[prefix] [Bits/Bytes] [blank/In/Out]
Parsing fields for the size in bytes of the object described in the log.
- bitsin
- bitsout
- bytesin
- bytesout
- kilobitsin
- kilobitsout
- kilobytesin
- kilobytesout
- megabitsin
- megabitsout
- megabytein
- megabyteout
- gigabitsin
- gigabitsout
- gigabytein
- gigabyteout
- terabitsin
- terabitsout
- terabytesin
- terabytesout
- petabitsin
- petabitsout
- petabytesin
- petabytesout
Data Type
Double
Aliases
| Use | Alias |
|---|---|
Client Console Full Name | Various |
Client Console Short Name | Various |
Web Console Tab/Name | Various |
Elasticsearch Field Name | Various |
Rule Builder Column Name | Various |
Regex Pattern | Various |
NetMon Name | Various |
Field Relationships
Kbytes tab in the Web Console.
Common Applications
- Network flows
- File sizes
Use Case
Anything measurable in terms of bytes/bits.
MPE/Data Masking Manipulations
Normalized to bytes.
Usage Standards
- Only use once per log (enforced by Super User console).
- Use whichever prefex is the best possible match and let the MPE do the conversion.
Examples
- SQLServer 2012 Error Log
2013-08-01 14:13:23.35 Server Detected 3839 MB of RAM. This is an informational message; no user action is required.
Parse 3839 into MegaBytes.
- Adtran Switch
05 10 2014 22:23:57 1.1.1.1 <KERN:INFO> May 10 22:23:54 bbq22222 FIREWALL: id=firewall time="2014-05-10 22:23:54" fw=BBQ2222 pri=6 rule=23 proto=53/udp src=1.1.1.1 dst=1.1.1.1 msg="Connection timed out.Bytes transferred : 228 Src 62725 Dst 53 from Private policy-class on interface vlan 1" agent=AdFirewall
Indicating 228 bytes transferred out.
- BlackBerry Enterprise Server
<2013-03-28 15:32:39.268 EDT>:[20945]:<BBQ-BES01_1>:<INFO >:<LAYER = IPPP, DEVICEPIN = 2ab20a5d, DOMAINNAME = USABLDRRECFLOW01, CONNECTION_TYPE = DEVICE_CONN, ConnectionId = 1374706373, DURATION(ms) = 7465, MFH_KBytes = 3.479, MTH_KBytes = 2.946, MFH_PACKET_COUNT = 7, MTH_PACKET_COUNT = 5>
MFH is Kbytesout MTH is KBytesIn.