4.5 Specify an Alias for a Field

In the search query, you can enter the alias, or abbreviated term, for a field name rather than entering the full name. For the fields shown in the following table, you can also use the presentable field names, such as Agent Address. Search suggests presentable names.

Field

Aliases

agentAddress
  • agt
  • agent ip

agentHostName

ahost

agentId

aid

agentMacAddress
  • amac
  • agent mac

agentReceiptTime

art

agentTimeZone

atz

agentTranslatedAddress

agent translated ip

agentType

at

agentVersion

av

applicatonProtocol
  • app
  • protocol

baseEventCount

cnt

bytesIn

in

bytesOut

out

categoryBehavior

behavior

categoryDeviceGroup

device group

categoryObject

object

categorySignificance

significance

categoryTechnique

technique

destinationAddress
  • dst
  • destination ip
  • destinationip
  • dst ip
  • dest ip
  • target ip
  • targetip
  • target

destinationHostName
  • dhost
  • destination name

destinationMacAddress
  • dmac
  • destination mac

destinationNtDomain

dntdom

destinationPort
  • dpt
  • destination port
  • dstport
  • dest port
  • targetport
  • target port

destinationProcessId

dpid

destinationProcessName

dproc

destinationTranslatedAddress

destination translated ip

destinationuserId

duid

destinationUserName
  • duser
  • dst user
  • dest user
  • destination user
  • dst usr

destinationUserPrivileges

dpriv

deviceAction

act

deviceAddress
  • dvc
  • deviceaddr
  • deviceip
  • device ip

deviceCustomFloatingPointn

  • Valid values for n are integers between 1 and 4
  • For example: deviceCustomFloatingPoint1

cfpn

For example: cfp1

deviceCustomFloatingPointnLabel

  • Valid values for n are integers between 1 and 4
  • For example: deviceCustomFloatingPoint1Label

cfpnLabel

For example: cfp1Label

deviceCustomIPv6Addressn

  • Valid values for n are integers between 1 and 4
  • For example: deviceCustomIPv6Address2
  • c6an
  • device custom ipv6 n

For example: c6a2

deviceCustomIPv6AddressnLabel

  • Valid values for n are integers between 1 and 4
  • For example: deviceCustomIPv6Address2Label

c6anLabel

For example: c6a2Label

deviceCustomNumbern

  • Valid values for n are integers between 1 and 3
  • For example, deviceCustomNumber3

cnn

For example: cn3

deviceCustomNumbernLabel

  • Valid values for n are integers between 1 and 6
  • For example: deviceCustomNumber6Label

cnnLabel

For example: cn6Label

deviceCustomStringn

  • Valid values for n are integers between 1 and 6
  • For example: deviceCustomString5

Csn

For example: Cs5

deviceEventCategory

cat

deviceHostName

dvchost

deviceMacAddress
  • dvcmac
  • device mac

deviceProcessId

dvcpid

deviceReceiptTime

rt

deviceTimeZone

dtz

deviceTranslatedAddress

device translated ip

endTime

end

eventOutcome

outcome

fileNme

fname

fileSize

fsize

message

msg

requestUrl
  • request
  • URL

sourceAddress
  • src
  • source ip
  • sourceip
  • src ip

sourceHostName

shost

sourceMacAddress
  • smac
  • source mac

sourceNtDomain

sntdomain

sourcePort
  • spt
  • srcport
  • src port

sourceProcessId

spid

sourceProcessName

sproc

sourceTranslatedAddress

source translated ip

sourceUserId

suid

sourceuserName
  • suser
  • src user
  • source user
  • src usr

sourceUserPrivileges

spriv

startTime

start

transportProtocol

proto