\{"sourcetype":"zscalernss-web","event":\{"datetime":"%d{yy}-%02d{mth}-%02d{dd} %02d{hh}:%02d{mm}:%02d{ss}","reason":"%s{reason}","event_id":"%d{recordid}","protocol":"%s{proto}","action":"%s{action}","transactionsize":"%d{totalsize}","responsesize":"%d{respsize}","requestsize":"%d{reqsize}","urlcategory":"%s{urlcat}","serverip":"%s{sip}","clienttranstime":"%d{ctime}","requestmethod":"%s{reqmethod}","refererURL":"%s{referer}","useragent":"%s{ua}","product":"NSS","location":"%s{location}","ClientIP":"%s{cip}","status":"%s{respcode}","user":"%s{login}","url":"%s{url}","vendor":"Zscaler","hostname":"%s{host}","clientpublicIP":"%s{cintip}","threatcategory":"%s{malwarecat}","threatname":"%s{threatname}","filetype":"%s{filetype}","appname":"%s{appname}","pagerisk":"%d{riskscore}","department":"%s{dept}","urlsupercategory":"%s{urlsupercat}","appclass":"%s{appclass}","dlpengine":"%s{dlpeng}","urlclass":"%s{urlclass}","threatclass":"%s{malwareclass}","dlpdictionaries":"%s{dlpdict}","ft_rulename":"%s{ft_rulename}","fileclass":"%s{fileclass}","bwthrottle":"%s{bwthrottle}","servertranstime":"%d{stime}","contenttype":"%s{contenttype}","unscannabletype":"%s{unscannabletype}","deviceowner":"%s{deviceowner}","devicehostname":"%s{devicehostname}","company":"%s{company}","cloudname":"%s{cloudname}","throttlereqsize":"%d{throttlereqsize}","throttlerespsize":"%d{throttlerespsize}","bwclassname":"%s{bwclassname}","bwrulename":"%s{bwrulename}","app_risk_score":"%s{app_risk_score}","app_status":"%s{app_status}","activity":"%s{activity}","prompt_req":"%s{prompt_req}","inst_level1_type":"%s{inst_level1_type}","inst_level1_id":"%s{inst_level1_id}","inst_level1_name":"%s{inst_level1_name}","inst_level2_type":"%s{inst_level2_type}","inst_level2_id":"%s{inst_level2_id}","inst_level2_name":"%s{inst_level2_name}","inst_level3_type":"%s{inst_level3_type}","inst_level3_id":"%s{inst_level3_id}","inst_level3_name":"%s{inst_level3_name}","datacenter":"%s{datacenter}","datacentercity":"%s{datacentercity}","datacentercountry":"%s{datacentercountry}","dlpdicthitcount":"%s{dlpdicthitcount}","dlpeng":"%s{dlpeng}","dlpidentifier":"%d{dlpidentifier}","dlpmd5":"%s{dlpmd5}","dlprulename":"%s{dlprulename}","trig_dlprulename":"%s{trig_dlprulename}","other_dlprulenames":"%s{other_dlprulenames}","all_dlprulenames":"%s{all_dlprulenames}","filename":"%s{filename}","filesubtype":"%s{filesubtype}","upload_fileclass":"%s{upload_fileclass}","upload_filetype":"%s{upload_filetype}","upload_filename":"%s{upload_filename}","upload_filesubtype":"%s{upload_filesubtype}","upload_doctypename":"%s{upload_doctypename}","rdr_rulename":"%s{rdr_rulename}","fwd_type":"%s{fwd_type}","fwd_gw_name":"%s{fwd_gw_name}","fwd_gw_ip":"%s{fwd_gw_ip}","zpa_app_seg_name":"%s{zpa_app_seg_name}","reqdatasize":"%d{reqdatasize}","reqhdrsize":"%d{reqhdrsize}","respdatasize":"%d{respdatasize}","resphdrsize":"%d{resphdrsize}","reqversion":"%s{reqversion}","respversion":"%s{respversion}","refererhost":"%s{refererhost}","uaclass":"%s{uaclass}","ua_token":"%s{ua_token}","df_hostname":"%s{df_hostname}","df_hosthead":"%s{df_hosthead}","mobappname":"%s{mobappname}","mobappcat":"%s{mobappcat}","mobdevtype":"%s{mobdevtype}","cpubip":"%s{cpubip}","clt_sport":"%d{clt_sport}","srcip_country":"%s{srcip_country}","dstip_country":"%s{dstip_country}","is_src_cntry_risky":"%s{is_src_cntry_risky}","is_dst_cntry_risky":"%s{is_dst_cntry_risky}","srv_dport":"%d{srv_dport}","alpnprotocol":"%s{alpnprotocol}","trafficredirectmethod":"%s{trafficredirectmethod}","userlocationname":"%s{userlocationname}","ruletype":"%s{ruletype}","rulelabel":"%s{rulelabel}","urlfilterrulelabel":"%s{urlfilterrulelabel}","apprulelabel":"%s{apprulelabel}","bamd5":"%s{bamd5}","sha256":"%s{sha256}","ssldecrypted":"%s{ssldecrypted}","externalspr":"%s{externalspr}","keyprotectiontype":"%s{keyprotectiontype}","clientsslcipher":"%s{clientsslcipher}","clienttlsversion":"%s{clienttlsversion}","clientsslsessreuse":"%s{clientsslsessreuse}","cltsslfailreason":"%s{cltsslfailreason}","cltsslfailcount":"%d{cltsslfailcount}","srvsslcipher":"%s{srvsslcipher}","srvtlsversion":"%s{srvtlsversion}","serversslsessreuse":"%s{serversslsessreuse}","srvocspresult":"%s{srvocspresult}","srvcertchainvalpass":"%s{srvcertchainvalpass}","srvwildcardcert":"%s{srvwildcardcert}","srvcertvalidationtype":"%s{srvcertvalidationtype}","srvcertvalidityperiod":"%s{srvcertvalidityperiod}","is_ssluntrustedca":"%s{is_ssluntrustedca}","is_sslselfsigned":"%s{is_sslselfsigned}","is_sslexpiredca":"%s{is_sslexpiredca}","threatseverity":"%s{threatseverity}","urlcatmethod":"%s{urlcatmethod}","devicemodel":"%s{devicemodel}","devicename":"%s{devicename}","devicetype":"%s{devicetype}","deviceostype":"%s{deviceostype}","deviceosversion":"%s{deviceosversion}","deviceappversion":"%s{deviceappversion}","ztunnelversion":"%s{ztunnelversion}","external_devid":"%s{external_devid}","bypassed_traffic":"%d{bypassed_traffic}","bypassed_etime":"%s{bypassed_etime}","flow_type":"%s{flow_type}","pcapid":"%s{pcapid}","productversion":"%s{productversion}","nsssvcip":"%s{nsssvcip}","eedone":"%s{eedone}"\}\}