Amazon S3
s3 日志类型跟踪对 Amazon S3 存储桶的访问网络请求。
以下代码片段包含此日志类型的所有 raw_field 和 ecs 映射:
"mappings": [
{
"raw_field":"eventName",
"ecs":"aws.cloudtrail.event_name"
},
{
"raw_field":"eventSource",
"ecs":"aws.cloudtrail.event_source"
},
{
"raw_field":"eventTime",
"ecs":"timestamp"
}
]