Change log for OCI_FLOW
| Date | Changes |
|---|---|
| 2025-08-05 | Enhancement:
- Added support for new pattern of JSON logs. - event.idm.read_only_udm.additional.fields: Newly Mapped `record_sourcetype` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `event_flow_id` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `oracle_filtercid` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `oracle_instancecid` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `oracle_loggroupid` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `data_protocol` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `oracle_tenantid` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.security_result.detection_fields: Newly Mapped `oracle_numPktsUnmatchedV4` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `event_data_version` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `event_data_endTime` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.additional.fields: Newly Mapped `event_data_startTime` raw log field with `event.idm.read_only_udm.additional.fields` UDM Field. - event.idm.read_only_udm.principal.resource.product_object_id: Newly Mapped `oracle_vnicocid` raw log field with `event.idm.read_only_udm.principal.resource.product_object_id` UDM Field. - event.idm.read_only_udm.metadata.product_log_id: Newly Mapped `event_id` raw log field with `event.idm.read_only_udm.metadata.product_log_id` UDM Field. - event.idm.read_only_udm.metadata.event_timestamp: Newly Mapped `event_timestamp` raw log field with `event.idm.read_only_udm.metadata.event_timestamp` UDM Field. - event.idm.read_only_udm.observer.resource.product_object_id: Newly Mapped `oracle_logid` raw log field with `event.idm.read_only_udm.observer.resource.product_object_id` UDM Field. - event.idm.read_only_udm.metadata.product_version: Newly Mapped `event_specversion` raw log field with `event.idm.read_only_udm.metadata.product_version` UDM Field. - event.idm.read_only_udm.metadata.product_event_type: Newly Mapped `event_type` raw log field with `event.idm.read_only_udm.metadata.product_event_type` UDM Field. - event.idm.read_only_udm.security_result.action_details: Newly Mapped `event_data_status` raw log field with `event.idm.read_only_udm.security_result.action_details` UDM Field. - event.idm.read_only_udm.principal.namespace: Newly Mapped `oracle_compartmentid` raw log field with `event.idm.read_only_udm.principal.namespace` UDM Field. - event.idm.read_only_udm.target.resource.product_object_id: Newly Mapped `oracle_vniccompartmentocid` raw log field with `event.idm.read_only_udm.target.resource.product_object_id` UDM Field. - event.idm.read_only_udm.principal.resource.attribute.labels: Newly Mapped `oracle_vnicsubnetocid` raw log field with `event.idm.read_only_udm.principal.resource.attribute.labels` UDM Field. - event.idm.read_only_udm.metadata.ingested_timestamp: Newly Mapped `oracle_ingestedtime` raw log field with `event.idm.read_only_udm.metadata.ingested_timestamp` UDM Field. - event.idm.read_only_udm.principal.ip: Newly Mapped `data_sourceAddress` raw log field with `event.idm.read_only_udm.principal.ip` UDM Field. - event.idm.read_only_udm.principal.asset.ip: Newly Mapped `data_sourceAddress` raw log field with `event.idm.read_only_udm.principal.asset.ip` UDM Field. - event.idm.read_only_udm.target.ip: Newly Mapped `data_destinationAddress` raw log field with `event.idm.read_only_udm.target.ip` UDM Field. - event.idm.read_only_udm.target.asset.ip: Newly Mapped `data_destinationAddress` raw log field with `event.idm.read_only_udm.target.asset.ip` UDM Field. - event.idm.read_only_udm.target.port: Newly Mapped `data_destinationPort` raw log field with `event.idm.read_only_udm.target.port` UDM Field. - event.idm.read_only_udm.principal.port: Newly Mapped `data_sourcePort` raw log field with `event.idm.read_only_udm.principal.port` UDM Field. - event.idm.read_only_udm.network.ip_protocol: Newly Mapped `data_protocolName` raw log field with `event.idm.read_only_udm.network.ip_protocol` UDM Field. - event.idm.read_only_udm.network.sent_packets: Newly Mapped `data_packets` raw log field with `event.idm.read_only_udm.network.sent_packets` UDM Field. - event.idm.read_only_udm.network.received_packets: Newly Mapped `data_bytesOut` raw log field with `event.idm.read_only_udm.network.received_packets` UDM Field. |
| 2024-09-15 | Enhancement:
- Added support for new pattern of JSON logs. |
| 2023-04-29 | Newly created parser.
|