8.5. Analytics Data Lake Description
In this section, we will see all the data fields that are in the different index-patterns. The different index-pattern we can find are the following:
- “bro-*”: Shows all the events captured by the ON Sensor. 
- “identities”: When anonymization is activated in Logstash, the relation between the hash and the value is found in this index. 
- “opennac-*”: Shows all the events for the user devices that can be enriched with OpenNAC Enterprise. That means that we have the MAC. 
- “opennac_captive-*”: Shows all the events on the Captive Portal. 
- “opennac_macport-*”: Shows all the macport events. 
- “opennac_nd”: Shows the last event for the network devices. 
- “opennac_nd-*”: Shows all the events for the network devices. 
- “opennac_ud”: Shows the last event for the user devices that can be enriched with OpenNAC Enterprise, that means that we have the MAC. 
- “radius-*”: Shows all the RADIUS events. 
- “misc-*”: Shows all the logs that don’t match with the other index. This index should not have many logs. If it is not like that, contact your administrator. 
- “external_syslog-*”: Shows the network events sended by the network devices. 
- “third_party_vpn”: Shows all the events related to the Third Party VPN use case.