Part 4: Final
"panw.panos.destination.zone",
"panw.panos.destination.interface",
"panw.panos.network.pcap_id",
"panw.panos.network.nat.community_id",
"panw.panos.file.hash",
"panw.panos.url.category",
"panw.panos.flow_id",
"panw.panos.threat.resource",
"panw.panos.threat.id",
"panw.panos.threat.name",
"postgresql.log.timestamp",
"postgresql.log.database",
"postgresql.log.query",
"rabbitmq.log.pid",
"redis.log.role",
"redis.slowlog.cmd",
"redis.slowlog.key",
"redis.slowlog.args",
"santa.action",
"santa.decision",
"santa.reason",
"santa.mode",
"santa.disk.volume",
"santa.disk.bus",
"santa.disk.serial",
"santa.disk.bsdname",
"santa.disk.model",
"santa.disk.fs",
"santa.disk.mount",
"certificate.common_name",
"certificate.sha256",
"hash.sha256",
"suricata.eve.event_type",
"suricata.eve.app_proto_orig",
"suricata.eve.tcp.tcp_flags",
"suricata.eve.tcp.tcp_flags_tc",
"suricata.eve.tcp.state",
"suricata.eve.tcp.tcp_flags_ts",
"suricata.eve.fileinfo.sha1",
"suricata.eve.fileinfo.state",
"suricata.eve.fileinfo.sha256",
"suricata.eve.fileinfo.md5",
"suricata.eve.dns.type",
"suricata.eve.dns.rrtype",
"suricata.eve.dns.rrname",
"suricata.eve.dns.rdata",
"suricata.eve.dns.rcode",
"suricata.eve.flow_id",
"suricata.eve.email.status",
"suricata.eve.http.redirect",
"suricata.eve.http.protocol",
"suricata.eve.http.http_content_type",
"suricata.eve.in_iface",
"suricata.eve.alert.category",
"suricata.eve.alert.signature",
"suricata.eve.ssh.client.proto_version",
"suricata.eve.ssh.client.software_version",
"suricata.eve.ssh.server.proto_version",
"suricata.eve.ssh.server.software_version",
"suricata.eve.tls.issuerdn",
"suricata.eve.tls.sni",
"suricata.eve.tls.version",
"suricata.eve.tls.fingerprint",
"suricata.eve.tls.serial",
"suricata.eve.tls.subject",
"suricata.eve.app_proto_ts",
"suricata.eve.flow.state",
"suricata.eve.flow.reason",
"suricata.eve.app_proto_tc",
"suricata.eve.smtp.rcpt_to",
"suricata.eve.smtp.mail_from",
"suricata.eve.smtp.helo",
"suricata.eve.app_proto_expected",
"system.auth.ssh.method",
"system.auth.ssh.signature",
"system.auth.ssh.event",
"system.auth.sudo.error",
"system.auth.sudo.tty",
"system.auth.sudo.pwd",
"system.auth.sudo.user",
"system.auth.sudo.command",
"system.auth.useradd.home",
"system.auth.useradd.shell",
"traefik.access.user_identifier",
"traefik.access.frontend_name",
"traefik.access.backend_url",
"zeek.session_id",
"zeek.connection.state",
"zeek.connection.history",
"zeek.connection.orig_l2_addr",
"zeek.connection.resp_l2_addr",
"zeek.dns.trans_id",
"zeek.dns.query",
"zeek.dns.qclass_name",
"zeek.dns.qtype_name",
"zeek.dns.rcode_name",
"zeek.dns.answers",
"zeek.http.status_msg",
"zeek.http.info_msg",
"zeek.http.tags",
"zeek.http.password",
"zeek.http.proxied",
"zeek.http.client_header_names",
"zeek.http.server_header_names",
"zeek.http.orig_fuids",
"zeek.http.orig_mime_types",
"zeek.http.orig_filenames",
"zeek.http.resp_fuids",
"zeek.http.resp_mime_types",
"zeek.http.resp_filenames",
"zeek.files.fuid",
"zeek.files.session_ids",
"zeek.files.source",
"zeek.files.analyzers",
"zeek.files.mime_type",
"zeek.files.filename",
"zeek.files.parent_fuid",
"zeek.files.md5",
"zeek.files.sha1",
"zeek.files.sha256",
"zeek.files.extracted",
"zeek.ssl.version",
"zeek.ssl.cipher",
"zeek.ssl.curve",
"zeek.ssl.server_name",
"zeek.ssl.next_protocol",
"zeek.ssl.cert_chain",
"zeek.ssl.cert_chain_fuids",
"zeek.ssl.client_cert_chain",
"zeek.ssl.client_cert_chain_fuids",
"zeek.ssl.issuer",
"zeek.ssl.client_issuer",
"zeek.ssl.validation_status",
"zeek.ssl.validation_code",
"zeek.ssl.subject",
"zeek.ssl.client_subject",
"zeek.ssl.last_alert",
"zeek.notice.connection_id",
"zeek.notice.icmp_id",
"zeek.notice.file.id",
"zeek.notice.file.parent_id",
"zeek.notice.file.source",
"zeek.notice.file.mime_type",
"zeek.notice.fuid",
"zeek.notice.note",
"zeek.notice.msg",
"zeek.notice.sub",
"zeek.notice.peer_name",
"zeek.notice.peer_descr",
"zeek.notice.actions",
"zeek.notice.email_body_sections",
"zeek.notice.email_delay_tokens",
"zeek.notice.identifier",
"fields.*"