Numeric description of capacity (for example, disk size). Size is best thought of as a limit rather than a current measurement. Use Amount for non-specific measurements.
Data Type
Double
Aliases
|
Use |
Alias |
|---|---|
|
Client Console Full Name |
Size |
|
Client Console Short Name |
Size |
|
Web Console Tab/Name |
Size |
|
Elasticsearch Field Name |
size |
|
Rule Builder Column Name |
Size |
|
Regex Pattern |
<size> |
|
NetMon Name |
Not applicable |
Field Relationships
-
Amount
-
Quantity
-
Rate
-
[prefix]Bytes
Common Applications
-
IT Operations (drive size)
-
CPU usage (for example, threshold limit on a CPU alert)
Use Case
Used in conjunction with other numeric tags such as bytes or megabytes, can show a disk capacity (<size>) and the usage in <megabytes>.
MPE/Data Masking Manipulations
Not applicable.
Usage Standards
-
Use size for capacity measures, use quantity, amount, or [prefix]bytes for measuring current value.
-
If there is no label to an explicit size in the log, use <size> when the value is an integer.
Examples
-
Threat Defense
07 18 2015 23:30:02 1.1.1.1 <LOC6:INFO> Jul 18 23:30:02 ATD-3000 ATD2ESM[26906]: {"CPU Alert": {"CPU Usage":83.7, "CPU Threshold":75.0}}
Size could be based on the CPU Threshold. Amount could be used for the CPU Usage.