels[target_expectedcn]
jsonPayload.target.locality target.location.city
jsonPayload.target.name target.resource.attribute.labels[target_name]
jsonPayload.target.received.end.time target.resource.attribute.labels[target_received_end_time]
jsonPayload.target.received.start.time target.resource.attribute.labels[target_received_start_time]
jsonPayload.target.received.start.timestamp target.resource.attribute.labels[target_received_start_timestamp]
jsonPayload.target.sent.end.time target.resource.attribute.labels[target_sent_end_time]
jsonPayload.target.sent.start.time target.resource.attribute.labels[target_sent_start_time]
jsonPayload.target.ssl.enabled target.resource.attribute.labels[target_ssl_enabled]
jsonPayload.target.state target.resource.attribute.labels[target_state]
jsonPayload.variable.expectedcn additional.fields[variable_expectedcn]
jsonPayload.request.host target.resource.attribute.labels[json_payload_request_host]
jsonPayload.request_msg.header.host target.resource.attribute.labels[json_payload_request_host]
jsonPayload.request.user-agent network.http.user_agent
jsonPayload.request.header.user-agent network.http.user_agent
jsonPayload.request.x-b3-traceid target.resource.attribute.labels[json_payload_request_x_b3_traceid]
jsonPayload.request.header.x-b3-traceid target.resource.attribute.labels[json_payload_request_x_b3_traceid]
jsonPayload.request.header.x-cloud-trace-context target.resource.attribute.labels[json_payload_request_x_cloud_trace_context]
jsonPayload.request.x-cloud-trace-context target.resource.attribute.labels[json_payload_request_x_cloud_trace_context]
jsonPayload.apiproduct.name intermediary.resource.attribute.labels[jsonPayload_api_product_name]
jsonPayload.app.name target.application
jsonPayload.developer.app.name target.application
jsonPayload.cachehit additional.fields[jsonPayload_cachehit]

Étapes suivantes

Vous avez encore besoin d'aide ? Obtenez des réponses de membres de la communauté et de professionnels Google SecOps.