This documentation does not apply to the most recent version of Splunk® App for Fraud Analytics.
For documentation on the most recent version, go to the latest release.
Download topic as PDF
Data model definitions
Use the following tables for information on the various fields in the fraud related data models:
Fraud account data model
Name | Description | Example | Format | Source |
---|---|---|---|---|
acc_age
|
Age of the account (in days) | 107 | Number | Extracted |
acc_holder_dob
|
Date of birth | 05/25/1995 | String | Extracted |
acc_holder_first_name
|
FIrst name | John | String | Extracted |
acc_holder_last_name
|
Last name | Smith | String | Extracted |
acc_holder_middle
|
Middle initial | P | String | Extracted |
acc_status
|
Account status | Approve | String | Extracted |
addr_home_city
|
City of home address | Seattle | String | Extracted |
addr_home_state
|
State of home address | Washington | String | Extracted |
addr_home_zip
|
Zip Code of home address | 92017 | Number | Extracted |
addr_home_zip_lat
|
Latitude of zip code | String | Lookup | |
addr_home_zip_lon
|
Longitude of zip code | String | Lookup | |
deviceid
|
Device identifier | |||
direct_deposit
|
Destination account for funds | 12345678 | Number | Extracted |
email
|
Email address | john.smith@gmail.com | String | Extracted |
email_domain_root
|
Email address domain (root) | gmail | String | Eval Expression |
email_domain_tld
|
Email address domain (top level) | gmail.com | String | Eval Expression |
email_normalized
|
Email address (Includes the name) | johnsmith@gmail.com | String | Eval Expression |
host
|
Host of the data source | String | Inherited | |
http_accept
|
String | Extracted | ||
http_accept_language
|
String | Extracted | ||
http_content_type | String | Extracted | ||
http_method
|
API method (Post, Get, and so on) | String | Extracted | |
http_referer
|
Referring URL | String | Extracted | |
http_user_agent
|
Web browser identifier | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 Edge/14.14393 |
String | Extracted |
mmn
|
Mother's maiden name | Smith | String | Extracted |
occupation
|
Occupation | Janitor | String | Extracted |
password
|
Password | Hash of pwd | String | Eval Expression |
phone_home
|
Home phone number | 209-121-2398 | String | Extracted |
r_10
|
Deprecated | Number | Eval Expression | |
source
|
Source of the data source | String | Inherited | |
sourcetype
|
Sourcetype of the data source | String | Inherited | |
src_ip
|
IP address logged for the event | 123.10.10.234 | IPv4 | Extracted |
src_ip_City
|
City corresponding to the IP address | Los Angeles | String | Geo IP |
src_ip_Country
|
Country corresponding to the IP address | United States | String | Geo IP |
src_ip_lat
|
Latitude corresponding to the IP address | String | Geo IP | |
src_ip_lon
|
Longitude corresponding to the IP address | String | Geo IP | |
src_ip_Region
|
State or province corresponding to the IP address | Florida | String | Geo IP |
ssn
|
Social security number | 172-90-9201 | String | Extracted |
uniqueid
|
Credit, benefits application ID, or permanent user ID that supersedes SSN or username | String | Extracted | |
username
|
Username | barneysmith | String | Extracted |
Fraud web data model
Name | Description | Example | Format | Source |
---|---|---|---|---|
accept_language
|
Language accepted by the browser | String | Extracted | |
action
|
String | Extracted | ||
actions
|
String | Extracted | ||
bill_payments_num
|
Number | Extracted | ||
bytes_in
|
Number | Extracted | ||
bytes_in_total
|
Number | Extracted | ||
bytes_out
|
Number | Extracted | ||
bytes_out_total
|
Number | Extracted | ||
City
|
String | Extracted | ||
Countries_num
|
Number | Extracted | ||
Country
|
String | Extracted | ||
date_hour
|
Number | Extracted | ||
date_mday
|
Number | Extracted | ||
date_month
|
String | Extracted | ||
date_wday
|
String | Extracted | ||
date_year
|
Number | Extracted | ||
date_zone
|
Number | Extracted | ||
deposit_checks_num
|
Number | Extracted | ||
errors
|
Number | Extracted | ||
host
|
String | Inherited | ||
http_accept
|
String | Extracted | ||
http_accept_language
|
String | Extracted | ||
http_content_type
|
String | Extracted | ||
http_method
|
API method (Post, Get, and so on) | String | Extracted | |
http_referer
|
Referring URL | String | Extracted | |
http_user_agent | Browser identifier | String | Extracted | |
http_user_agents_num
|
Number | Extracted | ||
ip_16_subnet
|
String | Extracted | ||
ip_16_subnets
|
String | Extracted | ||
ip_16_subnets_num
|
Number | Extracted | ||
ip_subnet_16
|
String | Extracted | ||
ip_subnet_24
|
String | Extracted | ||
is_aggregator
|
Number | Extracted | ||
languages
|
String | Extracted | ||
logged_in
|
Number | Extracted | ||
logins_success_num
|
Number | Extracted | ||
money_movements_num
|
Number | Extracted | ||
r_10
|
deprecated | Number | Eval expression | |
r_100
|
Deprecated | Number | Eval expression | |
r_1000
|
Deprecated | Number | Eval expression | |
r_10000
|
Deprecated | Number | Eval expression | |
r_100000
|
Deprecated | Number | Eval expression | |
r_1000000
|
Deprecated | Number | Eval expression | |
Region
|
String | Extracted | ||
risk_exposure
|
Number | Extracted | ||
risk_exposure_r
|
Number | Extracted | ||
risk_level
|
Number | Extracted | ||
risk_level_r
|
Number | Extracted | ||
screen
|
String | Extracted | ||
screens
|
String | Extracted | ||
security_code_requests_num
|
Number | Extracted | ||
session_duration
|
Number | Extracted | ||
session_events_num
|
Number | Extracted | ||
session_id
|
Web session ID | String | Extracted | |
source
|
String | Inherited | ||
sourcetype
|
String | Inherited | ||
src_ip
|
Client IP address | 10.10.10.20 | String | Extracted |
src_ips_num
|
Number | Extracted | ||
status
|
Web page status | 400, 200, etc | Number | Extracted |
trade_securities_num
|
Number | Extracted | ||
uri
|
String | Extracted | ||
uri_path
|
String | Extracted | ||
username
|
Username | barneysmith | String | Extracted |
username_ex
|
String | Extracted | ||
username_tried
|
String | Extracted | ||
usernames
|
String | Extracted | ||
usernames_num
|
Number | Extracted |
Last modified on 10 November, 2023
PREVIOUS Workflow actions in Splunk App for Fraud Analytics |
NEXT Interactive search panel visualization commands |
This documentation applies to the following versions of Splunk® App for Fraud Analytics: 1.1.3
Feedback submitted, thanks!