Change log for PING_DIRECTORY
| Date | Changes |
|---|---|
| 2025-10-31 | - event.idm.read_only_udm.principal.hostname, event.idm.read_only_udm.principal.asset.hostname: Removed mapping of `prin_host` from `event.idm.read_only_udm.principal.hostname` and `event.idm.read_only_udm.principal.asset.hostname` UDM field as the host running the directory server `prin_host` is the target of requests coming from client `requesterIP`.
- event.idm.read_only_udm.target.hostname, event.idm.read_only_udm.target.asset.hostname: Mapped `prin_host` raw log field to `event.idm.read_only_udm.target.hostname` and `event.idm.read_only_udm.target.asset.hostname` UDM field as the host running the directory server `prin_host` is the target of requests coming from client `requesterIP`. - event.idm.read_only_udm.metadata.product_event_type: Newly mapped `prod_event_type` raw log field with `event.idm.read_only_udm.metadata.product_event_type` UDM field. - The grok pattern for message was updated to extract `prod_event_type` and handle variations in key-value data starting with either `requesterIP=` or `product=.`. |
| 2025-03-05 | - Mapped "product_event" to "metadata.product_event_type".
- Mapped "administrativeOperation" to "metadata.description". - Mapped "fromAddress" to "principal.ip" and "principal.asset.ip". - Mapped "toAddress" to "target.ip" and "target.asset.ip". - Added support to parse new types of logs. |
| 2024-11-19 | - Newly created parser.
|