You are viewing docs on Elastic's new documentation system, currently in technical preview. For all other Elastic docs, visit elastic.co/guide.

Infoblox BloxOne DDI

Collect logs from Infoblox BloxOne DDI with Elastic Agent.

Version
1.17.0 (View all)
Compatible Kibana version(s)
8.12.0 or higher
Supported Serverless project types

Security
Observability
Subscription level
Basic
Level of support
Elastic

The Infoblox BloxOne DDI integration allows you to monitor DNS, DHCP and IP address management activity. DDI is the foundation of core network services that enables all communications over an IP-based network.

Use the Infoblox BloxOne DDI integration to collects and parses data from the REST APIs and then visualize that data in Kibana.

Data streams

The Infoblox BloxOne DDI integration collects logs for three types of events: DHCP lease, DNS data and DNS config.

DHCP Lease is a Infoblox BloxOne DDI service that stores information about leases. See more details about its API here.

DNS Config is a Infoblox BloxOne DDI service that provides cloud-based DNS configuration with on-prem host serving DNS protocol. See more details about its API here.

DNS Data is a Infoblox BloxOne DDI service providing primary authoritative zone support. DNS Data is authoritative for all DNS resource records and is acting as a primary DNS server. See more details about its API here.

Requirements

You need Elasticsearch for storing and searching your data and Kibana for visualizing and managing it. You can use our hosted Elasticsearch Service on Elastic Cloud, which is recommended, or self-manage the Elastic Stack on your own hardware.

This module has been tested against Infoblox BloxOne DDI API (v1).

Setup

To collect data from Infoblox BloxOne DDI APIs, the user must have API Key. To create an API key follow the below steps:

  1. Log on to the Cloud Services Portal.
  2. Go to <User_Name> -> User Profile.
  3. Go to User API Keys page.
  4. Click Create to create a new API key. Specify the following:
    • Name: Specify the name of the key.
    • Expires at: Specify the expiry.
  5. Click Save & Close. The API Access Key Generated dialog is shown.
  6. Click Copy.

Enabling the integration in Elastic

  1. In Kibana go to Management > Integrations.
  2. In the "Search for integrations" search bar, type Infoblox BloxOne DDI.
  3. Click on Infoblox BloxOne DDI integration from the search results.
  4. Click on Add Infoblox BloxOne DDI button to add Infoblox BloxOne DDI integration.
  5. Enable the Integration to collect logs via API.

Logs Reference

dhcp_lease

This is the dhcp_lease dataset.

Example

An example event for dhcp_lease looks as following:

{
    "@timestamp": "2022-07-11T11:51:15.417Z",
    "agent": {
        "ephemeral_id": "2012f3f7-49dc-4448-bb3b-60ba7ba8a293",
        "hostname": "docker-fleet-agent",
        "id": "e0bb9c9c-c3ad-47d7-882c-5fff0f458160",
        "name": "docker-fleet-agent",
        "type": "filebeat",
        "version": "7.17.0"
    },
    "client": {
        "user": {
            "id": "abc3212abc"
        }
    },
    "data_stream": {
        "dataset": "infoblox_bloxone_ddi.dhcp_lease",
        "namespace": "ep",
        "type": "logs"
    },
    "ecs": {
        "version": "8.11.0"
    },
    "elastic_agent": {
        "id": "e0bb9c9c-c3ad-47d7-882c-5fff0f458160",
        "snapshot": false,
        "version": "7.17.0"
    },
    "event": {
        "agent_id_status": "verified",
        "category": [
            "network"
        ],
        "created": "2022-11-21T10:35:16.397Z",
        "dataset": "infoblox_bloxone_ddi.dhcp_lease",
        "end": "2022-07-11T11:51:15.417Z",
        "ingested": "2022-11-21T10:35:19Z",
        "kind": "event",
        "original": "{\"address\":\"81.2.69.192\",\"client_id\":\"abc3212abc\",\"ends\":\"2022-07-11T11:51:15.417Z\",\"fingerprint\":\"ab3213cbabab/abc23bca\",\"fingerprint_processed\":\"12abca32bca32abcd\",\"ha_group\":\"abc321cdcbda321\",\"hardware\":\"00:00:5E:00:53:00\",\"host\":\"admin\",\"hostname\":\"Host1\",\"iaid\":0,\"last_updated\":\"2022-07-11T11:51:15.417Z\",\"options\":{\"message\":\"Hello\"},\"preferred_lifetime\":\"2022-07-11T11:51:15.417Z\",\"protocol\":\"ip4\",\"space\":\"DHCP lease Space\",\"starts\":\"2022-07-14T11:51:15.417Z\",\"state\":\"used\",\"type\":\"DHCP lease Type\"}",
        "start": "2022-07-14T11:51:15.417Z",
        "type": [
            "protocol"
        ]
    },
    "host": {
        "hostname": "Host1",
        "name": "admin"
    },
    "infoblox_bloxone_ddi": {
        "dhcp_lease": {
            "address": "81.2.69.192",
            "client_id": "abc3212abc",
            "ends": "2022-07-11T11:51:15.417Z",
            "fingerprint": {
                "processed": "12abca32bca32abcd",
                "value": "ab3213cbabab/abc23bca"
            },
            "ha_group": "abc321cdcbda321",
            "hardware": "00-00-5E-00-53-00",
            "host": "admin",
            "hostname": "Host1",
            "iaid": 0,
            "last_updated": "2022-07-11T11:51:15.417Z",
            "options": {
                "message": "Hello"
            },
            "preferred_lifetime": "2022-07-11T11:51:15.417Z",
            "protocol": "ipv4",
            "space": "DHCP lease Space",
            "starts": "2022-07-14T11:51:15.417Z",
            "state": "used",
            "type": "DHCP lease Type"
        }
    },
    "input": {
        "type": "httpjson"
    },
    "network": {
        "type": "ipv4"
    },
    "related": {
        "hosts": [
            "admin",
            "Host1"
        ],
        "ip": [
            "81.2.69.192"
        ]
    },
    "tags": [
        "preserve_original_event",
        "preserve_duplicate_custom_fields",
        "forwarded",
        "infoblox_bloxone_ddi-dhcp_lease"
    ]
}

Exported fields

FieldDescriptionType
@timestamp
Event timestamp.
date
client.user.id
Unique identifier of the user.
keyword
cloud.account.id
The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.
keyword
cloud.availability_zone
Availability zone in which this host is running.
keyword
cloud.image.id
Image ID for the cloud instance.
keyword
cloud.instance.id
Instance ID of the host machine.
keyword
cloud.instance.name
Instance name of the host machine.
keyword
cloud.machine.type
Machine type of the host machine.
keyword
cloud.project.id
Name of the project in Google Cloud.
keyword
cloud.provider
Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean.
keyword
cloud.region
Region in which this host is running.
keyword
container.id
Unique container id.
keyword
container.image.name
Name of the image the container was built on.
keyword
container.labels
Image labels.
object
container.name
Container name.
keyword
data_stream.dataset
Data stream dataset.
constant_keyword
data_stream.namespace
Data stream namespace.
constant_keyword
data_stream.type
Data stream type.
constant_keyword
ecs.version
ECS version this event conforms to. ecs.version is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events.
keyword
event.category
This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. event.category represents the "big buckets" of ECS categories. For example, filtering on event.category:process yields all events relating to process activity. This field is closely related to event.type, which is used as a subcategory. This field is an array. This will allow proper categorization of some events that fall in multiple categories.
keyword
event.created
event.created contains the date/time when the event was first read by an agent, or by your pipeline. This field is distinct from @timestamp in that @timestamp typically contain the time extracted from the original event. In most situations, these two timestamps will be slightly different. The difference can be used to calculate the delay between your source generating an event, and the time when your agent first processed it. This can be used to monitor your agent's or pipeline's ability to keep up with your event source. In case the two timestamps are identical, @timestamp should be used.
date
event.dataset
Event dataset.
constant_keyword
event.end
event.end contains the date when the event ended or when the activity was last observed.
date
event.kind
This is one of four ECS Categorization Fields, and indicates the highest level in the ECS category hierarchy. event.kind gives high-level information about what type of information the event contains, without being specific to the contents of the event. For example, values of this field distinguish alert events from metric events. The value of this field can be used to inform how these kinds of events should be handled. They may warrant different retention, different access control, it may also help understand whether the data is coming in at a regular interval or not.
keyword
event.module
Event module.
constant_keyword
event.original
Raw text message of entire event. Used to demonstrate log integrity or where the full log message (before splitting it up in multiple parts) may be required, e.g. for reindex. This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from _source. If users wish to override this and index this field, please see Field data types in the Elasticsearch Reference.
keyword
event.start
event.start contains the date when the event started or when the activity was first observed.
date
event.type
This is one of four ECS Categorization Fields, and indicates the third level in the ECS category hierarchy. event.type represents a categorization "sub-bucket" that, when used along with the event.category field values, enables filtering events down to a level appropriate for single visualization. This field is an array. This will allow proper categorization of some events that fall in multiple event types.
keyword
host.architecture
Operating system architecture.
keyword
host.containerized
If the host is a container.
boolean
host.domain
Name of the domain of which the host is a member. For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider.
keyword
host.hostname
Hostname of the host. It normally contains what the hostname command returns on the host machine.
keyword
host.id
Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of beat.name.
keyword
host.ip
Host ip addresses.
ip
host.mac
Host mac addresses.
keyword
host.name
Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host.
keyword
host.os.build
OS build information.
keyword
host.os.codename
OS codename, if any.
keyword
host.os.family
OS family (such as redhat, debian, freebsd, windows).
keyword
host.os.kernel
Operating system kernel version as a raw string.
keyword
host.os.name
Operating system name, without the version.
keyword
host.os.name.text
Multi-field of host.os.name.
text
host.os.platform
Operating system platform (such centos, ubuntu, windows).
keyword
host.os.version
Operating system version as a raw string.
keyword
host.type
Type of host. For Cloud providers this can be the machine type like t2.medium. If vm, this could be the container, for example, or other information meaningful in your environment.
keyword
infoblox_bloxone_ddi.dhcp_lease.address
The IP address of the DHCP lease in the format "a.b.c.d". This address will be marked as leased in IPAM while the lease exists.
ip
infoblox_bloxone_ddi.dhcp_lease.client_id
The client ID of the DHCP lease. It might be empty.
keyword
infoblox_bloxone_ddi.dhcp_lease.ends
The time when the DHCP lease will expire.
date
infoblox_bloxone_ddi.dhcp_lease.fingerprint.processed
Indicates if the DHCP lease has been fingerprinted.
keyword
infoblox_bloxone_ddi.dhcp_lease.fingerprint.value
The DHCP fingerprint of the lease.
keyword
infoblox_bloxone_ddi.dhcp_lease.ha_group
The resource identifier.
keyword
infoblox_bloxone_ddi.dhcp_lease.hardware
The hardware address of the DHCP lease. This specifies the MAC address of the network interface on which the lease will be used. It consists of six groups of two hex digits in lower-case separated by colons. For example, "aa:bb:cc:dd:ee:ff".
keyword
infoblox_bloxone_ddi.dhcp_lease.host
The resource identifier.
keyword
infoblox_bloxone_ddi.dhcp_lease.hostname
The client hostname of the DHCP lease. This specifies the host name that the DHCP client sends to the DHCP server using DHCP option 12. It is a fully qualified domain name, consisting of a series of labels separated by dots. For example, "www.infoblox.com". It might be empty.
keyword
infoblox_bloxone_ddi.dhcp_lease.iaid
Identity Association Identifier (IAID) of the lease. Applicable only for DHCPv6.
long
infoblox_bloxone_ddi.dhcp_lease.last_updated
The time when the DHCP lease was last updated.
date
infoblox_bloxone_ddi.dhcp_lease.options
The DHCP options of the lease in JSON format.
flattened
infoblox_bloxone_ddi.dhcp_lease.preferred_lifetime
The preferred time when the DHCP lease should expire. Applicable only for DHCPv6.
date
infoblox_bloxone_ddi.dhcp_lease.protocol
Lease protocol type.
keyword
infoblox_bloxone_ddi.dhcp_lease.space
The resource identifier.
keyword
infoblox_bloxone_ddi.dhcp_lease.starts
The time when the DHCP lease was issued.
date
infoblox_bloxone_ddi.dhcp_lease.state
The state of the DHCP lease.
keyword
infoblox_bloxone_ddi.dhcp_lease.type
Lease type.
keyword
input.type
Input type
keyword
log.offset
Log offset
long
network.type
In the OSI Model this would be the Network Layer. ipv4, ipv6, ipsec, pim, etc The field value must be normalized to lowercase for querying.
keyword
related.hosts
All hostnames or other host identifiers seen on your event. Example identifiers include FQDNs, domain names, workstation names, or aliases.
keyword
related.ip
All of the IPs seen on your event.
ip
tags
List of keywords used to tag each event.
keyword

dns_config

This is the dns_config dataset.

Example

An example event for dns_config looks as following:

{
    "@timestamp": "2022-07-15T06:55:25.978Z",
    "agent": {
        "ephemeral_id": "b27c2d34-9c98-4383-9177-e1181be3de40",
        "hostname": "docker-fleet-agent",
        "id": "e0bb9c9c-c3ad-47d7-882c-5fff0f458160",
        "name": "docker-fleet-agent",
        "type": "filebeat",
        "version": "7.17.0"
    },
    "data_stream": {
        "dataset": "infoblox_bloxone_ddi.dns_config",
        "namespace": "ep",
        "type": "logs"
    },
    "dns": {
        "answers": {
            "ttl": 350
        }
    },
    "ecs": {
        "version": "8.11.0"
    },
    "elastic_agent": {
        "id": "e0bb9c9c-c3ad-47d7-882c-5fff0f458160",
        "snapshot": false,
        "version": "7.17.0"
    },
    "event": {
        "agent_id_status": "verified",
        "category": [
            "network"
        ],
        "created": "2022-07-15T06:55:25.978Z",
        "dataset": "infoblox_bloxone_ddi.dns_config",
        "id": "adv12rgfh",
        "ingested": "2022-11-21T10:36:06Z",
        "kind": "event",
        "original": "{\"add_edns_option_in_outgoing_query\":true,\"comment\":\"DNS Config Comment\",\"created_at\":\"2022-07-15T06:55:25.978Z\",\"custom_root_ns\":[{\"address\":\"81.2.69.192\",\"fqdn\":\"custom fqdn\",\"protocol_fqdn\":\"custom protocol fqdn\"}],\"custom_root_ns_enabled\":true,\"disabled\":true,\"dnssec_enable_validation\":true,\"dnssec_enabled\":true,\"dnssec_root_keys\":[{\"algorithm\":30,\"protocol_zone\":\"Dnssec root protocol zone\",\"public_key\":\"Dnssec root Public Key\",\"sep\":true,\"zone\":\"Dnssec root Zone\"}],\"dnssec_trust_anchors\":[{\"algorithm\":10,\"protocol_zone\":\"Dnssec trust protocol zone\",\"public_key\":\"Dnssec trust Public Key\",\"sep\":true,\"zone\":\"Dnssec trust zone\"}],\"dnssec_validate_expiry\":true,\"ecs_enabled\":true,\"ecs_forwarding\":true,\"ecs_prefix_v4\":22,\"ecs_prefix_v6\":33,\"ecs_zones\":[{\"access\":\"ecs zones access\",\"fqdn\":\"ecs zones fqdn\",\"protocol_fqdn\":\"ecs zones protocol fqdn\"}],\"edns_udp_size\":568,\"forwarders\":[{\"address\":\"81.2.69.192\",\"fqdn\":\"forwarders fqdn\",\"protocol_fqdn\":\"forwarders protocol fqdn\"}],\"forwarders_only\":true,\"gss_tsig_enabled\":true,\"id\":\"adv12rgfh\",\"inheritance_sources\":{\"add_edns_option_in_outgoing_query\":{\"action\":\"inherit\",\"display_name\":\"displaynameadd_edns_option_in_outgoing_query\",\"source\":\"sourceadd_edns_option_in_outgoing_query\",\"value\":true},\"custom_root_ns_block\":{\"action\":\"override\",\"display_name\":\"displaynamecustom_root_ns_block\",\"source\":\"sourcecustom_root_ns_block\",\"value\":{\"custom_root_ns\":[{\"address\":\"67.43.156.0\",\"fqdn\":\"fqdn_custom_root_ns\",\"protocol_fqdn\":\"protocolfqdn_custom_root_ns\"}],\"custom_root_ns_enabled\":true}},\"dnssec_validation_block\":{\"action\":\"inherit\",\"display_name\":\"displaynamednssec_validation_block\",\"source\":\"sourcednssec_validation_block\",\"value\":{\"dnssec_enable_validation\":true,\"dnssec_enabled\":true,\"dnssec_trust_anchors\":[{\"algorithm\":8,\"protocol_zone\":\"protocolzonednssec_trust_anchors\",\"public_key\":\"publickeydnssec_trust_anchors\",\"sep\":false,\"zone\":\"is3zone\"}],\"dnssec_validate_expiry\":true}},\"ecs_block\":{\"action\":\"inherit\",\"display_name\":\"displaynameecs_block\",\"source\":\"sourceecs_block\",\"value\":{\"ecs_enabled\":false,\"ecs_forwarding\":true,\"ecs_prefix_v4\":4,\"ecs_prefix_v6\":10,\"ecs_zones\":[{\"access\":\"inherit\",\"fqdn\":\"fqdnecs_block\",\"protocol_fqdn\":\"protocol_fqdnecs_block\"}]}},\"ecs_zones\":{\"action\":\"override\",\"display_name\":\"displaynameecs_zones\",\"source\":\"sourceecs_zones\",\"value\":{\"ecs_enabled\":false,\"ecs_forwarding\":true,\"ecs_prefix_v4\":4,\"ecs_prefix_v6\":12,\"ecs_zones\":[{\"access\":\"access_ecs_zones\",\"fqdn\":\"fqdn_ecs_zones\",\"protocol_fqdn\":\"protocolfqdn_ecs_zones\"}]}},\"edns_udp_size\":{\"action\":\"inherit\",\"display_name\":\"displaynameedns_udp_size\",\"source\":\"sourceedns_udp_size\",\"value\":55},\"forwarders_block\":{\"action\":\"inherit\",\"display_name\":\"displaynameforwarders_block\",\"source\":\"sourceforwarders_block\",\"value\":{\"forwarders\":[{\"address\":\"89.160.20.128\",\"fqdn\":\"forwarders_fqdn\",\"protocol_fqdn\":\"forwarders_protocolfqdn\"}],\"forwarders_only\":true}},\"gss_tsig_enabled\":{\"action\":\"inherit\",\"display_name\":\"displaynamegss_tsig_enabled\",\"source\":\"sourcegss_tsig_enabled\",\"value\":true},\"lame_ttl\":{\"action\":\"inherit\",\"display_name\":\"displaynamelame_ttl\",\"source\":\"sourcelame_ttl\",\"value\":45},\"match_recursive_only\":{\"action\":\"inherit\",\"display_name\":\"displaynamematch_recursive_only\",\"source\":\"sourcematch_recursive_only\",\"value\":false},\"max_cache_ttl\":{\"action\":\"inherit\",\"display_name\":\"displaynamemax_cache_ttl\",\"source\":\"sourcemax_cache_ttl\",\"value\":13},\"max_negative_ttl\":{\"action\":\"inherit\",\"display_name\":\"displaynamemax_negative_ttl\",\"source\":\"sourcemax_negative_ttl\",\"value\":12},\"max_udp_size\":{\"action\":\"inherit\",\"display_name\":\"displaynamemax_udp_size\",\"source\":\"sourcemax_udp_size\",\"value\":11},\"minimal_responses\":{\"action\":\"inherit\",\"display_name\":\"displaynameminimal_responses\",\"source\":\"sourceminimal_responses\",\"value\":true},\"notify\":{\"action\":\"inherit\",\"display_name\":\"displayname_notify\",\"source\":\"source_notify\",\"value\":true},\"query_acl\":{\"action\":\"override\",\"display_name\":\"displaynamequery_acl\",\"source\":\"sourcequery_acl\",\"value\":[{\"access\":\"allow\",\"acl\":\"aclvalue_query_acl\",\"address\":\"89.160.20.128\",\"element\":\"elementvaluequery_acl\",\"tsig_key\":{\"algorithm\":\"hmac_sha256\",\"comment\":\"commentquery_acl\",\"key\":\"keyquery_acl\",\"name\":\"namequery_acl\",\"protocol_name\":\"protocolname_query_acl\",\"secret\":\"secretquery_acl\"}}]},\"recursion_acl\":{\"action\":\"override\",\"display_name\":\"displaynamerecursion_acl\",\"source\":\"sourcerecursion_acl\",\"value\":[{\"access\":\"deny\",\"acl\":\"aclrecursion_acl\",\"address\":\"89.160.20.128\",\"element\":\"elementrecursion_acl\",\"tsig_key\":{\"algorithm\":\"hmac_sha384\",\"comment\":\"commentrecursion_acl\",\"key\":\"keyrecursion_acl\",\"name\":\"namerecursion_acl\",\"protocol_name\":\"protocolnamerecursion_acl\",\"secret\":\"secretrecursion_acl\"}}]},\"recursion_enabled\":{\"action\":\"inherit\",\"display_name\":\"displaynamerecursion_enabled\",\"source\":\"sourcerecursion_enabled\",\"value\":true},\"synthesize_address_records_from_https\":{\"action\":\"inherit\",\"display_name\":\"displaynamesynthesize_address_records_from_https\",\"source\":\"sourcesynthesize_address_records_from_https\",\"value\":true},\"transfer_acl\":{\"action\":\"inherit\",\"display_name\":\"displaynametransfer_acl\",\"source\":\"sourcetransfer_acl\",\"value\":[{\"access\":\"allow\",\"acl\":\"acltransfer_acl\",\"address\":\"216.160.83.56\",\"element\":\"elementtransfer_acl\",\"tsig_key\":{\"algorithm\":\"hmac_sha224\",\"comment\":\"commenttransfer_acl\",\"key\":\"keytransfer_acl\",\"name\":\"nametransfer_acl\",\"protocol_name\":\"protocolnametransfer_acl\",\"secret\":\"secrettransfer_acl\"}}]},\"update_acl\":{\"action\":\"override\",\"display_name\":\"displaynameupdate_acl\",\"source\":\"sourceupdate_acl\",\"value\":[{\"access\":\"allow\",\"acl\":\"aclupdate_acl\",\"address\":\"216.160.83.56\",\"element\":\"elementupdate_acl\",\"tsig_key\":{\"algorithm\":\"hmac_sha384\",\"comment\":\"commentupdate_acl\",\"key\":\"keyupdate_acl\",\"name\":\"nameupdate_acl\",\"protocol_name\":\"protocolnameupdate_acl\",\"secret\":\"secretupdate_acl\"}}]},\"use_forwarders_for_subzones\":{\"action\":\"override\",\"display_name\":\"displaynameuse_forwarders_for_subzones\",\"source\":\"sourceuse_forwarders_for_subzones\",\"value\":false},\"zone_authority\":{\"default_ttl\":{\"action\":\"override\",\"display_name\":\"displaynamezone_authority\",\"source\":\"sourcezone_authority\",\"value\":50},\"expire\":{\"action\":\"inherit\",\"display_name\":\"displaynameexpire\",\"source\":\"sourceexpire\",\"value\":70},\"mname_block\":{\"action\":\"inherit\",\"display_name\":\"displaynamemname_block\",\"source\":\"sourcemname_block\",\"value\":{\"mname\":\"mnamevaluemname_block\",\"protocol_mname\":\"protocolmnamemname_block\",\"use_default_mname\":true}},\"negative_ttl\":{\"action\":\"inherit\",\"display_name\":\"displaynamenegative_ttl\",\"source\":\"sourcenegative_ttl\",\"value\":90},\"protocol_rname\":{\"action\":\"inherit\",\"display_name\":\"displaynameprotocol_rname\",\"source\":\"sourceprotocol_rname\",\"value\":\"valueprotocol_rname\"},\"refresh\":{\"action\":\"inherit\",\"display_name\":\"displayname_refresh\",\"source\":\"source_refresh\",\"value\":40},\"retry\":{\"action\":\"inherit\",\"display_name\":\"displayname_retry\",\"source\":\"source_retry\",\"value\":570},\"rname\":{\"action\":\"inherit\",\"display_name\":\"displayname_rname\",\"source\":\"source_rname\",\"value\":\"value_rname\"}}},\"ip_spaces\":[\"testipspaces\"],\"lame_ttl\":350,\"match_clients_acl\":[{\"access\":\"deny\",\"acl\":\"aclmatch_clients_acl\",\"address\":\"81.2.69.192\",\"element\":\"elementmatch_clients_acl\",\"tsig_key\":{\"algorithm\":\"hmac_sha512\",\"comment\":\"commentmatch_clients_acl\",\"key\":\"keymatch_clients_acl\",\"name\":\"namematch_clients_acl\",\"protocol_name\":\"protocolnamematch_clients_acl\",\"secret\":\"secretmatch_clients_acl\"}}],\"match_destinations_acl\":[{\"access\":\"allow\",\"acl\":\"aclmatch_destinations_acl\",\"address\":\"81.2.69.192\",\"element\":\"elementmatch_destinations_acl\",\"tsig_key\":{\"algorithm\":\"hmac_sha384\",\"comment\":\"commentmatch_destinations_acl\",\"key\":\"keymatch_destinations_acl\",\"name\":\"namematch_destinations_acl\",\"protocol_name\":\"protocolnamematch_destinations_acl\",\"secret\":\"secretmatch_destinations_acl\"}}],\"match_recursive_only\":true,\"max_cache_ttl\":90,\"max_negative_ttl\":500,\"max_udp_size\":890,\"minimal_responses\":true,\"name\":\"string\",\"notify\":true,\"query_acl\":[{\"access\":\"accessquery_acl\",\"acl\":\"aclquery_acl\",\"address\":\"81.2.69.192\",\"element\":\"elementquery_acl\",\"tsig_key\":{\"algorithm\":\"hmac_sha224\",\"comment\":\"commentquery_acl\",\"key\":\"keyquery_acl\",\"name\":\"namequery_acl\",\"protocol_name\":\"protocolnamequery_acl\",\"secret\":\"secretquery_acl\"}}],\"recursion_acl\":[{\"access\":\"allow\",\"acl\":\"aclrecursion_acl\",\"address\":\"81.2.69.192\",\"element\":\"elementrecursion_acl\",\"tsig_key\":{\"algorithm\":\"hmac_sha1\",\"comment\":\"commentrecursion_acl\",\"key\":\"keyrecursion_acl\",\"name\":\"namerecursion_acl\",\"protocol_name\":\"protocolnamerecursion_acl\",\"secret\":\"secretrecursion_acl\"}}],\"recursion_enabled\":true,\"synthesize_address_records_from_https\":false,\"tags\":{\"message\":\"Hello\"},\"transfer_acl\":[{\"access\":\"allow\",\"acl\":\"acltransfer_acl\",\"address\":\"216.160.83.56\",\"element\":\"elementtransfer_acl\",\"tsig_key\":{\"algorithm\":\"hmac_sha224\",\"comment\":\"commenttransfer_acl\",\"key\":\"keytransfer_acl\",\"name\":\"nametransfer_acl\",\"protocol_name\":\"protocolnametransfer_acl\",\"secret\":\"secrettransfer_acl\"}}],\"update_acl\":[{\"access\":\"allow\",\"acl\":\"aclupdate_acl\",\"address\":\"216.160.83.56\",\"element\":\"elementupdate_acl\",\"tsig_key\":{\"algorithm\":\"hmac_sha1\",\"comment\":\"commentupdate_acl\",\"key\":\"keyupdate_acl\",\"name\":\"nameupdate_acl\",\"protocol_name\":\"protocolnameupdate_acl\",\"secret\":\"secretupdate_acl\"}}],\"updated_at\":\"2022-07-15T06:55:25.978Z\",\"use_forwarders_for_subzones\":true,\"zone_authority\":{\"default_ttl\":20,\"expire\":10,\"mname\":\"mnamezone_authority\",\"negative_ttl\":30,\"protocol_mname\":\"protocolmnamezone_authority\",\"protocol_rname\":\"protocolrnamezone_authority\",\"refresh\":50,\"retry\":100,\"rname\":\"string\",\"use_default_mname\":true}}",
        "type": [
            "protocol"
        ]
    },
    "infoblox_bloxone_ddi": {
        "dns_config": {
            "add_edns": {
                "option_in": {
                    "outgoing_query": true
                }
            },
            "comment": "DNS Config Comment",
            "created_at": "2022-07-15T06:55:25.978Z",
            "custom_root_ns": [
                {
                    "address": "81.2.69.192",
                    "fqdn": "custom fqdn",
                    "protocol": {
                        "fqdn": "custom protocol fqdn"
                    }
                }
            ],
            "custom_root_ns_enabled": true,
            "disabled": true,
            "dnssec": {
                "enable_validation": true,
                "enabled": true,
                "root_keys": [
                    {
                        "algorithm": 30,
                        "protocol": {
                            "zone": "Dnssec root protocol zone"
                        },
                        "public": "Dnssec root Public Key",
                        "sep": true,
                        "zone": "Dnssec root Zone"
                    }
                ],
                "trust_anchors": [
                    {
                        "algorithm": 10,
                        "protocol": {
                            "zone": "Dnssec trust protocol zone"
                        },
                        "public_key": "Dnssec trust Public Key",
                        "sep": true,
                        "zone": "Dnssec trust zone"
                    }
                ],
                "validate_expiry": true
            },
            "ecs": {
                "enabled": true,
                "forwarding": true,
                "prefix_v4": 22,
                "prefix_v6": 33,
                "zones": [
                    {
                        "access": "ecs zones access",
                        "fqdn": "ecs zones fqdn",
                        "protocol": {
                            "fqdn": "ecs zones protocol fqdn"
                        }
                    }
                ]
            },
            "edns": {
                "udp": {
                    "size": 568
                }
            },
            "forwarders": [
                {
                    "address": "81.2.69.192",
                    "fqdn": "forwarders fqdn",
                    "protocol": {
                        "fqdn": "forwarders protocol fqdn"
                    }
                }
            ],
            "forwarders_only": true,
            "gss_tsig_enabled": true,
            "id": "adv12rgfh",
            "inheritance": {
                "sources": {
                    "add_edns": {
                        "option_in": {
                            "outgoing_query": {
                                "action": "inherit",
                                "display": {
                                    "name": "displaynameadd_edns_option_in_outgoing_query"
                                },
                                "source": "sourceadd_edns_option_in_outgoing_query",
                                "value": true
                            }
                        }
                    },
                    "custom_root_ns": {
                        "block": {
                            "action": "override",
                            "display": {
                                "name": "displaynamecustom_root_ns_block"
                            },
                            "source": "sourcecustom_root_ns_block",
                            "value": [
                                {
                                    "address": "67.43.156.0",
                                    "fqdn": "fqdn_custom_root_ns",
                                    "protocol": {
                                        "fqdn": "protocolfqdn_custom_root_ns"
                                    }
                                }
                            ],
                            "value_enabled": true
                        }
                    },
                    "dnssec": {
                        "validation": {
                            "block": {
                                "action": "inherit",
                                "display": {
                                    "name": "displaynamednssec_validation_block"
                                },
                                "source": "sourcednssec_validation_block",
                                "value": {
                                    "enable": true,
                                    "enabled": true,
                                    "trust_anchors": [
                                        {
                                            "algorithm": 8,
                                            "protocol": {
                                                "zone": "protocolzonednssec_trust_anchors"
                                            },
                                            "public_key": "publickeydnssec_trust_anchors",
                                            "sep": false,
                                            "zone": "is3zone"
                                        }
                                    ],
                                    "validate_expiry": true
                                }
                            }
                        }
                    },
                    "ecs": {
                        "block": {
                            "action": "inherit",
                            "display": {
                                "name": "displaynameecs_block"
                            },
                            "source": "sourceecs_block",
                            "value": {
                                "enabled": false,
                                "forwarding": true,
                                "prefix_v4": 4,
                                "prefix_v6": 10,
                                "zones": [
                                    {
                                        "access": "inherit",
                                        "fqdn": "fqdnecs_block",
                                        "protocol": {
                                            "fqdn": "protocol_fqdnecs_block"
                                        }
                                    }
                                ]
                            }
                        }
                    },
                    "edns": {
                        "udp": {
                            "size": {
                                "action": "inherit",
                                "display": {
                                    "name": "displaynameedns_udp_size"
                                },
                                "source": "sourceedns_udp_size",
                                "value": 55
                            }
                        }
                    },
                    "forwarders": {
                        "block": {
                            "action": "inherit",
                            "display": {
                                "name": "displaynameforwarders_block"
                            },
                            "source": "sourceforwarders_block",
                            "value": [
                                {
                                    "address": "89.160.20.128",
                                    "fqdn": "forwarders_fqdn",
                                    "protocol": {
                                        "fqdn": "forwarders_protocolfqdn"
                                    }
                                }
                            ],
                            "value_only": true
                        }
                    },
                    "gss_tsig_enabled": {
                        "action": "inherit",
                        "display": {
                            "name": "displaynamegss_tsig_enabled"
                        },
                        "source": "sourcegss_tsig_enabled",
                        "value": true
                    },
                    "lame_ttl": {
                        "action": "inherit",
                        "display": {
                            "name": "displaynamelame_ttl"
                        },
                        "source": "sourcelame_ttl",
                        "value": 45
                    },
                    "match_recursive_only": {
                        "action": "inherit",
                        "display": {
                            "name": "displaynamematch_recursive_only"
                        },
                        "source": "sourcematch_recursive_only",
                        "value": false
                    },
                    "max_cache_ttl": {
                        "action": "inherit",
                        "display": {
                            "name": "displaynamemax_cache_ttl"
                        },
                        "source": "sourcemax_cache_ttl",
                        "value": 13
                    },
                    "max_negative_ttl": {
                        "action": "inherit",
                        "display": {
                            "name": "displaynamemax_negative_ttl"
                        },
                        "source": "sourcemax_negative_ttl",
                        "value": 12
                    },
                    "max_udp_size": {
                        "action": "inherit",
                        "display": {
                            "name": "displaynamemax_udp_size"
                        },
                        "source": "sourcemax_udp_size",
                        "value": 11
                    },
                    "minimal_responses": {
                        "action": "inherit",
                        "display": {
                            "name": "displaynameminimal_responses"
                        },
                        "source": "sourceminimal_responses",
                        "value": true
                    },
                    "notify": {
                        "action": "inherit",
                        "display": {
                            "name": "displayname_notify"
                        },
                        "source": "source_notify",
                        "value": true
                    },
                    "query_acl": {
                        "action": "override",
                        "display": {
                            "name": "displaynamequery_acl"
                        },
                        "source": "sourcequery_acl",
                        "value": [
                            {
                                "access": "allow",
                                "acl": "aclvalue_query_acl",
                                "address": "89.160.20.128",
                                "element": "elementvaluequery_acl",
                                "tsig_key": {
                                    "algorithm": "hmac_sha256",
                                    "comment": "commentquery_acl",
                                    "key": "keyquery_acl",
                                    "name": "namequery_acl",
                                    "protocol": {
                                        "name": "protocolname_query_acl"
                                    },
                                    "secret": "secretquery_acl"
                                }
                            }
                        ]
                    },
                    "recursion_acl": {
                        "action": "override",
                        "display": {
                            "name": "displaynamerecursion_acl"
                        },
                        "source": "sourcerecursion_acl",
                        "value": [
                            {
                                "access": "deny",
                                "acl": "aclrecursion_acl",
                                "address": "89.160.20.128",
                                "element": "elementrecursion_acl",
                                "tsig_key": {
                                    "algorithm": "hmac_sha384",
                                    "comment": "commentrecursion_acl",
                                    "key": "keyrecursion_acl",
                                    "name": "namerecursion_acl",
                                    "protocol": {
                                        "name": "protocolnamerecursion_acl"
                                    },
                                    "secret": "secretrecursion_acl"
                                }
                            }
                        ]
                    },
                    "recursion_enabled": {
                        "action": "inherit",
                        "display": {
                            "name": "displaynamerecursion_enabled"
                        },
                        "source": "sourcerecursion_enabled",
                        "value": true
                    },
                    "synthesize": {
                        "address_records_from_https": {
                            "action": "inherit",
                            "display": {
                                "name": "displaynamesynthesize_address_records_from_https"
                            },
                            "name": "sourcesynthesize_address_records_from_https",
                            "value": true
                        }
                    },
                    "transfer_acl": {
                        "action": "inherit",
                        "display": {
                            "name": "displaynametransfer_acl"
                        },
                        "source": "sourcetransfer_acl",
                        "value": [
                            {
                                "access": "allow",
                                "acl": "acltransfer_acl",
                                "address": "216.160.83.56",
                                "element": "elementtransfer_acl",
                                "tsig_key": {
                                    "algorithm": "hmac_sha224",
                                    "comment": "commenttransfer_acl",
                                    "key": "keytransfer_acl",
                                    "name": "nametransfer_acl",
                                    "protocol": {
                                        "name": "protocolnametransfer_acl"
                                    },
                                    "secret": "secrettransfer_acl"
                                }
                            }
                        ]
                    },
                    "update_acl": {
                        "action": "override",
                        "display": {
                            "name": "displaynameupdate_acl"
                        },
                        "source": "sourceupdate_acl",
                        "value": [
                            {
                                "access": "allow",
                                "acl": "aclupdate_acl",
                                "address": "216.160.83.56",
                                "element": "elementupdate_acl",
                                "tsig_key": {
                                    "algorithm": "hmac_sha384",
                                    "comment": "commentupdate_acl",
                                    "key": "keyupdate_acl",
                                    "name": "nameupdate_acl",
                                    "protocol": {
                                        "name": "protocolnameupdate_acl"
                                    },
                                    "secret": "secretupdate_acl"
                                }
                            }
                        ]
                    },
                    "use_forwarders_for_subzones": {
                        "action": "override",
                        "display": {
                            "name": "displaynameuse_forwarders_for_subzones"
                        },
                        "source": "sourceuse_forwarders_for_subzones",
                        "value": false
                    },
                    "zone_authority": {
                        "default_ttl": {
                            "action": "override",
                            "display": {
                                "name": "displaynamezone_authority"
                            },
                            "source": "sourcezone_authority",
                            "value": 50
                        },
                        "expire": {
                            "action": "inherit",
                            "display": {
                                "name": "displaynameexpire"
                            },
                            "source": "sourceexpire",
                            "value": 70
                        },
                        "mname_block": {
                            "action": "inherit",
                            "display": {
                                "name": "displaynamemname_block"
                            },
                            "source": "sourcemname_block",
                            "value": {
                                "isdefault": true,
                                "protocol": {
                                    "mname": "protocolmnamemname_block"
                                }
                            }
                        },
                        "mname_block_value": "mnamevaluemname_block",
                        "negative_ttl": {
                            "action": "inherit",
                            "display": {
                                "name": "displaynamenegative_ttl"
                            },
                            "source": "sourcenegative_ttl",
                            "value": 90
                        },
                        "protocol_rname": {
                            "action": "inherit",
                            "display": {
                                "name": "displaynameprotocol_rname"
                            },
                            "source": "sourceprotocol_rname",
                            "value": "valueprotocol_rname"
                        },
                        "refresh": {
                            "action": "inherit",
                            "display": {
                                "name": "displayname_refresh"
                            },
                            "source": "source_refresh",
                            "value": 40
                        },
                        "retry": {
                            "action": "inherit",
                            "display": {
                                "name": "displayname_retry"
                            },
                            "source": "source_retry",
                            "value": 570
                        },
                        "rname": {
                            "action": "inherit",
                            "display": {
                                "name": "displayname_rname"
                            },
                            "source": "source_rname",
                            "value": "value_rname"
                        }
                    }
                }
            },
            "ip_spaces": [
                "testipspaces"
            ],
            "lame_ttl": 350,
            "match_clients_acl": [
                {
                    "access": "deny",
                    "address": "81.2.69.192",
                    "element": "elementmatch_clients_acl",
                    "tsig_key": {
                        "algorithm": "hmac_sha512",
                        "comment": "commentmatch_clients_acl",
                        "key": "keymatch_clients_acl",
                        "name": "namematch_clients_acl",
                        "protocol": {
                            "name": "protocolnamematch_clients_acl"
                        },
                        "secret": "secretmatch_clients_acl"
                    },
                    "value": "aclmatch_clients_acl"
                }
            ],
            "match_destinations_acl": [
                {
                    "access": "allow",
                    "address": "81.2.69.192",
                    "element": "elementmatch_destinations_acl",
                    "tsig_key": {
                        "algorithm": "hmac_sha384",
                        "comment": "commentmatch_destinations_acl",
                        "key": "keymatch_destinations_acl",
                        "name": "namematch_destinations_acl",
                        "protocol": {
                            "name": "protocolnamematch_destinations_acl"
                        },
                        "secret": "secretmatch_destinations_acl"
                    },
                    "value": "aclmatch_destinations_acl"
                }
            ],
            "match_recursive_only": true,
            "max_cache_ttl": 90,
            "max_negative_ttl": 500,
            "max_udp_size": 890,
            "minimal_responses": true,
            "name": "string",
            "notify": true,
            "query_acl": [
                {
                    "access": "accessquery_acl",
                    "address": "81.2.69.192",
                    "element": "elementquery_acl",
                    "tsig_key": {
                        "algorithm": "hmac_sha224",
                        "comment": "commentquery_acl",
                        "key": "keyquery_acl",
                        "name": "namequery_acl",
                        "protocol": {
                            "name": "protocolnamequery_acl"
                        },
                        "secret": "secretquery_acl"
                    },
                    "value": "aclquery_acl"
                }
            ],
            "recursion_acl": [
                {
                    "access": "allow",
                    "address": "81.2.69.192",
                    "element": "elementrecursion_acl",
                    "tsig_key": {
                        "algorithm": "hmac_sha1",
                        "comment": "commentrecursion_acl",
                        "key": "keyrecursion_acl",
                        "name": "namerecursion_acl",
                        "protocol": {
                            "name": "protocolnamerecursion_acl"
                        },
                        "secret": "secretrecursion_acl"
                    },
                    "value": "aclrecursion_acl"
                }
            ],
            "recursion_enabled": true,
            "synthesize": {
                "address_records_from_https": false
            },
            "tags": {
                "message": "Hello"
            },
            "transfer_acl": [
                {
                    "access": "allow",
                    "address": "216.160.83.56",
                    "element": "elementtransfer_acl",
                    "tsig_key": {
                        "algorithm": "hmac_sha224",
                        "comment": "commenttransfer_acl",
                        "key": "keytransfer_acl",
                        "name": "nametransfer_acl",
                        "protocol": {
                            "name": "protocolnametransfer_acl"
                        },
                        "secret": "secrettransfer_acl"
                    },
                    "value": "acltransfer_acl"
                }
            ],
            "update_acl": [
                {
                    "access": "allow",
                    "address": "216.160.83.56",
                    "element": "elementupdate_acl",
                    "tsig_key": {
                        "algorithm": "hmac_sha1",
                        "comment": "commentupdate_acl",
                        "key": "keyupdate_acl",
                        "name": "nameupdate_acl",
                        "protocol": {
                            "name": "protocolnameupdate_acl"
                        },
                        "secret": "secretupdate_acl"
                    },
                    "value": "aclupdate_acl"
                }
            ],
            "updated_at": "2022-07-15T06:55:25.978Z",
            "use_forwarders_for_subzones": true,
            "zone_authority": {
                "default_ttl": 20,
                "expire": 10,
                "mname": "mnamezone_authority",
                "negative_ttl": 30,
                "protocol": {
                    "mname": "protocolmnamezone_authority",
                    "rname": "protocolrnamezone_authority"
                },
                "refresh": 50,
                "retry": 100,
                "rname": "string",
                "use_default_mname": true
            }
        }
    },
    "input": {
        "type": "httpjson"
    },
    "related": {
        "hash": [
            "hmac_sha256",
            "hmac_sha384",
            "hmac_sha224",
            "hmac_sha512",
            "hmac_sha1"
        ],
        "ip": [
            "81.2.69.192",
            "67.43.156.0",
            "89.160.20.128",
            "216.160.83.56"
        ]
    },
    "tags": [
        "preserve_original_event",
        "preserve_duplicate_custom_fields",
        "forwarded",
        "infoblox_bloxone_ddi-dns_config"
    ]
}

Exported fields

FieldDescriptionType
@timestamp
Event timestamp.
date
cloud.account.id
The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.
keyword
cloud.availability_zone
Availability zone in which this host is running.
keyword
cloud.image.id
Image ID for the cloud instance.
keyword
cloud.instance.id
Instance ID of the host machine.
keyword
cloud.instance.name
Instance name of the host machine.
keyword
cloud.machine.type
Machine type of the host machine.
keyword
cloud.project.id
Name of the project in Google Cloud.
keyword
cloud.provider
Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean.
keyword
cloud.region
Region in which this host is running.
keyword
container.id
Unique container id.
keyword
container.image.name
Name of the image the container was built on.
keyword
container.labels
Image labels.
object
container.name
Container name.
keyword
data_stream.dataset
Data stream dataset.
constant_keyword
data_stream.namespace
Data stream namespace.
constant_keyword
data_stream.type
Data stream type.
constant_keyword
dns.answers.ttl
The time interval in seconds that this resource record may be cached before it should be discarded. Zero values mean that the data should not be cached.
long
ecs.version
ECS version this event conforms to. ecs.version is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events.
keyword
event.category
This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. event.category represents the "big buckets" of ECS categories. For example, filtering on event.category:process yields all events relating to process activity. This field is closely related to event.type, which is used as a subcategory. This field is an array. This will allow proper categorization of some events that fall in multiple categories.
keyword
event.created
event.created contains the date/time when the event was first read by an agent, or by your pipeline. This field is distinct from @timestamp in that @timestamp typically contain the time extracted from the original event. In most situations, these two timestamps will be slightly different. The difference can be used to calculate the delay between your source generating an event, and the time when your agent first processed it. This can be used to monitor your agent's or pipeline's ability to keep up with your event source. In case the two timestamps are identical, @timestamp should be used.
date
event.dataset
Event dataset.
constant_keyword
event.id
Unique ID to describe the event.
keyword
event.kind
This is one of four ECS Categorization Fields, and indicates the highest level in the ECS category hierarchy. event.kind gives high-level information about what type of information the event contains, without being specific to the contents of the event. For example, values of this field distinguish alert events from metric events. The value of this field can be used to inform how these kinds of events should be handled. They may warrant different retention, different access control, it may also help understand whether the data is coming in at a regular interval or not.
keyword
event.module
Event module.
constant_keyword
event.original
Raw text message of entire event. Used to demonstrate log integrity or where the full log message (before splitting it up in multiple parts) may be required, e.g. for reindex. This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from _source. If users wish to override this and index this field, please see Field data types in the Elasticsearch Reference.
keyword
event.type
This is one of four ECS Categorization Fields, and indicates the third level in the ECS category hierarchy. event.type represents a categorization "sub-bucket" that, when used along with the event.category field values, enables filtering events down to a level appropriate for single visualization. This field is an array. This will allow proper categorization of some events that fall in multiple event types.
keyword
host.architecture
Operating system architecture.
keyword
host.containerized
If the host is a container.
boolean
host.domain
Name of the domain of which the host is a member. For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider.
keyword
host.hostname
Hostname of the host. It normally contains what the hostname command returns on the host machine.
keyword
host.id
Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of beat.name.
keyword
host.ip
Host ip addresses.
ip
host.mac
Host mac addresses.
keyword
host.name
Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.
keyword
host.os.build
OS build information.
keyword
host.os.codename
OS codename, if any.
keyword
host.os.family
OS family (such as redhat, debian, freebsd, windows).
keyword
host.os.kernel
Operating system kernel version as a raw string.
keyword
host.os.name
Operating system name, without the version.
keyword
host.os.name.text
Multi-field of host.os.name.
text
host.os.platform
Operating system platform (such centos, ubuntu, windows).
keyword
host.os.version
Operating system version as a raw string.
keyword
host.type
Type of host. For Cloud providers this can be the machine type like t2.medium. If vm, this could be the container, for example, or other information meaningful in your environment.
keyword
infoblox_bloxone_ddi.dns_config.add_edns.option_in.outgoing_query
add_edns_option_in_outgoing_query adds client IP, MAC address and view name into outgoing recursive query.
boolean
infoblox_bloxone_ddi.dns_config.comment
Optional. Comment for view.
keyword
infoblox_bloxone_ddi.dns_config.created_at
The timestamp when the object has been created.
date
infoblox_bloxone_ddi.dns_config.custom_root_ns.address
IPv4 address.
ip
infoblox_bloxone_ddi.dns_config.custom_root_ns.fqdn
FQDN.
keyword
infoblox_bloxone_ddi.dns_config.custom_root_ns.protocol.fqdn
FQDN in punycode.
keyword
infoblox_bloxone_ddi.dns_config.custom_root_ns_enabled
Optional. true to use custom root nameservers instead of the default ones.
boolean
infoblox_bloxone_ddi.dns_config.disabled
Optional. true to disable object. A disabled object is effectively non-existent when generating configuration.
boolean
infoblox_bloxone_ddi.dns_config.dnssec.enable_validation
Optional. true to perform DNSSEC validation.
boolean
infoblox_bloxone_ddi.dns_config.dnssec.enabled
Optional. Master toggle for all DNSSEC processing.
boolean
infoblox_bloxone_ddi.dns_config.dnssec.root_keys.algorithm
Key algorithm. Algorithm values are as per standards.
long
infoblox_bloxone_ddi.dns_config.dnssec.root_keys.protocol.zone
Zone FQDN in punycode.
keyword
infoblox_bloxone_ddi.dns_config.dnssec.root_keys.public
DNSSEC key data. Non-empty, valid base64 string.
keyword
infoblox_bloxone_ddi.dns_config.dnssec.root_keys.sep
Optional. Secure Entry Point flag.
boolean
infoblox_bloxone_ddi.dns_config.dnssec.root_keys.zone
Zone FQDN.
keyword
infoblox_bloxone_ddi.dns_config.dnssec.trust_anchors.algorithm
Key algorithm. Algorithm values are as per standards.
long
infoblox_bloxone_ddi.dns_config.dnssec.trust_anchors.protocol.zone
Zone FQDN in punycode.
keyword
infoblox_bloxone_ddi.dns_config.dnssec.trust_anchors.public_key
DNSSEC key data. Non-empty, valid base64 string.
keyword
infoblox_bloxone_ddi.dns_config.dnssec.trust_anchors.sep
Optional. Secure Entry Point flag.
boolean
infoblox_bloxone_ddi.dns_config.dnssec.trust_anchors.zone
Zone FQDN.
keyword
infoblox_bloxone_ddi.dns_config.dnssec.validate_expiry
Optional. true to reject expired DNSSEC keys.
boolean
infoblox_bloxone_ddi.dns_config.ecs.enabled
Optional. true to enable EDNS client subnet for recursive queries.
boolean
infoblox_bloxone_ddi.dns_config.ecs.forwarding
Optional. true to enable ECS options in outbound queries. This functionality has additional overhead so it is disabled by default.
boolean
infoblox_bloxone_ddi.dns_config.ecs.prefix_v4
Optional. Maximum scope length for v4 ECS.
long
infoblox_bloxone_ddi.dns_config.ecs.prefix_v6
Optional. Maximum scope length for v6 ECS.
long
infoblox_bloxone_ddi.dns_config.ecs.zones.access
Access control for zone.
keyword
infoblox_bloxone_ddi.dns_config.ecs.zones.fqdn
Zone FQDN.
keyword
infoblox_bloxone_ddi.dns_config.ecs.zones.protocol.fqdn
Zone FQDN in punycode.
keyword
infoblox_bloxone_ddi.dns_config.edns.udp.size
Optional. edns_udp_size represents the edns UDP size.
long
infoblox_bloxone_ddi.dns_config.forwarders.address
Server IP address.
ip
infoblox_bloxone_ddi.dns_config.forwarders.fqdn
Server FQDN.
keyword
infoblox_bloxone_ddi.dns_config.forwarders.protocol.fqdn
Server FQDN in punycode.
keyword
infoblox_bloxone_ddi.dns_config.forwarders_only
Optional. true to only forward.
boolean
infoblox_bloxone_ddi.dns_config.gss_tsig_enabled
gss_tsig_enabled enables/disables GSS-TSIG signed dynamic updates.
boolean
infoblox_bloxone_ddi.dns_config.id
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.add_edns.option_in.outgoing_query.action
The inheritance setting for a field.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.add_edns.option_in.outgoing_query.display.name
The human-readable display name for the object referred to by source.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.add_edns.option_in.outgoing_query.source
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.add_edns.option_in.outgoing_query.value
The inherited value.
boolean
infoblox_bloxone_ddi.dns_config.inheritance.sources.custom_root_ns.block.action
Defaults to inherit.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.custom_root_ns.block.display.name
Human-readable display name for the object referred to by source.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.custom_root_ns.block.source
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.custom_root_ns.block.value.address
IPv4 address.
ip
infoblox_bloxone_ddi.dns_config.inheritance.sources.custom_root_ns.block.value.fqdn
Optional. Field config for custom_root_ns_enabled field.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.custom_root_ns.block.value.protocol.fqdn
FQDN.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.custom_root_ns.block.value_enabled
FQDN in punycode.
boolean
infoblox_bloxone_ddi.dns_config.inheritance.sources.dnssec.validation.block.action
Defaults to inherit.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.dnssec.validation.block.display.name
Human-readable display name for the object referred to by source.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.dnssec.validation.block.source
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.dnssec.validation.block.value.enable
Optional. Field config for dnssec_enable_validation field.
boolean
infoblox_bloxone_ddi.dns_config.inheritance.sources.dnssec.validation.block.value.enabled
Optional. Field config for dnssec_enabled field.
boolean
infoblox_bloxone_ddi.dns_config.inheritance.sources.dnssec.validation.block.value.trust_anchors.algorithm
Key algorithm. Algorithm values are as per standards.
long
infoblox_bloxone_ddi.dns_config.inheritance.sources.dnssec.validation.block.value.trust_anchors.protocol.zone
Zone FQDN in punycode.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.dnssec.validation.block.value.trust_anchors.public_key
DNSSEC key data. Non-empty, valid base64 string.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.dnssec.validation.block.value.trust_anchors.sep
Optional. Secure Entry Point flag.
boolean
infoblox_bloxone_ddi.dns_config.inheritance.sources.dnssec.validation.block.value.trust_anchors.zone
Zone FQDN.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.dnssec.validation.block.value.validate_expiry
Optional. Field config for dnssec_validate_expiry field.
boolean
infoblox_bloxone_ddi.dns_config.inheritance.sources.ecs.block.action
Defaults to inherit.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.ecs.block.display.name
Human-readable display name for the object referred to by source.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.ecs.block.source
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.ecs.block.value.enabled
Optional. Field config for ecs_enabled field.
boolean
infoblox_bloxone_ddi.dns_config.inheritance.sources.ecs.block.value.forwarding
Optional. Field config for ecs_forwarding field.
boolean
infoblox_bloxone_ddi.dns_config.inheritance.sources.ecs.block.value.prefix_v4
Optional. Field config for ecs_prefix_v4 field.
long
infoblox_bloxone_ddi.dns_config.inheritance.sources.ecs.block.value.prefix_v6
Optional. Field config for ecs_prefix_v6 field.
long
infoblox_bloxone_ddi.dns_config.inheritance.sources.ecs.block.value.zones.access
Access control for zone.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.ecs.block.value.zones.fqdn
Zone FQDN.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.ecs.block.value.zones.protocol.fqdn
Zone FQDN in punycode.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.edns.udp.size.action
The inheritance setting for a field.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.edns.udp.size.display.name
The human-readable display name for the object referred to by source.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.edns.udp.size.source
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.edns.udp.size.value
The inherited value.
long
infoblox_bloxone_ddi.dns_config.inheritance.sources.forwarders.block.action
Defaults to inherit.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.forwarders.block.display.name
Human-readable display name for the object referred to by source.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.forwarders.block.source
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.forwarders.block.value.address
Server IP address.
ip
infoblox_bloxone_ddi.dns_config.inheritance.sources.forwarders.block.value.fqdn
Server FQDN.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.forwarders.block.value.protocol.fqdn
Server FQDN in punycode.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.forwarders.block.value_only
Optional. Field config for forwarders_only field.
boolean
infoblox_bloxone_ddi.dns_config.inheritance.sources.gss_tsig_enabled.action
The inheritance setting for a field.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.gss_tsig_enabled.display.name
The human-readable display name for the object referred to by source.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.gss_tsig_enabled.source
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.gss_tsig_enabled.value
The inherited value.
boolean
infoblox_bloxone_ddi.dns_config.inheritance.sources.lame_ttl.action
The inheritance setting for a field.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.lame_ttl.display.name
The human-readable display name for the object referred to by source.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.lame_ttl.source
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.lame_ttl.value
The inherited value.
long
infoblox_bloxone_ddi.dns_config.inheritance.sources.match_recursive_only.action
The inheritance setting for a field.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.match_recursive_only.display.name
The human-readable display name for the object referred to by source.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.match_recursive_only.source
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.match_recursive_only.value
The inherited value.
boolean
infoblox_bloxone_ddi.dns_config.inheritance.sources.max_cache_ttl.action
The inheritance setting for a field.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.max_cache_ttl.display.name
The human-readable display name for the object referred to by source.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.max_cache_ttl.source
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.max_cache_ttl.value
The inherited value.
long
infoblox_bloxone_ddi.dns_config.inheritance.sources.max_negative_ttl.action
The inheritance setting for a field.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.max_negative_ttl.display.name
The human-readable display name for the object referred to by source.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.max_negative_ttl.source
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.max_negative_ttl.value
The inherited value.
long
infoblox_bloxone_ddi.dns_config.inheritance.sources.max_udp_size.action
The inheritance setting for a field.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.max_udp_size.display.name
The human-readable display name for the object referred to by source.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.max_udp_size.source
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.max_udp_size.value
The inherited value.
long
infoblox_bloxone_ddi.dns_config.inheritance.sources.minimal_responses.action
The inheritance setting for a field.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.minimal_responses.display.name
The human-readable display name for the object referred to by source.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.minimal_responses.source
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.minimal_responses.value
The inherited value.
boolean
infoblox_bloxone_ddi.dns_config.inheritance.sources.notify.action
The inheritance setting for a field.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.notify.display.name
The human-readable display name for the object referred to by source.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.notify.source
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.notify.value
The inherited value.
boolean
infoblox_bloxone_ddi.dns_config.inheritance.sources.query_acl.action
The inheritance setting for a field.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.query_acl.display.name
The human-readable display name for the object referred to by source.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.query_acl.source
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.query_acl.value.access
Access permission for element.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.query_acl.value.acl
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.query_acl.value.address
Optional. Data for ip element.
ip
infoblox_bloxone_ddi.dns_config.inheritance.sources.query_acl.value.element
Type of element.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.query_acl.value.tsig_key.algorithm
TSIG key algorithm.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.query_acl.value.tsig_key.comment
Comment for TSIG key.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.query_acl.value.tsig_key.key
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.query_acl.value.tsig_key.name
TSIG key name, FQDN.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.query_acl.value.tsig_key.protocol.name
TSIG key name in punycode.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.query_acl.value.tsig_key.secret
TSIG key secret, base64 string.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.recursion_acl.action
The inheritance setting for a field.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.recursion_acl.display.name
The human-readable display name for the object referred to by source.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.recursion_acl.source
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.recursion_acl.value.access
Access permission for element.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.recursion_acl.value.acl
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.recursion_acl.value.address
Optional. Data for ip element.
ip
infoblox_bloxone_ddi.dns_config.inheritance.sources.recursion_acl.value.element
Type of element.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.recursion_acl.value.tsig_key.algorithm
TSIG key algorithm.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.recursion_acl.value.tsig_key.comment
Comment for TSIG key.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.recursion_acl.value.tsig_key.key
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.recursion_acl.value.tsig_key.name
TSIG key name, FQDN.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.recursion_acl.value.tsig_key.protocol.name
TSIG key name in punycode.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.recursion_acl.value.tsig_key.secret
TSIG key secret, base64 string.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.recursion_enabled.action
The inheritance setting for a field.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.recursion_enabled.display.name
The human-readable display name for the object referred to by source.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.recursion_enabled.source
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.recursion_enabled.value
The inherited value.
boolean
infoblox_bloxone_ddi.dns_config.inheritance.sources.synthesize.address_records_from_https.action
The inheritance setting for a field.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.synthesize.address_records_from_https.display.name
The human-readable display name for the object referred to by source.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.synthesize.address_records_from_https.name
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.synthesize.address_records_from_https.value
The inherited value.
boolean
infoblox_bloxone_ddi.dns_config.inheritance.sources.transfer_acl.action
The inheritance setting for a field.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.transfer_acl.display.name
The human-readable display name for the object referred to by source.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.transfer_acl.source
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.transfer_acl.value.access
Access permission for element.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.transfer_acl.value.acl
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.transfer_acl.value.address
Optional. Data for ip element.
ip
infoblox_bloxone_ddi.dns_config.inheritance.sources.transfer_acl.value.element
Type of element.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.transfer_acl.value.tsig_key.algorithm
TSIG key algorithm.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.transfer_acl.value.tsig_key.comment
Comment for TSIG key.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.transfer_acl.value.tsig_key.key
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.transfer_acl.value.tsig_key.name
TSIG key name, FQDN.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.transfer_acl.value.tsig_key.protocol.name
TSIG key name in punycode.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.transfer_acl.value.tsig_key.secret
TSIG key secret, base64 string.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.update_acl.action
The inheritance setting for a field.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.update_acl.display.name
The human-readable display name for the object referred to by source.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.update_acl.source
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.update_acl.value.access
Access permission for element.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.update_acl.value.acl
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.update_acl.value.address
Optional. Data for ip element.
ip
infoblox_bloxone_ddi.dns_config.inheritance.sources.update_acl.value.element
Type of element.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.update_acl.value.tsig_key.algorithm
TSIG key algorithm.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.update_acl.value.tsig_key.comment
Comment for TSIG key.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.update_acl.value.tsig_key.key
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.update_acl.value.tsig_key.name
TSIG key name, FQDN.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.update_acl.value.tsig_key.protocol.name
TSIG key name in punycode.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.update_acl.value.tsig_key.secret
TSIG key secret, base64 string.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.use_forwarders_for_subzones.action
The inheritance setting for a field.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.use_forwarders_for_subzones.display.name
The human-readable display name for the object referred to by source.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.use_forwarders_for_subzones.source
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.use_forwarders_for_subzones.value
The inherited value.
boolean
infoblox_bloxone_ddi.dns_config.inheritance.sources.zone_authority.default_ttl.action
The inheritance setting for a field.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.zone_authority.default_ttl.display.name
The human-readable display name for the object referred to by source.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.zone_authority.default_ttl.source
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.zone_authority.default_ttl.value
The inherited value.
long
infoblox_bloxone_ddi.dns_config.inheritance.sources.zone_authority.expire.action
The inheritance setting for a field.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.zone_authority.expire.display.name
The human-readable display name for the object referred to by source.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.zone_authority.expire.source
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.zone_authority.expire.value
The inherited value.
long
infoblox_bloxone_ddi.dns_config.inheritance.sources.zone_authority.mname_block.action
Defaults to inherit.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.zone_authority.mname_block.display.name
Human-readable display name for the object referred to by source.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.zone_authority.mname_block.source
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.zone_authority.mname_block.value.isdefault
Optional. Use default value for master name server. Defaults to true.
boolean
infoblox_bloxone_ddi.dns_config.inheritance.sources.zone_authority.mname_block.value.protocol.mname
Optional. Master name server in punycode. Defaults to empty.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.zone_authority.mname_block_value
Defaults to empty.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.zone_authority.negative_ttl.action
The inheritance setting for a field.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.zone_authority.negative_ttl.display.name
The human-readable display name for the object referred to by source.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.zone_authority.negative_ttl.source
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.zone_authority.negative_ttl.value
The inherited value.
long
infoblox_bloxone_ddi.dns_config.inheritance.sources.zone_authority.protocol_rname.action
The inheritance setting for a field.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.zone_authority.protocol_rname.display.name
The human-readable display name for the object referred to by source.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.zone_authority.protocol_rname.source
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.zone_authority.protocol_rname.value
The inherited value.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.zone_authority.refresh.action
The inheritance setting for a field.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.zone_authority.refresh.display.name
The human-readable display name for the object referred to by source.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.zone_authority.refresh.source
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.zone_authority.refresh.value
The inherited value.
long
infoblox_bloxone_ddi.dns_config.inheritance.sources.zone_authority.retry.action
The inheritance setting for a field.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.zone_authority.retry.display.name
The human-readable display name for the object referred to by source.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.zone_authority.retry.source
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.zone_authority.retry.value
The inherited value.
long
infoblox_bloxone_ddi.dns_config.inheritance.sources.zone_authority.rname.action
The inheritance setting for a field.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.zone_authority.rname.display.name
The human-readable display name for the object referred to by source.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.zone_authority.rname.source
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_config.inheritance.sources.zone_authority.rname.value
The inherited value.
keyword
infoblox_bloxone_ddi.dns_config.ip_spaces
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_config.lame_ttl
Optional. Unused in the current on-prem DNS server implementation.
long
infoblox_bloxone_ddi.dns_config.match_clients_acl.access
Access permission for element.
keyword
infoblox_bloxone_ddi.dns_config.match_clients_acl.address
Optional. Data for ip element.
ip
infoblox_bloxone_ddi.dns_config.match_clients_acl.element
Type of element.
keyword
infoblox_bloxone_ddi.dns_config.match_clients_acl.tsig_key.algorithm
TSIG key algorithm.
keyword
infoblox_bloxone_ddi.dns_config.match_clients_acl.tsig_key.comment
Comment for TSIG key.
keyword
infoblox_bloxone_ddi.dns_config.match_clients_acl.tsig_key.key
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_config.match_clients_acl.tsig_key.name
TSIG key name, FQDN.
keyword
infoblox_bloxone_ddi.dns_config.match_clients_acl.tsig_key.protocol.name
TSIG key name in punycode.
keyword
infoblox_bloxone_ddi.dns_config.match_clients_acl.tsig_key.secret
TSIG key secret, base64 string.
keyword
infoblox_bloxone_ddi.dns_config.match_clients_acl.value
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_config.match_destinations_acl.access
Access permission for element.
keyword
infoblox_bloxone_ddi.dns_config.match_destinations_acl.address
Optional. Data for ip element.
ip
infoblox_bloxone_ddi.dns_config.match_destinations_acl.element
Type of element.
keyword
infoblox_bloxone_ddi.dns_config.match_destinations_acl.tsig_key.algorithm
TSIG key algorithm.
keyword
infoblox_bloxone_ddi.dns_config.match_destinations_acl.tsig_key.comment
Comment for TSIG key.
keyword
infoblox_bloxone_ddi.dns_config.match_destinations_acl.tsig_key.key
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_config.match_destinations_acl.tsig_key.name
TSIG key name, FQDN.
keyword
infoblox_bloxone_ddi.dns_config.match_destinations_acl.tsig_key.protocol.name
TSIG key name in punycode.
keyword
infoblox_bloxone_ddi.dns_config.match_destinations_acl.tsig_key.secret
TSIG key secret, base64 string.
keyword
infoblox_bloxone_ddi.dns_config.match_destinations_acl.value
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_config.match_recursive_only
Optional. If true only recursive queries from matching clients access the view.
boolean
infoblox_bloxone_ddi.dns_config.max_cache_ttl
Optional. Seconds to cache positive responses.
long
infoblox_bloxone_ddi.dns_config.max_negative_ttl
Optional. Seconds to cache negative responses.
long
infoblox_bloxone_ddi.dns_config.max_udp_size
Optional. max_udp_size represents maximum UDP payload size.
long
infoblox_bloxone_ddi.dns_config.minimal_responses
Optional. When enabled, the DNS server will only add records to the authority and additional data sections when they are required.
boolean
infoblox_bloxone_ddi.dns_config.name
Name of view.
keyword
infoblox_bloxone_ddi.dns_config.notify
notify all external secondary DNS servers.
boolean
infoblox_bloxone_ddi.dns_config.query_acl.access
Access permission for element.
keyword
infoblox_bloxone_ddi.dns_config.query_acl.address
Optional. Data for ip element.
ip
infoblox_bloxone_ddi.dns_config.query_acl.element
Type of element.
keyword
infoblox_bloxone_ddi.dns_config.query_acl.tsig_key.algorithm
TSIG key algorithm.
keyword
infoblox_bloxone_ddi.dns_config.query_acl.tsig_key.comment
Comment for TSIG key.
keyword
infoblox_bloxone_ddi.dns_config.query_acl.tsig_key.key
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_config.query_acl.tsig_key.name
TSIG key name, FQDN.
keyword
infoblox_bloxone_ddi.dns_config.query_acl.tsig_key.protocol.name
TSIG key name in punycode.
keyword
infoblox_bloxone_ddi.dns_config.query_acl.tsig_key.secret
TSIG key secret, base64 string.
keyword
infoblox_bloxone_ddi.dns_config.query_acl.value
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_config.recursion_acl.access
Access permission for element.
keyword
infoblox_bloxone_ddi.dns_config.recursion_acl.address
Optional. Data for ip element.
ip
infoblox_bloxone_ddi.dns_config.recursion_acl.element
Type of element.
keyword
infoblox_bloxone_ddi.dns_config.recursion_acl.tsig_key.algorithm
TSIG key algorithm.
keyword
infoblox_bloxone_ddi.dns_config.recursion_acl.tsig_key.comment
Comment for TSIG key.
keyword
infoblox_bloxone_ddi.dns_config.recursion_acl.tsig_key.key
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_config.recursion_acl.tsig_key.name
TSIG key name, FQDN.
keyword
infoblox_bloxone_ddi.dns_config.recursion_acl.tsig_key.protocol.name
TSIG key name in punycode.
keyword
infoblox_bloxone_ddi.dns_config.recursion_acl.tsig_key.secret
TSIG key secret, base64 string.
keyword
infoblox_bloxone_ddi.dns_config.recursion_acl.value
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_config.recursion_enabled
Optional. true to allow recursive DNS queries.
boolean
infoblox_bloxone_ddi.dns_config.synthesize.address_records_from_https
synthesize_address_records_from_https enables/disables creation of A/AAAA records from HTTPS RR.
boolean
infoblox_bloxone_ddi.dns_config.tags
Tagging specifics.
flattened
infoblox_bloxone_ddi.dns_config.transfer_acl.access
Access permission for element.
keyword
infoblox_bloxone_ddi.dns_config.transfer_acl.address
Optional. Data for ip element.
ip
infoblox_bloxone_ddi.dns_config.transfer_acl.element
Type of element.
keyword
infoblox_bloxone_ddi.dns_config.transfer_acl.tsig_key.algorithm
TSIG key algorithm.
keyword
infoblox_bloxone_ddi.dns_config.transfer_acl.tsig_key.comment
Comment for TSIG key.
keyword
infoblox_bloxone_ddi.dns_config.transfer_acl.tsig_key.key
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_config.transfer_acl.tsig_key.name
TSIG key name, FQDN.
keyword
infoblox_bloxone_ddi.dns_config.transfer_acl.tsig_key.protocol.name
TSIG key name in punycode.
keyword
infoblox_bloxone_ddi.dns_config.transfer_acl.tsig_key.secret
TSIG key secret, base64 string.
keyword
infoblox_bloxone_ddi.dns_config.transfer_acl.value
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_config.update_acl.access
Access permission for element.
keyword
infoblox_bloxone_ddi.dns_config.update_acl.address
Optional. Data for ip element.
ip
infoblox_bloxone_ddi.dns_config.update_acl.element
Type of element.
keyword
infoblox_bloxone_ddi.dns_config.update_acl.tsig_key.algorithm
TSIG key algorithm.
keyword
infoblox_bloxone_ddi.dns_config.update_acl.tsig_key.comment
Comment for TSIG key.
keyword
infoblox_bloxone_ddi.dns_config.update_acl.tsig_key.key
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_config.update_acl.tsig_key.name
TSIG key name, FQDN.
keyword
infoblox_bloxone_ddi.dns_config.update_acl.tsig_key.protocol.name
TSIG key name in punycode.
keyword
infoblox_bloxone_ddi.dns_config.update_acl.tsig_key.secret
TSIG key secret, base64 string.
keyword
infoblox_bloxone_ddi.dns_config.update_acl.value
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_config.updated_at
The timestamp when the object has been updated. Equals to created_at if not updated after creation.
date
infoblox_bloxone_ddi.dns_config.use_forwarders_for_subzones
Optional. Use default forwarders to resolve queries for subzones.
boolean
infoblox_bloxone_ddi.dns_config.zone_authority.default_ttl
Optional. ZoneAuthority default ttl for resource records in zone (value in seconds).
long
infoblox_bloxone_ddi.dns_config.zone_authority.expire
Optional. ZoneAuthority expire time in seconds. Defaults to 2419200.
long
infoblox_bloxone_ddi.dns_config.zone_authority.mname
Optional. ZoneAuthority master name server (partially qualified domain name) Defaults to empty.
keyword
infoblox_bloxone_ddi.dns_config.zone_authority.negative_ttl
Optional. ZoneAuthority negative caching (minimum) ttl in seconds.
long
infoblox_bloxone_ddi.dns_config.zone_authority.protocol.mname
Optional. ZoneAuthority master name server in punycode. Defaults to empty.
keyword
infoblox_bloxone_ddi.dns_config.zone_authority.protocol.rname
Optional. A domain name which specifies the mailbox of the person responsible for this zone. Defaults to empty.
keyword
infoblox_bloxone_ddi.dns_config.zone_authority.refresh
Optional. ZoneAuthority refresh. Defaults to 10800.
long
infoblox_bloxone_ddi.dns_config.zone_authority.retry
Optional. ZoneAuthority retry. Defaults to 3600.
long
infoblox_bloxone_ddi.dns_config.zone_authority.rname
Optional. ZoneAuthority rname. Defaults to empty.
keyword
infoblox_bloxone_ddi.dns_config.zone_authority.use_default_mname
Optional. Use default value for master name server. Defaults to true.
boolean
input.type
Input type
keyword
log.offset
Log offset
long
related.hash
All the hashes seen on your event. Populating this field, then using it to search for hashes can help in situations where you're unsure what the hash algorithm is (and therefore which key name to search).
keyword
related.ip
All of the IPs seen on your event.
ip
tags
List of keywords used to tag each event.
keyword

dns_data

This is the dns_data dataset.

Example

An example event for dns_data looks as following:

{
    "@timestamp": "2022-07-20T09:59:59.184Z",
    "agent": {
        "ephemeral_id": "47fb54e0-4eeb-4563-b51b-3c6fbb0d8a64",
        "hostname": "docker-fleet-agent",
        "id": "e0bb9c9c-c3ad-47d7-882c-5fff0f458160",
        "name": "docker-fleet-agent",
        "type": "filebeat",
        "version": "7.17.0"
    },
    "data_stream": {
        "dataset": "infoblox_bloxone_ddi.dns_data",
        "namespace": "ep",
        "type": "logs"
    },
    "dns": {
        "answers": {
            "ttl": 0
        }
    },
    "ecs": {
        "version": "8.11.0"
    },
    "elastic_agent": {
        "id": "e0bb9c9c-c3ad-47d7-882c-5fff0f458160",
        "snapshot": false,
        "version": "7.17.0"
    },
    "event": {
        "agent_id_status": "verified",
        "category": [
            "network"
        ],
        "created": "2022-07-20T09:59:59.184Z",
        "dataset": "infoblox_bloxone_ddi.dns_data",
        "id": "ghr123ghf",
        "ingested": "2022-11-21T10:36:50Z",
        "kind": "event",
        "original": "{\"absolute_name_spec\":\"DNS Data Absolute Name\",\"absolute_zone_name\":\"DNS Data Absolute Zone Name\",\"comment\":\"DNS Data Comment\",\"created_at\":\"2022-07-20T09:59:59.184Z\",\"delegation\":\"DNS Data Delegation\",\"disabled\":true,\"dns_absolute_name_spec\":\"DNS Absolute Name\",\"dns_absolute_zone_name\":\"DNS Absolute Zone Name\",\"dns_name_in_zone\":\"DNS Name in Zone\",\"dns_rdata\":\"DNS RData\",\"id\":\"ghr123ghf\",\"inheritance_sources\":{\"ttl\":{\"action\":\"DNS Data Action\",\"display_name\":\"DNS Display Name\",\"source\":\"DNS Data Source\",\"value\":10}},\"name_in_zone\":\"DNS Data Name in zone\",\"options\":{\"address\":\"67.43.156.0\",\"check_rmz\":true,\"create_ptr\":false},\"rdata\":{\"address\":\"81.2.69.192\",\"cname\":\"DNS Data Canonical Name\",\"dhcid\":\"122zbczba12\",\"dname\":\"DNS Data dname\",\"exchange\":\"DNS Data Exchange\",\"expire\":23131,\"flags\":\"DNS Data Flags\",\"length_kind\":8,\"mname\":\"DNS Data mname\",\"negative_ttl\":213342,\"order\":123124,\"port\":80,\"preference\":12345363467,\"priority\":44,\"refresh\":10800,\"regexp\":\"none\",\"replacement\":\"DNS Data Replacement\",\"retry\":3600,\"rname\":\"DNS Data rname\",\"serial\":12314114,\"services\":\"DNS Data Test Services\",\"tag\":\"issue\",\"target\":\"DNS Data Target\",\"text\":\"DNS Data text field\",\"type\":\"32BIT\",\"value\":\"DNS Data Value\",\"weight\":0},\"source\":[\"STATIC\"],\"tags\":{\"message\":\"Hello\"},\"ttl\":0,\"type\":\"DNS Data Type\",\"updated_at\":\"2022-07-20T09:59:59.184Z\",\"view\":\"DNS Data View\",\"view_name\":\"DNS Data View Name\",\"zone\":\"DNS Data Zone\"}",
        "type": [
            "protocol"
        ]
    },
    "infoblox_bloxone_ddi": {
        "dns_data": {
            "absolute": {
                "name": {
                    "spec": "DNS Absolute Name"
                },
                "zone": {
                    "name": "DNS Absolute Zone Name"
                }
            },
            "absolute_name": {
                "spec": "DNS Data Absolute Name"
            },
            "absolute_zone": {
                "name": "DNS Data Absolute Zone Name"
            },
            "comment": "DNS Data Comment",
            "created_at": "2022-07-20T09:59:59.184Z",
            "delegation": "DNS Data Delegation",
            "disabled": true,
            "id": "ghr123ghf",
            "inheritance": {
                "sources": {
                    "ttl": {
                        "action": "DNS Data Action",
                        "display": {
                            "name": "DNS Display Name"
                        },
                        "source": "DNS Data Source",
                        "value": 10
                    }
                }
            },
            "name_in": {
                "zone": "DNS Name in Zone"
            },
            "name_in_zone": "DNS Data Name in zone",
            "options": {
                "address": "67.43.156.0",
                "check_rmz": true,
                "create_ptr": false
            },
            "rdata": {
                "address": "81.2.69.192",
                "cname": "DNS Data Canonical Name",
                "dhcid": "122zbczba12",
                "dname": "DNS Data dname",
                "exchange": "DNS Data Exchange",
                "expire": 23131,
                "flags": "DNS Data Flags",
                "length_kind": 8,
                "mname": "DNS Data mname",
                "negative_ttl": 213342,
                "order": 123124,
                "port": 80,
                "preference": 12345363467,
                "priority": 44,
                "refresh": 10800,
                "regexp": "none",
                "replacement": "DNS Data Replacement",
                "retry": 3600,
                "rname": "DNS Data rname",
                "serial": 12314114,
                "services": "DNS Data Test Services",
                "tag": "issue",
                "target": "DNS Data Target",
                "text": "DNS Data text field",
                "type": "32BIT",
                "value": "DNS Data Value",
                "weight": 0
            },
            "rdata_value": "DNS RData",
            "source": [
                "STATIC"
            ],
            "tags": {
                "message": "Hello"
            },
            "ttl": 0,
            "type": "DNS Data Type",
            "updated_at": "2022-07-20T09:59:59.184Z",
            "view": "DNS Data View",
            "view_name": "DNS Data View Name",
            "zone": "DNS Data Zone"
        }
    },
    "input": {
        "type": "httpjson"
    },
    "related": {
        "ip": [
            "67.43.156.0",
            "81.2.69.192"
        ]
    },
    "tags": [
        "preserve_original_event",
        "preserve_duplicate_custom_fields",
        "forwarded",
        "bloxone_ddi-dns_data"
    ]
}

Exported fields

FieldDescriptionType
@timestamp
Event timestamp.
date
cloud.account.id
The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.
keyword
cloud.availability_zone
Availability zone in which this host is running.
keyword
cloud.image.id
Image ID for the cloud instance.
keyword
cloud.instance.id
Instance ID of the host machine.
keyword
cloud.instance.name
Instance name of the host machine.
keyword
cloud.machine.type
Machine type of the host machine.
keyword
cloud.project.id
Name of the project in Google Cloud.
keyword
cloud.provider
Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean.
keyword
cloud.region
Region in which this host is running.
keyword
container.id
Unique container id.
keyword
container.image.name
Name of the image the container was built on.
keyword
container.labels
Image labels.
object
container.name
Container name.
keyword
data_stream.dataset
Data stream dataset.
constant_keyword
data_stream.namespace
Data stream namespace.
constant_keyword
data_stream.type
Data stream type.
constant_keyword
dns.answers
An array containing an object for each answer section returned by the server. The main keys that should be present in these objects are defined by ECS. Records that have more information may contain more keys than what ECS defines. Not all DNS data sources give all details about DNS answers. At minimum, answer objects must contain the data key. If more information is available, map as much of it to ECS as possible, and add any additional fields to the answer objects as custom fields.
group
dns.answers.data
The data describing the resource. The meaning of this data depends on the type and class of the resource record.
keyword
dns.answers.ttl
The time interval in seconds that this resource record may be cached before it should be discarded. Zero values mean that the data should not be cached.
long
dns.answers.type
The type of data contained in this resource record.
keyword
dns.question.name
The name being queried. If the name field contains non-printable characters (below 32 or above 126), those characters should be represented as escaped base 10 integers (\DDD). Back slashes and quotes should be escaped. Tabs, carriage returns, and line feeds should be converted to \t, \r, and \n respectively.
keyword
dns.question.registered_domain
The highest registered domain, stripped of the subdomain. For example, the registered domain for "foo.example.com" is "example.com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk".
keyword
dns.question.subdomain
The subdomain is all of the labels under the registered_domain. If the domain has multiple levels of subdomain, such as "sub2.sub1.example.com", the subdomain field should contain "sub2.sub1", with no trailing period.
keyword
dns.question.type
The type of record being queried.
keyword
ecs.version
ECS version this event conforms to. ecs.version is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events.
keyword
event.category
This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. event.category represents the "big buckets" of ECS categories. For example, filtering on event.category:process yields all events relating to process activity. This field is closely related to event.type, which is used as a subcategory. This field is an array. This will allow proper categorization of some events that fall in multiple categories.
keyword
event.created
event.created contains the date/time when the event was first read by an agent, or by your pipeline. This field is distinct from @timestamp in that @timestamp typically contain the time extracted from the original event. In most situations, these two timestamps will be slightly different. The difference can be used to calculate the delay between your source generating an event, and the time when your agent first processed it. This can be used to monitor your agent's or pipeline's ability to keep up with your event source. In case the two timestamps are identical, @timestamp should be used.
date
event.dataset
Event dataset.
constant_keyword
event.id
Unique ID to describe the event.
keyword
event.kind
This is one of four ECS Categorization Fields, and indicates the highest level in the ECS category hierarchy. event.kind gives high-level information about what type of information the event contains, without being specific to the contents of the event. For example, values of this field distinguish alert events from metric events. The value of this field can be used to inform how these kinds of events should be handled. They may warrant different retention, different access control, it may also help understand whether the data is coming in at a regular interval or not.
keyword
event.module
Event module.
constant_keyword
event.original
Raw text message of entire event. Used to demonstrate log integrity or where the full log message (before splitting it up in multiple parts) may be required, e.g. for reindex. This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from _source. If users wish to override this and index this field, please see Field data types in the Elasticsearch Reference.
keyword
event.type
This is one of four ECS Categorization Fields, and indicates the third level in the ECS category hierarchy. event.type represents a categorization "sub-bucket" that, when used along with the event.category field values, enables filtering events down to a level appropriate for single visualization. This field is an array. This will allow proper categorization of some events that fall in multiple event types.
keyword
host.architecture
Operating system architecture.
keyword
host.containerized
If the host is a container.
boolean
host.domain
Name of the domain of which the host is a member. For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider.
keyword
host.hostname
Hostname of the host. It normally contains what the hostname command returns on the host machine.
keyword
host.id
Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of beat.name.
keyword
host.ip
Host ip addresses.
ip
host.mac
Host mac addresses.
keyword
host.name
Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.
keyword
host.os.build
OS build information.
keyword
host.os.codename
OS codename, if any.
keyword
host.os.family
OS family (such as redhat, debian, freebsd, windows).
keyword
host.os.kernel
Operating system kernel version as a raw string.
keyword
host.os.name
Operating system name, without the version.
keyword
host.os.name.text
Multi-field of host.os.name.
text
host.os.platform
Operating system platform (such centos, ubuntu, windows).
keyword
host.os.version
Operating system version as a raw string.
keyword
host.type
Type of host. For Cloud providers this can be the machine type like t2.medium. If vm, this could be the container, for example, or other information meaningful in your environment.
keyword
infoblox_bloxone_ddi.dns_data.absolute.name.spec
The DNS protocol textual representation of absolute_name_spec.
keyword
infoblox_bloxone_ddi.dns_data.absolute.zone.name
The DNS protocol textual representation of the absolute domain name of the zone where this record belongs.
keyword
infoblox_bloxone_ddi.dns_data.absolute_name.spec
Synthetic field, used to determine zone and/or name_in_zone field for records.
keyword
infoblox_bloxone_ddi.dns_data.absolute_zone.name
The absolute domain name of the zone where this record belongs.
keyword
infoblox_bloxone_ddi.dns_data.comment
The description for the DNS resource record. May contain 0 to 1024 characters. Can include UTF-8.
keyword
infoblox_bloxone_ddi.dns_data.created_at
The timestamp when the object has been created.
date
infoblox_bloxone_ddi.dns_data.delegation
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_data.disabled
Indicates if the DNS resource record is disabled. A disabled object is effectively non-existent when generating configuration.
boolean
infoblox_bloxone_ddi.dns_data.id
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_data.inheritance.sources.ttl.action
The inheritance setting for a field.
keyword
infoblox_bloxone_ddi.dns_data.inheritance.sources.ttl.display.name
The human-readable display name for the object referred to by source.
keyword
infoblox_bloxone_ddi.dns_data.inheritance.sources.ttl.source
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_data.inheritance.sources.ttl.value
The inherited value.
long
infoblox_bloxone_ddi.dns_data.name_in.zone
The DNS protocol textual representation of the relative owner name for the DNS zone.
keyword
infoblox_bloxone_ddi.dns_data.name_in_zone
The relative owner name to the zone origin. Must be specified for creating the DNS resource record and is read only for other operations.
keyword
infoblox_bloxone_ddi.dns_data.options.address
For GET operation it contains the IPv4 or IPv6 address represented by the PTR record and for POST and PATCH operations it can be used to create/update a PTR record based on the IP address it represents. In this case, in addition to the address in the options field, need to specify the view field.
ip
infoblox_bloxone_ddi.dns_data.options.check_rmz
A boolean flag which can be set to true for POST operation to check the existence of reverse zone for creating the corresponding PTR record. Only applicable if the create_ptr option is set to true.
boolean
infoblox_bloxone_ddi.dns_data.options.create_ptr
A boolean flag which can be set to true for POST operation to automatically create the corresponding PTR record.
boolean
infoblox_bloxone_ddi.dns_data.provider_metadata
external DNS provider metadata.
flattened
infoblox_bloxone_ddi.dns_data.rdata.address
The IPv4/IPv6 address of the host.
ip
infoblox_bloxone_ddi.dns_data.rdata.cname
A domain name which specifies the canonical or primary name for the owner. The owner name is an alias. Can be empty.
keyword
infoblox_bloxone_ddi.dns_data.rdata.dhcid
The Base64 encoded string which contains DHCP client information.
keyword
infoblox_bloxone_ddi.dns_data.rdata.dname
A domain-name which specifies a host which should be authoritative for the specified class and domain. Can be absolute or relative domain name and include UTF-8.
keyword
infoblox_bloxone_ddi.dns_data.rdata.exchange
A domain name which specifies a host willing to act as a mail exchange for the owner name.
keyword
infoblox_bloxone_ddi.dns_data.rdata.expire
The time interval in seconds after which zone data will expire and secondary server stops answering requests for the zone.
long
infoblox_bloxone_ddi.dns_data.rdata.flags
An unsigned 8-bit integer which specifies the CAA record flags. RFC 6844 defines one (highest) bit in flag octet, remaining bits are deferred for future use. This bit is referenced as Critical. When the bit is set (flag value == 128), issuers must not issue certificates in case CAA records contain unknown property tags.
keyword
infoblox_bloxone_ddi.dns_data.rdata.length_kind
A string indicating the size in bits of a sub-subfield that is prepended to the value and encodes the length of the value.
long
infoblox_bloxone_ddi.dns_data.rdata.mname
The domain name for the master server for the zone. Can be absolute or relative domain name.
keyword
infoblox_bloxone_ddi.dns_data.rdata.negative_ttl
The time interval in seconds for which name servers can cache negative responses for zone.
long
infoblox_bloxone_ddi.dns_data.rdata.order
A 16-bit unsigned integer specifying the order in which the NAPTR records must be processed. Low numbers are processed before high numbers, and once a NAPTR is found whose rule “matches” the target, the client must not consider any NAPTRs with a higher value for order (except as noted below for the “flags” field. The range of the value is 0 to 65535.
long
infoblox_bloxone_ddi.dns_data.rdata.port
An unsigned 16-bit integer which specifies the port on this target host of this service. The range of the value is 0 to 65535. This is often as specified in Assigned Numbers but need not be.
long
infoblox_bloxone_ddi.dns_data.rdata.preference
An unsigned 16-bit integer which specifies the preference given to this RR among others at the same owner. Lower values are preferred. The range of the value is 0 to 65535.
long
infoblox_bloxone_ddi.dns_data.rdata.priority
An unsigned 16-bit integer which specifies the priority of this target host. The range of the value is 0 to 65535. A client must attempt to contact the target host with the lowest-numbered priority it can reach. Target hosts with the same priority should be tried in an order defined by the weight field.
long
infoblox_bloxone_ddi.dns_data.rdata.refresh
The time interval in seconds that specifies how often secondary servers need to send a message to the primary server for a zone to check that their data is current, and retrieve fresh data if it is not.
long
infoblox_bloxone_ddi.dns_data.rdata.regexp
A string containing a substitution expression that is applied to the original string held by the client in order to construct the next domain name to lookup.
keyword
infoblox_bloxone_ddi.dns_data.rdata.replacement
The next name to query for NAPTR, SRV, or address records depending on the value of the flags field. This can be an absolute or relative domain name. Can be empty.
keyword
infoblox_bloxone_ddi.dns_data.rdata.retry
The time interval in seconds for which the secondary server will wait before attempting to recontact the primary server after a connection failure occurs.
long
infoblox_bloxone_ddi.dns_data.rdata.rname
The domain name which specifies the mailbox of the person responsible for this zone.
keyword
infoblox_bloxone_ddi.dns_data.rdata.serial
An unsigned 32-bit integer that specifies the serial number of the zone. Used to indicate that zone data was updated, so the secondary name server can initiate zone transfer. The range of the value is 0 to 4294967295.
long
infoblox_bloxone_ddi.dns_data.rdata.services
Specifies the service(s) available down this rewrite path. It may also specify the particular protocol that is used to talk with a service. A protocol must be specified if the flags field states that the NAPTR is terminal. If a protocol is specified, but the flags field does not state that the NAPTR is terminal, the next lookup must be for a NAPTR. The client may choose not to perform the next lookup if the protocol is unknown, but that behavior must not be relied upon.
keyword
infoblox_bloxone_ddi.dns_data.rdata.tag
The CAA record property tag string which indicates the type of CAA record.
keyword
infoblox_bloxone_ddi.dns_data.rdata.target
The target domain name to which the zone will be mapped. Can be empty.
keyword
infoblox_bloxone_ddi.dns_data.rdata.text
The semantics of the text depends on the domain where it is found.
keyword
infoblox_bloxone_ddi.dns_data.rdata.type
Type of TXT (Text) record.
keyword
infoblox_bloxone_ddi.dns_data.rdata.value
A string which contains the CAA record property value.
keyword
infoblox_bloxone_ddi.dns_data.rdata.weight
An unsigned 16-bit integer which specifies a relative weight for entries with the same priority. The range of the value is 0 to 65535. Larger weights should be given a proportionately higher probability of being selected. Domain administrators should use weight 0 when there isn’t any server selection to do, to make the RR easier to read for humans (less noisy). In the presence of records containing weights greater than 0, records with weight 0 should have a very small chance of being selected.
long
infoblox_bloxone_ddi.dns_data.rdata_value
The DNS protocol textual representation of the DNS resource record data.
keyword
infoblox_bloxone_ddi.dns_data.source
The DNS resource record type-specific non-protocol source. The source is a combination of indicators, each tracking how the DNS resource record appeared in system.
keyword
infoblox_bloxone_ddi.dns_data.tags
The tags for the DNS resource record in JSON format.
flattened
infoblox_bloxone_ddi.dns_data.ttl
The record time to live value in seconds. The range of this value is 0 to 2147483647. Defaults to TTL value from the SOA record of the zone.
long
infoblox_bloxone_ddi.dns_data.type
The DNS resource record type specified in the textual mnemonic format or in the “TYPEnnn” format where “nnn” indicates the numeric type value.
keyword
infoblox_bloxone_ddi.dns_data.updated_at
The timestamp when the object has been updated. Equals to created_at if not updated after creation.
date
infoblox_bloxone_ddi.dns_data.view
The resource identifier.
keyword
infoblox_bloxone_ddi.dns_data.view_name
The display name of the DNS view that contains the parent zone of the DNS resource record.
keyword
infoblox_bloxone_ddi.dns_data.zone
The resource identifier.
keyword
input.type
Input type
keyword
log.offset
Log offset
long
related.hosts
All hostnames or other host identifiers seen on your event. Example identifiers include FQDNs, domain names, workstation names, or aliases.
keyword
related.ip
All of the IPs seen on your event.
ip
tags
List of keywords used to tag each event.
keyword

Changelog

VersionDetailsKibana version(s)

1.17.0

Enhancement View pull request
Improve handling of empty responses.

8.12.0 or higher

1.16.0

Enhancement View pull request
Set sensitive values as secret.

8.12.0 or higher

1.15.0

Enhancement View pull request
Map DNS fields to ECS.

8.7.1 or higher

1.14.1

Enhancement View pull request
Changed owners

8.7.1 or higher

1.14.0

Enhancement View pull request
Limit request tracer log count to five.

8.7.1 or higher

1.13.0

Enhancement View pull request
ECS version updated to 8.11.0.

8.7.1 or higher

1.12.0

Enhancement View pull request
Improve 'event.original' check to avoid errors if set.

8.7.1 or higher

1.11.3

Bug fix View pull request
Fix documentation for initial interval configuration.

8.7.1 or higher

1.11.2

Bug fix View pull request
Fix handling of options fields.

8.7.1 or higher

1.11.1

Bug fix View pull request
Correct conversion of IP addresses on empty arrays, and drop emtpy messages

8.7.1 or higher

1.11.0

Enhancement View pull request
ECS version updated to 8.10.0.

8.7.1 or higher

1.10.0

Enhancement View pull request
The format_version in the package manifest changed from 2.11.0 to 3.0.0. Removed dotted YAML keys from package manifest. Added 'owner.type: elastic' to package manifest.

8.7.1 or higher

1.9.0

Enhancement View pull request
Add tags.yml file so that integration's dashboards and saved searches are tagged with "Security Solution" and displayed in the Security Solution UI.

8.7.1 or higher

1.8.0

Enhancement View pull request
Update package to ECS 8.9.0.

8.7.1 or higher

1.7.0

Enhancement View pull request
Document duration units.

8.7.1 or higher

1.6.0

Enhancement View pull request
Convert visualizations to lens.

8.7.1 or higher

1.5.0

Enhancement View pull request
Ensure event.kind is correctly set for pipeline errors.

8.7.1 or higher

1.4.0

Enhancement View pull request
Update package to ECS 8.8.0.

8.7.1 or higher

1.3.0

Enhancement View pull request
Update package-spec version to 2.7.0.

8.7.1 or higher

1.2.0

Enhancement View pull request
Add a new flag to enable request tracing

8.7.1 or higher

1.1.0

Enhancement View pull request
Update package to ECS 8.7.0.

7.17.0 or higher
8.0.0 or higher

1.0.0

Enhancement View pull request
Release Infoblox BloxOne DDI as GA.

7.17.0 or higher
8.0.0 or higher

0.3.1

Enhancement View pull request
Added categories and/or subcategories.

0.3.0

Enhancement View pull request
Update package to ECS 8.6.0.

0.2.2

Bug fix View pull request
Remove duplicate fields.

Bug fix View pull request
Fix markdown syntax in proxy_url description.

0.2.1

Enhancement View pull request
Added Filter instead of KQL in visualizations and Update the pagination termination condition.

0.2.0

Enhancement View pull request
Update package to ECS 8.5.0.

0.1.1

Bug fix View pull request
Fix documentation build error.

0.1.0

Enhancement View pull request
Initial Release.

On this page