# Copyright 2023-2025 Citrix Systems, Inc.
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED AS IS, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.

# AppFlow Fields exported by NetScaler
---
[
	{"Name":"sourceIPv6AddressRx", "Datatype":"octetarray", "Description":"The IPv6 source address in the IP packet header."},
	{"Name":"destinationIPv6AddressRx", "Datatype":"octetarray", "Description":"The IPv6 destination address in the IP packet header."},
	{"Name":"icaSessionGuid", "Datatype":"octetarray", "Description":"Unique session GUID associated with the ICA Session. If XA 6.5 or older is deployed, NetScaler will generate the GUID currently. Therefore every time a session reconnects, there is a new GUID. If XD 5.6, XD 7.0 and above are deployed, the GUID is generated by ICA Broker/host. The same GUID is used across reconnects."},
	{"Name":"msiClientCookie", "Datatype":"octetarray", "Description":"MSI Connection GUID. It is unique for a MSI Connection session. All Connections in this MSI Session share the same client cookie."},
	{"Name":"connectionChainID", "Datatype":"octetarray", "Description":"This ID is used to collate connections across multiple devices over which an ICA session can be monitored. The Citrix device that terminates this connection sets this value and the other devices in the chain forward it. It is a combination of NetScaler MAC address, NetScaler process start timestamp and connection setup timestamp."},
	{"Name":"VPNsessionID", "Datatype":"octetarray", "Description":"Unique VPN session identifier."},
	{"Name":"EPAID", "Datatype":"octetarray", "Description":"Unique EPA session identifier."},
	{"Name":"epaId", "Datatype":"octetarray", "Description":"Unique EPA session identifier."},
	{"Name":"logonTicketSetup", "Datatype":"octetarray", "Description":"The user Log-on ticket, used for ICA connection verification by server."},
	{"Name":"logonTicketFileInfo", "Datatype":"octetarray", "Description":"Logon ticket issued to user, used for ICA connection verification by server when ICA connection is established."},
	{"Name":"STATicket", "Datatype":"octetarray", "Description":"STA ticket issued to the user, used by Netscaler Gateway for validation."},
	{"Name":"SessionSharingKey", "Datatype":"octetarray", "Description":"Session sharing key."},
	{"Name":"backendSvrIpv6Address", "Datatype":"octetarray", "Description":"Backend Server IPv6 address"},
	{"Name":"transCltIpv6Address", "Datatype":"octetarray", "Description":"Client IPv6 address"},
	{"Name":"transCltDstIpv6Address", "Datatype":"octetarray", "Description":"Vserver IPv6 address"},
	{"Name":"videoSessClientIpv6Addr", "Datatype":"octetarray", "Description":"Client IPv6 address in the current video session"},
	{"Name":"videoTxnClientIpv6Addr", "Datatype":"octetarray", "Description":"Client IPv6 address in the current video transaction"},
	{"Name":"videoTxnServerIpv6Addr", "Datatype":"octetarray", "Description":"Server IPv6 address in the current video transaction"},
	{"Name":"TempVPNsessionID", "Datatype":"octetarray", "Description":"During n-factor authentication, the actual session ID is created after all the stages of authentication are passed. In the interim, a temporary ID is created."},
	{"Name":"lsnSourceIPv6Address", "Datatype":"octetarray", "Description":"The IPv6 source address in the IP packet header."},
	{"Name":"lsnQuotaSourceIPv6Address", "Datatype":"octetarray", "Description":"The IPv6 source address in the IP packet header."},
	{"Name":"ngsConnectionGuid", "Datatype":"octetarray", "Description":"Unique session GUID associated  for NGS. Same as connection id."},
	{"Name":"diameterSubscriberIpv6Address", "Datatype":"octetarray", "Description":"The subscriber IPv6 address."},
	{"Name":"diameterSubscriberIPv6Addr", "Datatype":"octetarray", "Description":"The subscriber IPv6 address."},
	{"Name":"VPNsessionIdAuth", "Datatype":"octetarray", "Description":"Unique VPN session identifier."},
	{"Name":"VPNsessionIdSessUpdate", "Datatype":"octetarray", "Description":"Unique VPN session identifier."},
	{"Name":"VPNsessionIdICA", "Datatype":"octetarray", "Description":"Unique VPN session identifier."},
	{"Name":"VPNsessionIdAppLaunch", "Datatype":"octetarray", "Description":"Unique VPN sessionidentifier."},
	{"Name":"VPNsessionIdLogout", "Datatype":"octetarray", "Description":"Unique VPN session identifier."},
	{"Name":"VPNsessionIdTemp", "Datatype":"octetarray", "Description":"Unique VPN session identifier."},
	{"Name":"STATicketICA", "Datatype":"octetarray", "Description":"STA ticket issued to the user, used by Netscaler Gateway for validation."},
	{"Name":"STATicketAppLaunch", "Datatype":"octetarray", "Description":"STA ticket issued to the user, used by Netscaler Gateway for validation."},
	{"Name":"flowIdRx", "Datatype":"uint64", "Description":"Information Element can be used to distinguish between different Flows if Flow Keys such as IP addresses and port numbers are not reported or are reported in separate records."},
	{"Name":"flowFlagsRx", "Datatype":"uint64", "Description":"Application layer flags, for use between the exporter and collector to indicate various Layer-7 events. \n0x01 Window Scaling option received. \n0x02 Selective-Acknowledgement option received. \n0x3c Netscaler's window scale value. \n0x3c0 window scale value received. \n0x1c00 MSS received. \n0x2000 Netscaler in Endpoint Mode. \n0x4000 TCP Buffereing mode enabled. \n0x8000 Compression enabled. \n0x10000 HTTP version 1.0. \n0x20000 HTTP version 1.1. \n0x30000 HTTP version 2.0. \n0x40000 PUSH flag enabled. \n0x80000 Client-side-measurements enabled on this transaction. \n0x100000 NetScaler generated response. \n0x200000 Caching enabled. \n0x400000 DOS Protection enabled. \n0x800000 Surge Connect enabled. \n0x1000000 SSL Connection. \n0x0000000004000000 HTTP Message with FIN termination. \n0x0000000008000000 HTTP content-encoding content-length. \n0x000000000C000000 HTTP chunked encoding. \n0x0000000010000000 HTTP Message encoding with Brotli Algorithm. \n0x000000001C000000 HTTP Message type ABORT. \n0x0000000040000000 The ipfix message is for a flow from NetScaler to Client. \n0x0000000080000000 The ipfix message is for a flow from Server to NetScaler. \n0x00000000C0000000. The ipfix message is for a flow from NetScaler to Server. \n0x0000000100000000 NetScaler response before request case. \n0x0000000200000000 Normal End of HTTP Transaction. NS_IPFIX_ABORT_TRANSACTION The HTTP transaction was aborted. \n0x0000000800000000 Cache bypass occurred with CR enabled. \n0x0000001000000000 HTTP request was received by CR vserver. NS_IPFIX_DNS_RESOLUTION_FAILURE DNS resolution failure in case of CR."},
	{"Name":"flowFlagsTx", "Datatype":"uint64", "Description":"Application layer flags, for use between the exporter and collector to indicate various Layer-7 events. \n0x01 Window Scaling option received. \n0x02 Selective-Acknowledgement option received. \n0x3c Netscaler's window scale value. \n0x3c0 window scale value received. \n0x1c00 MSS received. \n0x2000 Netscaler in Endpoint Mode. \n0x4000 TCP Buffereing mode enabled. \n0x8000 Compression enabled. \n0x10000 HTTP version 1.0. \n0x20000 HTTP version 1.1. \n0x30000 HTTP version 2.0. \n0x40000 PUSH flag enabled. \n0x80000 Client-side-measurements enabled on this transaction. \n0x100000 NetScaler generated response. \n0x200000 Caching enabled. \n0x400000 DOS Protection enabled. \n0x800000 Surge Connect enabled. \n0x1000000 SSL Connection. \n0x0000000004000000 HTTP Message with FIN termination. \n0x0000000008000000 HTTP content-encoding content-length. \n0x000000000C000000 HTTP chunked encoding. \n0x0000000010000000 HTTP Message encoding with Brotli Algorithm. \n0x000000001C000000 HTTP Message type ABORT. \n0x0000000040000000 The ipfix message is for a flow from NetScaler to Client. \n0x0000000080000000 The ipfix message is for a flow from Server to NetScaler. \n0x00000000C0000000. The ipfix message is for a flow from NetScaler to Server. \n0x0000000100000000 NetScaler response before request case. \n0x0000000200000000 Normal End of HTTP Transaction. NS_IPFIX_ABORT_TRANSACTION The HTTP transaction was aborted. \n0x0000000800000000 Cache bypass occurred with CR enabled. \n0x0000001000000000 HTTP request was received by CR vserver. NS_IPFIX_DNS_RESOLUTION_FAILURE DNS resolution failure in case of CR."},
	{"Name":"cltFlowFlagsRx", "Datatype":"uint64", "Description":"Application layer flags, for use between the exporter and collector to indicate various Layer-7 events and types like the direction of the flow (client-in, svc-out, etc.), http version, NetScaler cache served responses, SSL, compression, TCP buffering, and many more."},
	{"Name":"cltFlowFlagsTx", "Datatype":"uint64", "Description":"Application layer flags, for use between the exporter and collector to indicate various Layer-7 events and types like the direction of the flow (client-in, svc-out, etc.), http version, NetScaler cache served responses, SSL, compression, TCP buffering, and many more."},
	{"Name":"srvFlowFlagsRx", "Datatype":"uint64", "Description":"Application layer flags, for use between the exporter and collector to indicate various Layer-7 events and types like the direction of the flow (client-in, svc-out, etc.), http version, NetScaler cache served responses, SSL, compression, TCP buffering, and many more."},
	{"Name":"srvFlowFlagsTx", "Datatype":"uint64", "Description":"Application layer flags, for use between the exporter and collector to indicate various Layer-7 events and types like the direction of the flow (client-in, svc-out, etc.), http version, NetScaler cache served responses, SSL, compression, TCP buffering, and many more."},
	{"Name":"httpRspLen", "Datatype":"uint64", "Description":"Total size of HTTP response."},
	{"Name":"reqTimestamp", "Datatype":"uint64", "Description":"Timestamp when the first byte of request is received from a client on a NetScaler appliance."},
	{"Name":"surgeQTime", "Datatype":"uint64", "Description":"Waiting time in vservers queue."},
	{"Name":"httpReqRcvFB", "Datatype":"uint64", "Description":"Timestamp when the first byte of request is received from a client on a NetScaler appliance."},
	{"Name":"httpReqForwFB", "Datatype":"uint64", "Description":"Timestamp when the first byte of request is forwarded from a NetScaler appliance to a server."},
	{"Name":"httpResRcvFB", "Datatype":"uint64", "Description":"Timestamp when the first byte of response is received from a server on a NetScaler appliance."},
	{"Name":"httpResForwFB", "Datatype":"uint64", "Description":"Timestamp when the first byte of response is forwarded from a NetScaler appliance to a client."},
	{"Name":"httpReqRcvLB", "Datatype":"uint64", "Description":"Timestamp when the last byte of request is received on a NetScaler appliance from a client."},
	{"Name":"httpReqForwLB", "Datatype":"uint64", "Description":"Timestamp when the last byte of request is forwarded from a NetScaler appliance to a server."},
	{"Name":"httpResRcvLB", "Datatype":"uint64", "Description":"Timestamp when the last byte of a response is received from a server on a NetScaler appliance."},
	{"Name":"httpResForwLB", "Datatype":"uint64", "Description":"Timestamp when the last byte of a response is forwarded to a client from a NetScaler appliance."},
	{"Name":"icaFlags", "Datatype":"uint64", "Description":"These flags indicate properties of the ICA session. \nValues are indicated as follows:\n0x00000004 = MSI enabled.  \n0x00000008 = MSI Secondary. \n0x00000010 = Seamless Session. \n0x00000020 = ICA Compression disabled. \n0x00000040 = Session GUID from XA/XD. \n0x00000080 = EUEM Enabled on Session. \n0x00000100 = Client supports EUEM. \n0x00001000 = WanOpt on clientside of this NetScaler. \n0x00002000 = WanOpt on Serverside of this NetScaler."},
	{"Name":"maxLicenseCount", "Datatype":"uint64", "Description":"Maximum or total number of licenses available."},
	{"Name":"currentLicenseConsumed", "Datatype":"uint64", "Description":"Total number of licenses consumed."},
	{"Name":"nsFeatureEnabledForAppflow", "Datatype":"uint64", "Description":"This flag indicates features enabled on NetScaler. 0x0000000000000001: Cache Redirection."},
	{"Name":"originRspLen", "Datatype":"uint64", "Description":"Length of the response sent by the origin server"},
	{"Name":"accessInsightFlags", "Datatype":"uint64", "Description":"Gateway insight flags indicating extra information about authentication. \nValues are listed below:  \n0x0000000000000001ULL: Last authentication record.  \n0x0000000000000002ULL: Indicates whether the authentication record contains pre-authentication information.  \n0x0000000000000004ULL: : Indicates whether the authentication record contains post-authentication information."},
	{"Name":"applicationByteCount", "Datatype":"uint64", "Description":"Total number of bytes consumed by the application."},
	{"Name":"appfwProfileRelaxedFlags", "Datatype":"uint64", "Description":"64bit flag denotes which of the profile checks are relaxed from safety index calculation"},
	{"Name":"appfwProfileBlockFlags", "Datatype":"uint64", "Description":"64bit flag denotes which of the profile checks have BLOCK option enabled.\n0-BUFFEROVERFLOW\n1-CONTENT_TYPE\n2-COOKIE\n3-CSRF_TAG\n4-DENYURL\n5-FIELDCONSISTENCY\n6-FIELDFORMAT\n7-MAX_UPLOADS\n8-REFERER_HEADER\n9-SAFECOMMERCE\n10-SAFEOBJECT\n11-SQL\n12-STARTURL\n13-XSS\n14-XMLDOS\n15-XMLFORMAT\n16-XMLSQL\n17-XMLWSI\n18-XMLXSS\n19-XML_ATTACHMENT\n20-XML_SOAPFAULT\n21-XML_VALIDATION"},
	{"Name":"appfwProfileLogFlags", "Datatype":"uint64", "Description":"64bit flag denotes which of the profile checks have LOG option enabled"},
	{"Name":"appfwProfileLearnFlags", "Datatype":"uint64", "Description":"64bit flag denotes which of the profile checks have LEARN option enabled"},
	{"Name":"appfwProfileStatsflags", "Datatype":"uint64", "Description":"64bit flag denotes which of the profile checks have STAT option enabled"},
	{"Name":"appfwProfileNoneFlags", "Datatype":"uint64", "Description":"64bit flag denotes which of the profile checks have NONE option enabled"},
	{"Name":"systemRuleFlags1", "Datatype":"uint64", "Description":"64bit flag where each bit indicates whether the corresponding system rule complains or not"},
	{"Name":"tcpSynAttackCntr", "Datatype":"uint64", "Description":"Number of SYN attacks happened on vserver"},
	{"Name":"tcpSlowrisCntr", "Datatype":"uint64", "Description":"Number of SLOWRIS attacks happened on vserver"},
	{"Name":"tcpzerowindowCntr", "Datatype":"uint64", "Description":"Number of ZEROWINDOW attacks happened on vserver"},
	{"Name":"transSvrFlowEndUsecRx", "Datatype":"uint64", "Description":"Timestamp when last byte was received from server."},
	{"Name":"transSvrFlowEndUsecTx", "Datatype":"uint64", "Description":"Timestamp when last byte was sent to the server."},
	{"Name":"transCltFlowEndUsecRx", "Datatype":"uint64", "Description":"Timestamp when last byte was received from client."},
	{"Name":"transCltFlowEndUsecTx", "Datatype":"uint64", "Description":"Timestamp when last byte was sent to the client"},
	{"Name":"transSvrTotRxOctCnt", "Datatype":"uint64", "Description":"Total number of bytes received from server."},
	{"Name":"transCltTotRxOctCnt", "Datatype":"uint64", "Description":"Total number of bytes received from client."},
	{"Name":"transSvrTotTxOctCnt", "Datatype":"uint64", "Description":"Total number of bytes sent to server."},
	{"Name":"transCltTotTxOctCnt", "Datatype":"uint64", "Description":"Total number of bytes sent to the client."},
	{"Name":"connSrvRxByte", "Datatype":"uint64", "Description":"L4 Packets received by server"},
	{"Name":"connCltRxByte", "Datatype":"uint64", "Description":"L4 Packets received by client"},
	{"Name":"connSrvTxBytes", "Datatype":"uint64", "Description":"L4 Packets sent by server"},
	{"Name":"connCltTxBytes", "Datatype":"uint64", "Description":"L4 Packets sent by client"},
	{"Name":"transSvrRTT", "Datatype":"uint64", "Description":"Server-side TCP Round Trip Time. Last 32bytes is the total RTT and first 32bytes is the number of samples. When number of samples is 0, ignore the RTT."},
	{"Name":"transCltRTT", "Datatype":"uint64", "Description":"Client-side TCP Round Trip Time. Last 32bytes is the total RTT and first 32bytes is the number of samples. When number of samples is 0, ignore the RTT."},
	{"Name":"transSvrFlowStartUsecRx", "Datatype":"uint64", "Description":"Timestamp when first byte was received from server."},
	{"Name":"transSvrFlowStartUsecTx", "Datatype":"uint64", "Description":"Timestamp when first byte was sent to server."},
	{"Name":"transCltFlowStartUsecRx", "Datatype":"uint64", "Description":"Timestamp when first byte was received from client."},
	{"Name":"transCltFlowStartUsecTx", "Datatype":"uint64", "Description":"Timestamp when first byte was sent to client."},
	{"Name":"maxBurstOctetCountRX", "Datatype":"uint64", "Description":"Number of bytes received in the largest burst."},
	{"Name":"maxBurstOctetCountTX", "Datatype":"uint64", "Description":"Number of bytes transmitted in the largest burst."},
	{"Name":"maxBurstRetransOctetCountRX", "Datatype":"uint64", "Description":"Number of retransmitted bytes received in the largest burst."},
	{"Name":"maxBurstRetransOctetCountTX", "Datatype":"uint64", "Description":"Number of retransmitted bytes transmitted in the largest burst."},
	{"Name":"clientLoadEndTime", "Datatype":"uint64", "Description":"Timestamp when page load was completed on HTTP client. This is available when clientsidemeasurements is enabled."},
	{"Name":"clientLoadStartTime", "Datatype":"uint64", "Description":"Timestamp when page load started on HTTP client.This is available when clientsidemeasurements is enabled."},
	{"Name":"clientRenderEndTime", "Datatype":"uint64", "Description":"Timestamp when page rendering was completed on HTTP client. This is available when clientsidemeasurements is enabled."},
	{"Name":"clientRenderStartTime", "Datatype":"uint64", "Description":"Timestamp when page rendering was started on HTTP client. This is available when clientsidemeasurements is enabled."},
	{"Name":"timeStamp", "Datatype":"uint64", "Description":"Timestamp in milliseconds for the event specified by the template."},
	{"Name":"lsn_quota_timeStamp", "Datatype":"uint64", "Description":"Timestamp in milliseconds for the event specified by the template."},
	{"Name":"applicationFlags", "Datatype":"uint64", "Description":"Video Optimization Application Flags. \n0x0001 Content is ABR. \n0x0002 Content received video optimization."},
	{"Name":"ngsClientsideRXBytes", "Datatype":"uint64", "Description":"Number of bytes received on client connection."},
	{"Name":"ngsServersideRXBytes", "Datatype":"uint64", "Description":"Number of bytes received on server connection."},
	{"Name":"ngsClientsideWireRXBytes", "Datatype":"uint64", "Description":"Number of wire bytes received on client connection."},
	{"Name":"ngsServersideWireRXBytes", "Datatype":"uint64", "Description":"Number of wire bytes received on server connection."},
	{"Name":"transCltPacketTotCntRx", "Datatype":"uint64", "Description":"The number of incoming packets since the previous report (if any) for this Flow at the Observation Point received on client connection"},
	{"Name":"transCltPacketTotCntTx", "Datatype":"uint64", "Description":"The number of incoming packets since the previous report (if any) for this Flow at the Observation Point sent on client connection"},
	{"Name":"transSrvPacketTotCntRx", "Datatype":"uint64", "Description":"The number of incoming packets since the previous report (if any) for this Flow at the Observation Point received on server connection"},
	{"Name":"transSrvPacketTotCntTx", "Datatype":"uint64", "Description":"The number of incoming packets since the previous report (if any) for this Flow at the Observation Point sent on server connection"},
	{"Name":"http2SlowrisCntr", "Datatype":"uint64", "Description":"Number of http2 SLOWRIS attacks happened on vserver"},
	{"Name":"connStartTimestamp", "Datatype":"uint64", "Description":"Timestamp when the connection started in microseconds."},
	{"Name":"connEndTimestamp", "Datatype":"uint64", "Description":"Timestamp when the connection ended in microseconds."},
	{"Name":"giTotalBytesSent", "Datatype":"uint64", "Description":"Total number of bytes sent"},
	{"Name":"giTotalBytesRecvd", "Datatype":"uint64", "Description":"Total number of bytes received"},
	{"Name":"ngsConnectionLeaseExpiry", "Datatype":"uint64", "Description":"Connection Leasse expiry for lease based launch."},
	{"Name":"clientConnStartTimestamp", "Datatype":"uint64", "Description":"Timestamp when the client connection started in microseconds."},
	{"Name":"clientConnEndTimestamp", "Datatype":"uint64", "Description":"Timestamp when the client connection ended in microseconds."},
	{"Name":"serverConnStartTimestamp", "Datatype":"uint64", "Description":"Timestamp when the server connection started in microseconds."},
	{"Name":"serverConnEndTimestamp", "Datatype":"uint64", "Description":"Timestamp when the server connection ended in microseconds."},
	{"Name":"ciReqBytesSent", "Datatype":"uint64", "Description":"CI-Request Bytes sent"},
	{"Name":"ciReqBytesReceived", "Datatype":"uint64", "Description":"CI-Request Bytes Received"},
	{"Name":"ciRespBytesSent", "Datatype":"uint64", "Description":"CI-Response Bytes sent"},
	{"Name":"ciRespBytesReceived", "Datatype":"uint64", "Description":"CI-Response Bytes Received"},
	{"Name":"botKMSessionCreationTime", "Datatype":"uint64", "Description":"Bot Session Creation time"},
	{"Name":"botKMSessionCurrentTime", "Datatype":"uint64", "Description":"Bot Session Current time"},
	{"Name":"sourceIPv4AddressRx", "Datatype":"uint32", "Description":"The IPv4 source address in the IP packet header."},
	{"Name":"ingressInterfaceClient", "Datatype":"uint32", "Description":"The index of the IP interface where packets of this Flow are being received. The value matches the value of managed object 'ifIndex' as defined in [RFC2863]. Note that ifIndex values are not assigned statically to an interface and that the interfaces may be renumbered every time the device's management system is re-initialized, as specified in [RFC2863]"},
	{"Name":"ingressInterfaceOpposite", "Datatype":"uint32", "Description":"The index of the IP interface where packets of this Flow are being received. The value matches the value of managed object 'ifIndex' as defined in [RFC2863]. Note that ifIndex values are not assigned statically to an interface and that the interfaces may be renumbered every time the device's management system is re-initialized, as specified in [RFC2863]"},
	{"Name":"destinationIPv4AddressRx", "Datatype":"uint32", "Description":"The IPv4 destination address in the IP packet header."},
	{"Name":"egressInterface", "Datatype":"uint32", "Description":"The index of the IP interface where packets of this Flow are being sent. The value matches the value of managed object 'ifIndex' as defined in [RFC2863]. Note that ifIndex values are not assigned statically to an interface and that the interfaces may be renumbered every time the device's management system is re-initialized, as specified in [RFC2863]"},
	{"Name":"egressInterfaceOpposite", "Datatype":"uint32", "Description":"The index of the IP interface where packets of this Flow are being sent. The value matches the value of managed object 'ifIndex' as defined in [RFC2863]. Note that ifIndex values are not assigned statically to an interface and that the interfaces may be renumbered every time the device's management system is re-initialized, as specified in [RFC2863]"},
	{"Name":"observationPointId", "Datatype":"uint32", "Description":"An identifier of an Observation Point that is unique per Observation Domain. It is RECOMMENDED that this identifier is also unique per IPFIX Device. Typically, this Information Element is used for limiting the scope of other Information Elements."},
	{"Name":"exportingProcessId", "Datatype":"uint32", "Description":"An identifier of an Exporting Process that is unique per IPFIX Device. Typically, this Information Element is used for limiting the scope of other Information Elements. Note that process identifiers are typically assigned dynamically. The Exporting Process may be re-started with a different ID."},
	{"Name":"observationDomainId", "Datatype":"uint32", "Description":"An identifier of an Observation Domain that is locally unique to an Exporting Process. The Exporting Process uses the Observation Domain ID to uniquely identify to the Collecting Process the Observation Domain where Flows were metered. It is RECOMMENDED that this identifier is also unique per IPFIX Device. A value of 0 indicates that no specific Observation Domain is identified by this Information Element. Typically, this Information Element is used for limiting the scope of other Information Elements."},
	{"Name":"clntFastRetxCount", "Datatype":"uint32", "Description":"Fast-retransmission is a TCP optimization feature. This field accounts for number of fast-retransmissions that have occurred in the given interval for client to NS connections"},
	{"Name":"srvrFastRetxCount", "Datatype":"uint32", "Description":"Fast-retransmission is a TCP optimization feature. This field accounts for number of fast-retransmissions that have occurred in the given interval for NS to server connections"},
	{"Name":"transactionId", "Datatype":"uint32", "Description":"At Layer-7, the four flows of a transaction between client and server (client-to-NS, NS-to-Server, Server-to-NS, NS-to-Client) are tied together using the transaction ID."},
	{"Name":"connectionId", "Datatype":"uint32", "Description":"The two flows of a TCP connection are tied together with a connection ID"},
	{"Name":"appNameAppId", "Datatype":"uint32", "Description":"The id of a named entity."},
	{"Name":"mainPageId", "Datatype":"uint32", "Description":"ID of the main (web) page transaction. In an HTML page, the main page transaction is associated with all its embedded object transactions. Each embedded object transaction record contains the transaction ID of the main page so that a parent link to the main transaction can be created. This is used in generating a waterfall chart model depicting the various timing information of the entire page loading."},
	{"Name":"mainPageCoreId", "Datatype":"uint32", "Description":"Packet engine (PE) ID. A transaction ID is unique within a packet engine. Therefore, a PE ID and a transaction ID combination is required because it is unique for a NetScaler appliance."},
	{"Name":"appUnitNameAppId", "Datatype":"uint32", "Description":"Netscaler uses application templates that groups a set of entities which can be exported and imported when needed. This Information Element exports the ID of the application template to which the entity belongs."},
	{"Name":"clientRTT", "Datatype":"uint32", "Description":"The RTT of the client, in milliseconds."},
	{"Name":"icaClientIP", "Datatype":"uint32", "Description":"Client IP address received from client-side connection on NetScaler."},
	{"Name":"icaSessionUpdateBeginSec", "Datatype":"uint32", "Description":"Absolute timestamp of beginning of ICA session update in seconds."},
	{"Name":"icaSessionUpdateEndSec", "Datatype":"uint32", "Description":"Absolute timestamp of end of ICA session update in seconds."},
	{"Name":"icaChannelId1", "Datatype":"uint32", "Description":"ID of this ICA channel 1, as described below: \n1-Client Audio Mapping. \n2-Seamless Windows screen update data. \n3-Citrix Control Virtual channel. \n4-End User experience Montitoring. \n5-Citrix Flash Redirection. \n6-USB Redirection. \n7-Citrix browser Acceleration. \n8-Smartcard. \n9-Clipboard. \n10-License Management. \n11-Program Neighbourhood. \n12-Remote Windows screen update data. \n13-Video server video(not Thinwire video. \n14-Client COM port mapping. \n15-Client drive mapping. \n16-Citrix Windows Multimedia Redirection. \n17-Client Management (Auto Client Update). \n18-Printer Mapping for non-spooling client (Thin client devices). \n19-Printer Mapping for non-spooling client (Thin client devices). \n20-Printer mapping for spooling clients. \n21-Printer Mapping for non-spooling client (Thin client devices). \n22-Printer Mapping for non-spooling client (Thin client devices)."},
	{"Name":"icaChannelId1Bytes", "Datatype":"uint32", "Description":"Number of bytes transferred on channel 1."},
	{"Name":"icaChannelId2", "Datatype":"uint32", "Description":"ID of this ICA channel 2, as described below: \n1-Client Audio Mapping. \n2-Seamless Windows screen update data. \n3-Citrix Control Virtual channel. \n4-End User experience Montitoring. \n5-Citrix Flash Redirection. \n6-USB Redirection. \n7-Citrix browser Acceleration. \n8-Smartcard. \n9-Clipboard. \n10-License Management. \n11-Program Neighbourhood. \n12-Remote Windows screen update data. \n13-Video server video(not Thinwire video. \n14-Client COM port mapping. \n15-Client drive mapping. \n16-Citrix Windows Multimedia Redirection. \n17-Client Management (Auto Client Update). \n18-Printer Mapping for non-spooling client (Thin client devices). \n19-Printer Mapping for non-spooling client (Thin client devices). \n20-Printer mapping for spooling clients. \n21-Printer Mapping for non-spooling client (Thin client devices). \n22-Printer Mapping for non-spooling client (Thin client devices)."},
	{"Name":"icaChannelId2Bytes", "Datatype":"uint32", "Description":"Number of bytes transferred on channel 2."},
	{"Name":"icaChannelId3", "Datatype":"uint32", "Description":"ID of this ICA channel 3, as described below: \n1-Client Audio Mapping. \n2-Seamless Windows screen update data. \n3-Citrix Control Virtual channel. \n4-End User experience Montitoring. \n5-Citrix Flash Redirection. \n6-USB Redirection. \n7-Citrix browser Acceleration. \n8-Smartcard. \n9-Clipboard. \n10-License Management. \n11-Program Neighbourhood. \n12-Remote Windows screen update data. \n13-Video server video(not Thinwire video. \n14-Client COM port mapping. \n15-Client drive mapping. \n16-Citrix Windows Multimedia Redirection. \n17-Client Management (Auto Client Update). \n18-Printer Mapping for non-spooling client (Thin client devices). \n19-Printer Mapping for non-spooling client (Thin client devices). \n20-Printer mapping for spooling clients. \n21-Printer Mapping for non-spooling client (Thin client devices). \n22-Printer Mapping for non-spooling client (Thin client devices)."},
	{"Name":"icaChannelId3Bytes", "Datatype":"uint32", "Description":"Number of bytes transferred on channel 3."},
	{"Name":"icaChannelId4", "Datatype":"uint32", "Description":"ID of this ICA channel 4, as described below: \n1-Client Audio Mapping. \n2-Seamless Windows screen update data. \n3-Citrix Control Virtual channel. \n4-End User experience Montitoring. \n5-Citrix Flash Redirection. \n6-USB Redirection. \n7-Citrix browser Acceleration. \n8-Smartcard. \n9-Clipboard. \n10-License Management. \n11-Program Neighbourhood. \n12-Remote Windows screen update data. \n13-Video server video(not Thinwire video. \n14-Client COM port mapping. \n15-Client drive mapping. \n16-Citrix Windows Multimedia Redirection. \n17-Client Management (Auto Client Update). \n18-Printer Mapping for non-spooling client (Thin client devices). \n19-Printer Mapping for non-spooling client (Thin client devices). \n20-Printer mapping for spooling clients. \n21-Printer Mapping for non-spooling client (Thin client devices). \n22-Printer Mapping for non-spooling client (Thin client devices)."},
	{"Name":"icaChannelId4Bytes", "Datatype":"uint32", "Description":"Number of bytes transferred on channel 4."},
	{"Name":"icaChannelId5", "Datatype":"uint32", "Description":"ID of this ICA channel 5, as described below: \n1-Client Audio Mapping. \n2-Seamless Windows screen update data. \n3-Citrix Control Virtual channel. \n4-End User experience Montitoring. \n5-Citrix Flash Redirection. \n6-USB Redirection. \n7-Citrix browser Acceleration. \n8-Smartcard. \n9-Clipboard. \n10-License Management. \n11-Program Neighbourhood. \n12-Remote Windows screen update data. \n13-Video server video(not Thinwire video. \n14-Client COM port mapping. \n15-Client drive mapping. \n16-Citrix Windows Multimedia Redirection. \n17-Client Management (Auto Client Update). \n18-Printer Mapping for non-spooling client (Thin client devices). \n19-Printer Mapping for non-spooling client (Thin client devices). \n20-Printer mapping for spooling clients. \n21-Printer Mapping for non-spooling client (Thin client devices). \n22-Printer Mapping for non-spooling client (Thin client devices)."},
	{"Name":"icaChannelId5Bytes", "Datatype":"uint32", "Description":"Number of bytes transferred on channel 5."},
	{"Name":"icaApplicationStartupDuration", "Datatype":"uint32", "Description":"The time elapsed between the launch of an application and when it started running."},
	{"Name":"icaApplicationStartupTime", "Datatype":"uint32", "Description":"The time when an application started on the server."},
	{"Name":"icaSessionEndTime", "Datatype":"uint32", "Description":"The time when the ICA session ended."},
	{"Name":"icaRTT", "Datatype":"uint32", "Description":"ICA based RTT estimate in ms. Calculated by ICA client by sending a simulated keystroke packet to server and calculating response time for that packet. This value depends on EUEM being enabled. Without EUEM it will be 0."},
	{"Name":"clientsideRXBytes", "Datatype":"uint32", "Description":"Number of bytes received on client ICA connection."},
	{"Name":"serversideRXBytes", "Datatype":"uint32", "Description":"Number of bytes received on server ICA connection."},
	{"Name":"clientsideRTT", "Datatype":"uint32", "Description":"This is set to the averaged TCP RTT value over this appflow interval on the client ICA connection. It is reported in milliseconds."},
	{"Name":"serversideRTT", "Datatype":"uint32", "Description":"This is set to the averaged TCP RTT value over this appflow interval on the server connection. It is reported in milliseconds."},
	{"Name":"icaApplicationTerminationTime", "Datatype":"uint32", "Description":"The time when the application was terminated."},
	{"Name":"clientsideJitter", "Datatype":"uint32", "Description":"This value indicates the variance or jitter in the TCP RTT for the client side connection, over an appflow interval. It is indicated in milliseconds."},
	{"Name":"serversideJitter", "Datatype":"uint32", "Description":"This value indicates the variance or jitter in the TCP RTT for the server side connection, over an appflow interval. It is indicated in milliseconds."},
	{"Name":"icaSessionSetupTime", "Datatype":"uint32", "Description":"The time when the ICA session TCP was setup at NetScaler."},
	{"Name":"icaAppProcessIDLaunch", "Datatype":"uint32", "Description":"The process ID of the application launched on the server."},
	{"Name":"icaAppProcessIDTerminate", "Datatype":"uint32", "Description":"The process ID of the application launched on the server."},
	{"Name":"icaDeviceSerialNo", "Datatype":"uint32", "Description":"A number used in conjunction with clientcookie to identify primary connection and tie up streams of a MSI connection."},
	{"Name":"icaNetworkUpdateStartTime", "Datatype":"uint32", "Description":"A network update record that contains the ICA connection statistics for a defined appflow interval is sent once every appflow interval. This Information Element contains the timestamp when the collection stats in this record began."},
	{"Name":"icaNetworkUpdateEndTime", "Datatype":"uint32", "Description":"A network update record that contains the ICA connection statistics for a defined appflow interval is sent once every appflow interval. This Information Element contains the timestamp when the collection stats in this record ended."},
	{"Name":"clientsideSRTT", "Datatype":"uint32", "Description":"This value indicates the TCP RTT smoothed over the lifetime of the client side connection. It reflects a longer term view of the RTT compared to the Appflow interval based RTT. It is indicated in milliseconds."},
	{"Name":"serversideSRTT", "Datatype":"uint32", "Description":"This value indicates the TCP RTT smoothed over the lifetime of the server side connection. It reflects a longer term view of the RTT compared to the Appflow interval based RTT. It is indicated in milliseconds."},
	{"Name":"clientsideDelay", "Datatype":"uint32", "Description":"Indicates time taken by Netscaler to process this client side packet (NS introduced processing delay). It is indicated in milliseconds."},
	{"Name":"serversideDelay", "Datatype":"uint32", "Description":"Indicates time taken by Netscaler to process this server side packet (NS introduced processing delay). It is indicated in milliseconds."},
	{"Name":"hostDelay", "Datatype":"uint32", "Description":"Indicates a portion of the ICA RTT measurement - time delay introduced at the Host while processing the packet. It is indicated in milliseconds."},
	{"Name":"L7ClientLatency", "Datatype":"uint32", "Description":"Layer 7 latency measured using ICA probes and responses sent between Receiver and the Host, on client side connection."},
	{"Name":"L7ServerLatency", "Datatype":"uint32", "Description":"Layer 7 latency measured using ICA probes and responses sent between Receiver and the Host, on server side connection."},
	{"Name":"ClientConnectionCoreID", "Datatype":"uint32", "Description":"The client connection id is unique within a process. Hence the process id of the client connection is also passed to make the complete set unique."},
	{"Name":"ClientConnectionTransactionID", "Datatype":"uint32", "Description":"When a request hits CR vserver and is redirected to the cache server and a cache miss happens, the cache sends a the request to the origin server. This request mostly comes back to the NS. This ID is used to link the cache request with the actual client request on the collector."},
	{"Name":"coMainPageGifNumScanned", "Datatype":"uint32", "Description":"Number of Gif images scanned in the main page as part of Front End Optimization feature."},
	{"Name":"coMainPageGifNumOptimized", "Datatype":"uint32", "Description":"Number of GIF images optimized in the main page as part of Front End Optimization feature."},
	{"Name":"coMainPageGifDeltaSzDec", "Datatype":"uint32", "Description":"Decrement in size as a result of GIF image optimization in the main page as part of Front End Optimization feature."},
	{"Name":"coMainPageGifdeltaSzInc", "Datatype":"uint32", "Description":"Increase in size as a result of GIF image optimization in the main page as part of Front End Optimization feature."},
	{"Name":"coMainPageGifToPngNum", "Datatype":"uint32", "Description":"Number of GIF images converted to PNG in the main page as part of Front End Optimization feature."},
	{"Name":"coMainPageJpegNumScanned", "Datatype":"uint32", "Description":"Number of JPEG images scanned in the main page as part of Front End Optimization feature."},
	{"Name":"coMainPageJpegNumOptimized", "Datatype":"uint32", "Description":"Number of JPEG images optimized in the main page as part of Front End Optimization feature."},
	{"Name":"coMainPageJpegDeltaSzDec", "Datatype":"uint32", "Description":"Decrease in size as a result of JPEG optimization in the main page as part of Front End Optimization feature."},
	{"Name":"coMainPageJpegDeltaSzInc", "Datatype":"uint32", "Description":"Increase in size as a result of JPEG optimization in the main page as part of Front End Optimization feature."},
	{"Name":"coMainPageJSNumScanned", "Datatype":"uint32", "Description":"Number of JavaScripts scanned in the main page as part of Front End Optimization feature."},
	{"Name":"coMainPageJSNumOptimized", "Datatype":"uint32", "Description":"Number of JavaScripts optimized in the main page as part of Front End Optimization feature."},
	{"Name":"coMainPageJSDeltaSzDec", "Datatype":"uint32", "Description":"Decrease in size as a result of JavaScript optimization in the main page as part of Front End Optimization feature."},
	{"Name":"coMainPageJSDeltaSzInc", "Datatype":"uint32", "Description":"Increase in size as a result of JavaScript optimization in the main page as part of Front End Optimization feature."},
	{"Name":"coMainPageJSInlined", "Datatype":"uint32", "Description":"Number of JavaScripts inlined in the main page as part of Front End Optimization feature."},
	{"Name":"coMainPageJSMoved", "Datatype":"uint32", "Description":"Number of JavaScripts moved in the main page as part of Front End Optimization feature."},
	{"Name":"coMainPageJSMinified", "Datatype":"uint32", "Description":"Number of JavaScripts minified in the main page as part of Front End Optimization feature."},
	{"Name":"coMainPageCSSNumScanned", "Datatype":"uint32", "Description":"Number of CSS objects scanned in the main page as part of Front End Optimization feature."},
	{"Name":"coMainPageCSSNumOptimized", "Datatype":"uint32", "Description":"Number of CSS objects optimized in the main page as part of Front End Optimization feature."},
	{"Name":"coMainPageCSSDeltaSzDec", "Datatype":"uint32", "Description":"Decrease in size as a result of CSS optimization in the main page as part of Front End Optimization feature."},
	{"Name":"coMainPageCSSDeltaSzInc", "Datatype":"uint32", "Description":"Increase in size as a result of CSS optimization in the main page as part of Front End Optimization feature."},
	{"Name":"coMainPageCSSInlined", "Datatype":"uint32", "Description":"Number of CSS objects inlined in the main page as part of Front End Optimization feature."},
	{"Name":"coMainPageCSSMoved", "Datatype":"uint32", "Description":"Number of CSS objects moved in the main page as part of Front End Optimization feature."},
	{"Name":"coMainPageCSSMinified", "Datatype":"uint32", "Description":"Number of CSS objects minified in the main page as part of Front End Optimization feature."},
	{"Name":"coMainPageCSSImgsInlined", "Datatype":"uint32", "Description":"Number of images inlined in CSS in the main page as part of Front End Optimization feature."},
	{"Name":"coMainPageCSSCombined", "Datatype":"uint32", "Description":"Number of CSS objects combined in the main page as part of Front End Optimization feature."},
	{"Name":"coMainPageCSSImport2Link", "Datatype":"uint32", "Description":"Number of CSS objects imported to link in the main page as part of Front End Optimization feature."},
	{"Name":"coMainPageTotalScanned", "Datatype":"uint32", "Description":"Total number of objects scanned in the main page as part of Front End Optimization feature."},
	{"Name":"coMainPageTotalOptimized", "Datatype":"uint32", "Description":"Total number of objects optimized in the main page as part of Front End Optimization feature."},
	{"Name":"coMainPageTotalSzDec", "Datatype":"uint32", "Description":"Total decrease in the size as a result of all the optimizations in the main page as part of Front End Optimization feature."},
	{"Name":"coMainPageTotalSzInc", "Datatype":"uint32", "Description":"Total increase inthe size as a result of all the optimizations in the main page as part of Front End Optimization feature."},
	{"Name":"coMainPageHtmlMinifyDeltaSz", "Datatype":"uint32", "Description":"Change in size as a result of HTML minification in the main page as part of Front End Optimization feature."},
	{"Name":"coMainPageLazyLdJSSz", "Datatype":"uint32", "Description":"As part of the lazy-load feature of Front End Optimization, a javascript is added to the page. This field indicates the size of the script."},
	{"Name":"coMainPagePngNumScanned", "Datatype":"uint32", "Description":"Number of PNG images scanned in the main page as part of Front End Optimization feature."},
	{"Name":"coMainPagePngNumOptimized", "Datatype":"uint32", "Description":"Number of PNG images optimized in the main page as part of Front End Optimization feature."},
	{"Name":"coMainPagePngDeltaSzDec", "Datatype":"uint32", "Description":"Decrease in size as a result of PNG optimization in the main page as part of Front End Optimization feature."},
	{"Name":"coMainPagePngDeltaSzInc", "Datatype":"uint32", "Description":"Increase in size as a result of PNG optimization in the main page as part of Front End Optimization feature."},
	{"Name":"coMainPageTotImgScanned", "Datatype":"uint32", "Description":"Total number of images scanned in the main page as part of Front End Optimization feature."},
	{"Name":"coMainPageTotImgOptimized", "Datatype":"uint32", "Description":"Total number of images optimized in the main page as part of Front End Optimization feature."},
	{"Name":"coMainPageTotImgDeltaSzDec", "Datatype":"uint32", "Description":"Total decrease in size as a result of image optimizations in the main page as part of Front End Optimization feature."},
	{"Name":"coMainPageTotImgDeltaSzInc", "Datatype":"uint32", "Description":"Total increase in size as a result of imate optimizations in the main page as part of Front End Optimization feature."},
	{"Name":"coMainPageImgsInlined", "Datatype":"uint32", "Description":"Total number of images inlined in the main page as part of Front End Optimization feature."},
	{"Name":"coMainPageImgsShrinked", "Datatype":"uint32", "Description":"Total number of images shrinked in the main page as part of Front End Optimization feature."},
	{"Name":"coMainPageImgsLazyLd", "Datatype":"uint32", "Description":"Total number of images lazy loaded in the main page as part of Front End Optimization feature."},
	{"Name":"coEmbedObjFlags", "Datatype":"uint32", "Description":"The type of Front End Optimizations done on this embedded object. 0x01: Data Inlined. 0x02: Data moved. 0x04: Domain Shraded. 0x08: Cache Extended. 0x10: Import to Link."},
	{"Name":"coEmbedObjNumSize", "Datatype":"uint32", "Description":"The original size of the embedded object."},
	{"Name":"coEmbedObjType", "Datatype":"uint32", "Description":"The content type of this embedded object. 3: JavaScripts. 4: CSS. 7: Images."},
	{"Name":"cacheServiceIPAdress", "Datatype":"uint32", "Description":"In Cache-Redirection, the IP address of cache server serving the response."},
	{"Name":"OriginServerIPAdress", "Datatype":"uint32", "Description":"In Cache-Redirection, the IP address of the origin server serving the response."},
	{"Name":"nsicaSessionClientIPAddress", "Datatype":"uint32", "Description":"Client IP address from client side connection on NetScaler."},
	{"Name":"nsicaSessionServerIPAddress", "Datatype":"uint32", "Description":"Server IP address from server side connection on NetScaler."},
	{"Name":"nsicaSessionTimestamp", "Datatype":"uint32", "Description":"This Information Element contains the timestamp of the event triggering the session update."},
	{"Name":"clntTcpJitter", "Datatype":"uint32", "Description":"The variation of RTT from the mean RTT"},
	{"Name":"srvrTcpJitter", "Datatype":"uint32", "Description":"The variation of RTT from the mean RTT"},
	{"Name":"StreamSessionBreachTime", "Datatype":"uint32", "Description":"Time in seconds when breach happened."},
	{"Name":"StreamSessionBreachedMetric", "Datatype":"uint32", "Description":"Metric that breached the configured threshold, like BANDWIDTH, REQUESTS, RESPONSETIME."},
	{"Name":"StreamSessionInterval", "Datatype":"uint32", "Description":"Time window in minutes."},
	{"Name":"StreamSessionMinThreshold", "Datatype":"uint32", "Description":"Minimum threshold configured for breaching metric."},
	{"Name":"StreamSessionMaxThreshold", "Datatype":"uint32", "Description":"Maximum threshold configured for breaching metric."},
	{"Name":"StreamSessionActualMetricValue", "Datatype":"uint32", "Description":"Actual value of metric that breached."},
	{"Name":"StreamSessionConfiguredBreachThreshold", "Datatype":"uint32", "Description":"Maximum allowed breaching transactions within interval."},
	{"Name":"StreamSessionConfiguredAcceptanceThreshold", "Datatype":"uint32", "Description":"Ratio of transactions within interval period that should conform to configured limits."},
	{"Name":"StreamSessionBreachingTransactions", "Datatype":"uint32", "Description":"Actual value of breaching transactions"},
	{"Name":"StreamSessionTotalTransactions", "Datatype":"uint32", "Description":"Total transactions that were tracked."},
	{"Name":"icFlags", "Datatype":"uint32", "Description":"Integrated cache flags that indicate:\n(i) cache hit(bit 0x00000001 set)\n(ii) cache miss (bits 0x00000001 and 0x00000002 turned OFF)\n(iii) cache revalidation (bit 0x00000002 set) and\n(iv) compressed response (bit 0x00000004 set)"},
	{"Name":"icNostoreFlags", "Datatype":"uint32", "Description":"The integrated cache nostore flag indicates the reason for not storing content in the integrated cache.\nPossible values are:\n(i) 0x00000001 Content not stored due to configured cache policy\n(ii) 0x00000002 Content not stored due to bad response size\n(iii) 0x00000004 Content not stored due to configured minhit\n(iv) 0x00000008 Content not stored as cache bypass is enabled\n(v) 0x00000010 Content not stored as poll every time is set\n(vi) 0x00000020 Content not stored due to memory errors\n(vii) 0x00000040 Content not stored due to cache internal errors."},
	{"Name":"responseMediaType", "Datatype":"uint32", "Description":"Media type of the current transaction"},
	{"Name":"observationPointId1", "Datatype":"uint32", "Description":"Observation point of one of the entities in the observation domain. The list of observation points is sent in the observation domain template. Each record contains five observation points."},
	{"Name":"observationPointId2", "Datatype":"uint32", "Description":"Observation point of one of the entities in the observation domain"},
	{"Name":"observationPointId3", "Datatype":"uint32", "Description":"Observation point of one of the entities in the observation domain"},
	{"Name":"observationPointId4", "Datatype":"uint32", "Description":"Observation point of one of the entities in the observation domain"},
	{"Name":"observationPointId5", "Datatype":"uint32", "Description":"Observation point of one of the entities in the observation domain"},
	{"Name":"coMainPageGifToWebpNum", "Datatype":"uint32", "Description":"Total number of GIF images converted to WebP in the main page as part of Front End Optimization feature."},
	{"Name":"coMainPageJpegToWebpNum", "Datatype":"uint32", "Description":"Total number of JPEG images converted to WebP in the main page as part of Front End Optimization feature."},
	{"Name":"coMainPageJpegToJxrNum", "Datatype":"uint32", "Description":"Total number of JPEG images converted to JPEG-XR in the main page as part of Front End Optimization feature."},
	{"Name":"coMainPagePngToWebpNum", "Datatype":"uint32", "Description":"Total number of PNG images converted to WebP in the main page as part of Front End Optimization feature."},
	{"Name":"coMainPagePngToJxrNum", "Datatype":"uint32", "Description":"Total number of PNG images converted to JPEG-XR in the main page as part of Front End Optimization feature."},
	{"Name":"accessInsightStatusCode", "Datatype":"uint32", "Description":"Response status code."},
	{"Name":"accessInsightTimestamp", "Datatype":"uint32", "Description":"Timestamp when various records are exported."},
	{"Name":"authenticationDuration", "Datatype":"uint32", "Description":"The time it took for authentication operation to complete."},
	{"Name":"deviceType", "Datatype":"uint32", "Description":"A number indicating the characteristics of the Device used to access the application. Device type is 4 bytes.  \nMSB contains code for Operating system information:  \n1 - WINDOWS OS,  \n2 - MAC OS,  \n3 - LINUX OS,  \n4 - ANDROID,  \n5 - CHROME OS,  \n6 - IOS,  \n7 - WTOS.  \nLower 3 bytes encode the browser information:  \n1 - PN AGENT,  \n2 - INTERNET EXPLORER,  \n3 - CHROME,  \n4 - FIREFOX,  \n5 - SAFARI."},
	{"Name":"deviceID", "Datatype":"uint32", "Description":"Device Identifier."},
	{"Name":"deviceLocation", "Datatype":"uint32", "Description":"Device Location."},
	{"Name":"VPNSessionState", "Datatype":"uint32", "Description":"VPN session state."},
	{"Name":"VPNSessionMode", "Datatype":"uint32", "Description":"VPN session mode of access:  \n1 - FULL TUNNEL MODE,  \n2 - ICA MODE,  \n3 - CLIENTLESS MODE"},
	{"Name":"IIPAddress", "Datatype":"uint32", "Description":"Intranet IP address of the user."},
	{"Name":"L7AvgClientLatency", "Datatype":"uint32", "Description":"The average L7 latency count of threshold breach in client side."},
	{"Name":"L7MaxClientLatency", "Datatype":"uint32", "Description":"The maximum L7 latency value of threshold breach in client side."},
	{"Name":"L7AvgServerLatency", "Datatype":"uint32", "Description":"The average L7 latency count of threshold breach in server side."},
	{"Name":"L7MaxServerLatency", "Datatype":"uint32", "Description":"The maximum L7 latency value of threshold breach in server side."},
	{"Name":"MinL7Latency", "Datatype":"uint32", "Description":"The minimum L7 latency value."},
	{"Name":"appNameAppId1", "Datatype":"uint32", "Description":"Application Name and Application ID."},
	{"Name":"SNIPAddress", "Datatype":"uint32", "Description":"The IP address used for backend server connections."},
	{"Name":"GatewayIP", "Datatype":"uint32", "Description":"The Gateway IP address."},
	{"Name":"appfwProfileSigEnabled", "Datatype":"uint32", "Description":"Number of signatures enabled on signature file"},
	{"Name":"appfwProfileSigDisabled", "Datatype":"uint32", "Description":"Number of signatures disabled on signature file"},
	{"Name":"appfwProfileSigBlockCount", "Datatype":"uint32", "Description":"Number of signatures which have block enabled in signature file"},
	{"Name":"appfwProfileSigLogCount", "Datatype":"uint32", "Description":"Number of signatures which have log enabled in signature file"},
	{"Name":"appfwProfileSigStatCount", "Datatype":"uint32", "Description":"Number of signatures which have stats enabled on signature file"},
	{"Name":"appfwViolationType", "Datatype":"uint32", "Description":"32bit flag where each byte represents one violation type name. Appfw exports at max 3 violations in one record, So currently 3bytes are being used and 4th byte is unused.\n0-APPFW_BUFFEROVERFLOW_COOKIE\n1-APPFW_BUFFEROVERFLOW_HDR\n2-APPFW_BUFFEROVERFLOW_URL\n3-APPFW_CONTENT_TYPE\n4-APPFW_COOKIE\n5-APPFW_CCARD_MATCH_IN_SIGNATURES\n6-APPFW_CSRF_TAG\n7-APPFW_DENYURL\n8-APPFW_FIELDCONSISTENCY\n9-APPFW_FIELDFORMAT\n10-APPFW_INVALID_HTTP_HEADER\n11-APPFW_MAX_UPLOADS\n12-APPFW_POLICY_HIT\n13-APPFW_POLICY_HIT_BUILTIN\n14-APPFW_REFERER_HEADER\n15-APPFW_SAFECOMMERCE\n16-APPFW_SAFEOBJECT\n17-APPFW_SIGNATURE_MATCH\n18-APPFW_SQL\n19-APPFW_STARTURL\n20-APPFW_XSS\n21-AF_INVALID_HTTP_HEADER\n22-AF_MALFORMED_REQ_ERR\n23-AF_MEMORY_ERR\n24-AF_ORIGIN_SERVER_RESP_MISMATCH_ERR\n25-AF_400_RESP\n26-AF_5XX_RESP\n27-APPFW_XML_SQL\n28-APPFW_XML_XSS\n29-APPFW_XML_ERR_NO_DIME\n30-APPFW_XML_ERR_NO_ATTACHMENT_BOUNDARY\n31-APPFW_XML_ERR_NOT_WELLFORMED\n32-APPFW_XML_ERR_SOAP_FAULT"},
	{"Name":"appfwViolationSeverity", "Datatype":"uint32", "Description":"32bit flag where each byte represents one violation severity. Appfw exports at max 3 violations in one record, So currently 3bytes are being used  and 4th byte is unused.\n1-SEV_CRITICAL\n2-SEV_MEDIUM\n3-SEV_LOW"},
	{"Name":"appfwViolationLocation", "Datatype":"uint32", "Description":"32bit flag where each byte represents one violation location (Request data place where actually attack has happened). Appfw exports at max 3 violations in one record, So currently 3 bytes are being used  and 4th byte is unused.\n0-AS_LOCATION_FORMFIELD\n1-AS_LOCATION_HEADER\n2-AS_LOCATION_COOKIE\n3-AS_LOCATION_OTHERS"},
	{"Name":"appfwViolationThreatIndex", "Datatype":"uint32", "Description":"32bit flag where each byte represents threat index of an attack or violation. Appfw exports at max 3 violations in one record, So currently 3bytes are being used  and 4th byte is unused."},
	{"Name":"appfwViolationOccuredTime", "Datatype":"uint32", "Description":"Time at which an attack has happened"},
	{"Name":"appfwAppNameId", "Datatype":"uint32", "Description":"Netscaler vserver ID"},
	{"Name":"appfwNSLongitude", "Datatype":"uint32", "Description":"Longitude of incoming attack location"},
	{"Name":"appfwNSLatitude", "Datatype":"uint32", "Description":"Latitude of incoming attack location"},
	{"Name":"appfwIncarnationNumber", "Datatype":"uint32", "Description":"appfw profile incarnation number to identify profile delta changes"},
	{"Name":"appfwSequenceNumber", "Datatype":"uint32", "Description":"appfw profile sequence number"},
	{"Name":"appfwSigRuleID1", "Datatype":"uint32", "Description":"Signature ID of 1st rule.At max 5 signature rules are exported in one appflow record"},
	{"Name":"appfwSigRuleID2", "Datatype":"uint32", "Description":"Signature ID of 2nd rule"},
	{"Name":"appfwSigRuleID3", "Datatype":"uint32", "Description":"Signature ID of 3rd rule"},
	{"Name":"appfwSigRuleID4", "Datatype":"uint32", "Description":"Signature ID of 4th rule"},
	{"Name":"appfwSigRuleID5", "Datatype":"uint32", "Description":"Signature ID of 5th rule"},
	{"Name":"iprepNSLongitude", "Datatype":"uint32", "Description":"Longitude of IP reputation attack"},
	{"Name":"iprepNSLatitude", "Datatype":"uint32", "Description":"Latitude of IP reputation attack"},
	{"Name":"iprepCategory", "Datatype":"uint32", "Description":"IP reputation attack category"},
	{"Name":"iprepAttackTime", "Datatype":"uint32", "Description":"IP reputation attack time"},
	{"Name":"iprepReputationScore", "Datatype":"uint32", "Description":"Ip reputation threat score"},
	{"Name":"backendSvrIpv4Address", "Datatype":"uint32", "Description":"The SNIP/MIP used as source IP to connecto to the backend server."},
	{"Name":"backendSvrDstIpv4Address", "Datatype":"uint32", "Description":"IP address of the backend server."},
	{"Name":"transCltIpv4Address", "Datatype":"uint32", "Description":"IP address of the client"},
	{"Name":"transCltDstIpv4Address", "Datatype":"uint32", "Description":"Vserver IP address to which the client connects."},
	{"Name":"udpBackendSvrIpv4Address", "Datatype":"uint32", "Description":"The MIP/SNIP used as source IP to connect to the backend server in case of UDP. "},
	{"Name":"udpBackendSvrDstIpv4Address", "Datatype":"uint32", "Description":"IP address of the backend server in case of UDP."},
	{"Name":"udpCltIpv4Address", "Datatype":"uint32", "Description":"IP address of the client in case of UDP. "},
	{"Name":"udpCltDstIpv4Address", "Datatype":"uint32", "Description":"Vserver IP address to which the client connects in case of UDP."},
	{"Name":"maxBurstDurationMilisecondsRX", "Datatype":"uint32", "Description":"Burst duration of RX (i.e. Last byte received timestamp - first byte received time stamp)."},
	{"Name":"maxBurstDurationMilisecondsTX", "Datatype":"uint32", "Description":"Burst duration of TX (i.e Last byte transmitted timestamp - first byte transmitted time stamp)"},
	{"Name":"sslFLagsFE", "Datatype":"uint32", "Description":"SSL transaction related flags of a frontend SSL Handshake. Available settings function as follows:\n 0x0000000000000001 - NS_IPFIX_SSL3_VERSION\n 0x0000000000000002 - NS_IPFIX_TLS1_VERSION\n 0x0000000000000004 - NS_IPFIX_TLS11_VERSION\n 0x0000000000000008 - NS_IPFIX_TLS12_VERSION\n 0x0000000000000010 - NS_IPFIX_IS_REUSE_SESSION\n 0x0000000000000020 - NS_IPFIX_IS_CLIENTAUTH\n 0x0000000000000040 - NS_IPFIX_RSA_TYPE\n 0x0000000000000080 - NS_IPFIX_DSA_TYPE\n 0x0000000000000100 - NS_IPFIX_ECDSA_TYPE\n 0x0000000000000200 - NS_IPFIX_DH_TYPE\n 0x0000000000000400 - NS_IPFIX_CIPHER_HIGH\n 0x0000000000000800 - NS_IPFIX_CIPHER_MEDIUM\n 0x0000000000001000 - NS_IPFIX_CIPHER_LOW\n"},
	{"Name":"sslFLagsBE", "Datatype":"uint32", "Description":"SSL transaction related flags of backend SSL Handshake. Available settings function as follows:\n 0x0000000000000001 - NS_IPFIX_SSL3_VERSION\n 0x0000000000000002 - NS_IPFIX_TLS1_VERSION\n 0x0000000000000004 - NS_IPFIX_TLS11_VERSION\n 0x0000000000000008 - NS_IPFIX_TLS12_VERSION\n 0x0000000000000010 - NS_IPFIX_IS_REUSE_SESSION\n 0x0000000000000020 - NS_IPFIX_IS_CLIENTAUTH\n 0x0000000000000040 - NS_IPFIX_RSA_TYPE\n 0x0000000000000080 - NS_IPFIX_DSA_TYPE\n 0x0000000000000100 - NS_IPFIX_ECDSA_TYPE\n 0x0000000000000200 - NS_IPFIX_DH_TYPE\n 0x0000000000000400 - NS_IPFIX_CIPHER_HIGH\n 0x0000000000000800 - NS_IPFIX_CIPHER_MEDIUM\n 0x0000000000001000 - NS_IPFIX_CIPHER_LOW\n"},
	{"Name":"sslSessionIDFE", "Datatype":"uint32", "Description":"Unique 32-bit integer session ID used in the frontend SSL handshake per transaction"},
	{"Name":"sslSessionIDBE", "Datatype":"uint32", "Description":"Unique 32-bit integer session ID used in the backend SSL handshake per transaction"},
	{"Name":"maxBurstNumberofSamples", "Datatype":"uint32", "Description":"Number of valid samples in MaxBurst"},
	{"Name":"maxBurstIAI1msPercentage", "Datatype":"uint32", "Description":"IAI 1ms percentage of MAX BURST"},
	{"Name":"maxBurstIAI2msPercentage", "Datatype":"uint32", "Description":"IAI 2ms percentage of MAX BURST"},
	{"Name":"maxBurstIAISamples", "Datatype":"uint32", "Description":"Number of IAI samples of MAX BURST"},
	{"Name":"maxBurstAvgIsi", "Datatype":"uint32", "Description":"ISI(Inter Sending Interval)average of MAX BURST"},
	{"Name":"maxBurstAvgIai", "Datatype":"uint32", "Description":"IAI (Inter Arrival Interval)average of MAX BURST"},
	{"Name":"maxBurstRetxCong", "Datatype":"uint32", "Description":"Number of retransmissions due to congestion"},
	{"Name":"maxBurstRetxCorr", "Datatype":"uint32", "Description":"Number of retransmissions due to corruption"},
	{"Name":"maxBurstFlags", "Datatype":"uint32", "Description":"FLAGS bits will gives us the network type, ccl_class, csq_class, ccl, csq and valid flags. Out of 32bits net_type:3, ccl_class:3, csq_class:3, ccl:7, csq:7, valid_flags:6 reserved:2. VALID flags UXSTOREDONE 0x00000001, VALID_CCL   0x00000002, VALID_CSQ   0x00000004, VALID_CCL_CLASS     0x00000008, VALID_CSQ_CLASS 0x00000010, VALID_NET_TYPE  0x00000020 "},
	{"Name":"maxBurstAvgLoadDelay", "Datatype":"uint32", "Description":"Average Load Delay of the max burst"},
	{"Name":"maxBurstAvgNoiseDelay", "Datatype":"uint32", "Description":"Average Noise Delay of the max burst"},
	{"Name":"maxBurstAvgLoadIai", "Datatype":"uint32", "Description":"Average Load IAI of the max burst"},
	{"Name":"maxBurstAvgNoiseIai", "Datatype":"uint32", "Description":"Average Noise IAI of the max burst"},
	{"Name":"maxBurstRttMin", "Datatype":"uint32", "Description":"Minimum RTT of the max burst"},
	{"Name":"maxBurstRttMax", "Datatype":"uint32", "Description":"Maximum RTT of the max burst"},
	{"Name":"maxBurstRttAvg", "Datatype":"uint32", "Description":"Average RTT of the max burst"},
	{"Name":"maxBurstBifMax", "Datatype":"uint32", "Description":"Maimum Bytes in flight of the max burst"},
	{"Name":"maxBurstBifAvg", "Datatype":"uint32", "Description":"Average Bytes in flight of the max burst"},
	{"Name":"maxBurstRcvWndMin", "Datatype":"uint32", "Description":"Minimum Receive window of the max burst"},
	{"Name":"maxBurstRcvWndAvg", "Datatype":"uint32", "Description":"Average Receive window of the max burst"},
	{"Name":"maxBurstTxPkts", "Datatype":"uint32", "Description":"Number of TX packets of the max burst"},
	{"Name":"maxBurstReTxPkts", "Datatype":"uint32", "Description":"Number of retransmitted packets of the max burst"},
	{"Name":"maxBurstThrputAvg", "Datatype":"uint32", "Description":"Average thruput of the max burst"},
	{"Name":"maxBurstBdp", "Datatype":"uint32", "Description":"Bandwidth Delay Product of the max burst"},
	{"Name":"tcpClntConnRstCode", "Datatype":"uint32", "Description":"TCP connection reset reason code [9960, 9983], sent from NS to client"},
	{"Name":"tcpSrvrConnRstCode", "Datatype":"uint32", "Description":"TCP connection reset reason code [9960, 9983], sent from NS to server"},
	{"Name":"nsicaSessionPreviousDeviceIP", "Datatype":"uint32", "Description":"The IP address of the Netscaler instance before the failover is occured."},
	{"Name":"clientIP", "Datatype":"uint32", "Description":"Client IP address for a SSL Handshake error per transaction."},
	{"Name":"VserverIP", "Datatype":"uint32", "Description":"Vserver IP address for a SSL Handshake error per transaction."},
	{"Name":"diameterMessageType", "Datatype":"uint32", "Description":"The diameter message type."},
	{"Name":"diameterResponseCode", "Datatype":"uint32", "Description":"The diameter response code."},
	{"Name":"diameterTimestamp", "Datatype":"uint32", "Description":"The timestamp (seconds since epoch) of when this diameter message has been processed."},
	{"Name":"diameterSubscriberIpv4Address", "Datatype":"uint32", "Description":"The subscriber IPv4 address."},
	{"Name":"subscriberUpdateTs", "Datatype":"uint32", "Description":"The timestamp when this subscriber sessions was last updated."},
	{"Name":"GatewayIPAuth", "Datatype":"uint32", "Description":"The Gateway IP address."},
	{"Name":"GatewayIPSessUpdate", "Datatype":"uint32", "Description":"The Gateway IP address."},
	{"Name":"SfIPSessUpdate", "Datatype":"uint32", "Description":"The Storefront IP address."},
	{"Name":"GatewayIPICA", "Datatype":"uint32", "Description":"The Gateway IP address."},
	{"Name":"GatewayIPAppLaunch", "Datatype":"uint32", "Description":"The Gateway IP address."},
	{"Name":"StaIPAppLaunch", "Datatype":"uint32", "Description":"The STA server IP address."},
	{"Name":"VdaIPAppLaunch", "Datatype":"uint32", "Description":"The VDA server IP address."},
	{"Name":"SfIPAppLaunch", "Datatype":"uint32", "Description":"The Storefront IP address."},
	{"Name":"GatewayIPLogout", "Datatype":"uint32", "Description":"The Gateway IP address."},
	{"Name":"icaSessSetupGatewayVIP", "Datatype":"uint32", "Description":"The Gateway VIP address."},
	{"Name":"icaSessUpdateGatewayVIP", "Datatype":"uint32", "Description":"The Gateway VIP address."},
	{"Name":"icaAppLaunchGatewayVIP", "Datatype":"uint32", "Description":"The Gateway VIP address."},
	{"Name":"icaNetUpdateGatewayVIP", "Datatype":"uint32", "Description":"The Gateway VIP address."},
	{"Name":"icaChannelGatewayVIP", "Datatype":"uint32", "Description":"The Gateway VIP address."},
	{"Name":"icaL7LatencyGatewayVIP", "Datatype":"uint32", "Description":"The Gateway VIP address."},
	{"Name":"icaAppTerminateGatewayVIP", "Datatype":"uint32", "Description":"The Gateway VIP address."},
	{"Name":"icaSessEndGatewayVIP", "Datatype":"uint32", "Description":"The Gatewayns_ica_session_end_record_te connection on NetScaler."},
	{"Name":"TimestampAuth", "Datatype":"uint32", "Description":"The time at which vpn authentication record is exported"},
	{"Name":"TimestampSessUpdate", "Datatype":"uint32", "Description":"The time at which vpn session update record is exported"},
	{"Name":"TimestampAppEnumeration", "Datatype":"uint32", "Description":"The time at which app enumeration record is exported"},
	{"Name":"TimestampLogout", "Datatype":"uint32", "Description":"The time at which vpn session logout record is exported"},
	{"Name":"StatusCodeAuth", "Datatype":"uint32", "Description":"Response status code."},
	{"Name":"StatusCodeSessUpdate", "Datatype":"uint32", "Description":"Response status code."},
	{"Name":"StatusCodeAppLaunch", "Datatype":"uint32", "Description":"Response status code."},
	{"Name":"CSAppIdAuth", "Datatype":"uint32", "Description":"Application Name and Application ID."},
	{"Name":"CSAppIdSessUpdate", "Datatype":"uint32", "Description":"Application Name and Application ID."},
	{"Name":"CSAppIdICA", "Datatype":"uint32", "Description":"Application Name and Application ID."},
	{"Name":"CSAppIdAppLaunch", "Datatype":"uint32", "Description":"Application Name and Application ID."},
	{"Name":"appfwAttackOffset", "Datatype":"uint32", "Description":"32bit offset repesents the attack pattern offset in payload."},
	{"Name":"appfwAttackViolationType", "Datatype":"uint32", "Description":"32bit offset repesents the attack violation type."},
	{"Name":"ngsIcaClientIPAddress", "Datatype":"uint32", "Description":"Client IP address for NGS ICA connection."},
	{"Name":"ngsIcaVdaIPAddress", "Datatype":"uint32", "Description":"VDA IP address for NGS ICA connection."},
	{"Name":"StatusCodeAppEnumeration", "Datatype":"uint32", "Description":"Response status code. Value other than 0 is a failure."},
	{"Name":"appfwFDIFormSubmissionTime", "Datatype":"uint32", "Description":"Time at which an attack has happened"},
	{"Name":"appfwFDIResponseCode", "Datatype":"uint32", "Description":"HTTP Response code for form submission."},
	{"Name":"ngsVdaIp", "Datatype":"uint32", "Description":"VDA IP address for NGS ICA connection."},
	{"Name":"insightOnNonCsFlag", "Datatype":"uint32", "Description":"Indicates if an insight is bound on LB."},
	{"Name":"svrIpv4Address", "Datatype":"uint32", "Description":"The source IP used to communicate with the backend server."},
	{"Name":"svrDstIpv4Address", "Datatype":"uint32", "Description":"IP address of the backend server."},
	{"Name":"cltIpv4Address", "Datatype":"uint32", "Description":"IP address of the client"},
	{"Name":"cltDstIpv4Address", "Datatype":"uint32", "Description":"Vserver IP address to which the client connects."},
	{"Name":"transSrvrRTT", "Datatype":"uint32", "Description":"Server-side TCP Round Trip Time"},
	{"Name":"transClntRTT", "Datatype":"uint32", "Description":"Client-side TCP Round Trip Time"},
	{"Name":"mongoQueryType", "Datatype":"uint32", "Description":"The Mongodb Query type."},
	{"Name":"mongoMsgLen", "Datatype":"uint32", "Description":"The Mongodb Message Length."},
	{"Name":"mongoMsgRequestId", "Datatype":"uint32", "Description":"The Mongodb Message RequestID."},
	{"Name":"mongoMsgResponseTo", "Datatype":"uint32", "Description":"The Mongodb Message Header ResponseTo."},
	{"Name":"mongoRespQueryType", "Datatype":"uint32", "Description":"The Mongodb Query type."},
	{"Name":"mongoRespMsgLen", "Datatype":"uint32", "Description":"The Mongodb Message Length."},
	{"Name":"mongoRespRequestId", "Datatype":"uint32", "Description":"The Mongodb Message RequestID."},
	{"Name":"mongoResponseTo", "Datatype":"uint32", "Description":"The Mongodb Message Header ResponseTo."},
	{"Name":"mongoQueryResptime", "Datatype":"uint32", "Description":"Response time of query"},
	{"Name":"mqtt_msg_type", "Datatype":"uint8", "Description":"The Mqtt message type."},
	{"Name":"mqtt_src_port", "Datatype":"uint16", "Description":"The Mqtt connection src port."},
	{"Name":"mqtt_dst_port", "Datatype":"uint16", "Description":"The Mqtt connection dest port."},
	{"Name":"mqtt_protocol", "Datatype":"uint16", "Description":"The Mqtt connection type."},
	{"Name":"mqtt_client_version", "Datatype":"uint8", "Description":"The Mqtt message version."},
	{"Name":"mqtt_message_len", "Datatype":"uint32", "Description":"The Mqtt message length."},
	{"Name":"mqtt_isclient", "Datatype":"uint8", "Description":"This Mqtt message is from client."},
	{"Name":"mqtt_connectflags", "Datatype":"uint8", "Description":"The Mqtt connect message flags."},
	{"Name":"mqtt_packet_id", "Datatype":"uint16", "Description":"The Mqtt message packet identifier."},
	{"Name":"mqtt_pub_sub_unsub_qos", "Datatype":"uint8", "Description":"The Mqtt message qos value."},
	{"Name":"mqtt_suback_unsuback_return_code", "Datatype":"uint8", "Description":"The Mqtt message return code."},
	{"Name":"mqtt_connackflags", "Datatype":"uint8", "Description":"The Mqtt message connect ack flags."},
	{"Name":"mqtt_connack_ret_code", "Datatype":"uint8", "Description":"The Mqtt message connect ack return code."},
	{"Name":"mqtt_diconnect_auth_reason_code", "Datatype":"uint8", "Description":"The Mqtt message reason code."},
	{"Name":"key_val_buf", "Datatype":"string", "Description":"Encoded buffer containing key-value pairs."},
	{"Name":"videoTxnMediaType", "Datatype":"uint32", "Description":"The media type detected during the current video transaction"},
	{"Name":"videoTxnSessionID", "Datatype":"uint32", "Description":"ID of video session to which the current transaction belongs"},
	{"Name":"videoTxnSessionTimestamp", "Datatype":"uint32", "Description":"Timestamp of video session to which the current transaction belongs"},
	{"Name":"videoTxnSessionDiameterTimestamp", "Datatype":"uint32", "Description":"The timestamp (seconds since epoch) of when the diameter message has been processed"},
	{"Name":"videoTxnSessionTcpTimestamp", "Datatype":"uint64", "Description":"TCP connection timestamp"},
	{"Name":"videoTxnPacingRate", "Datatype":"uint32", "Description":"The pacing bitrate that is applied to the current video transaction"},
	{"Name":"cleartextVideoFlags", "Datatype":"uint32", "Description":"The HTTP video transaction flags that indicate:\n(i) Source of the SSL domain(bits 0x0000000*). Possible values: 0x00000001 SSL domain from SNI, 0x00000002 SSL domain from CN, 0x00000003 SSL domain from SAN when one dns name is available, 0x00000004 SSL domain from 1st SAN when the multiple dns names are available. 0x00000005 SSL domain from QUIC SNI.\n(ii) Status of sessionization(bits 0x000000*0). Possible values: 0x00000010 Transaction in progress, 0x00000020 Transaction added to video session, 0x00000030 Transaction not added to the Video Session due to outlier filtering, 0x00000040 Transaction not added to the Video Session because it is not eligible for sessionization, 0x00000050 Transaction not added to the Video Session due to operation time out, 0x00000060 Transaction not added to the Video Session due to other errors (ex.: DHT error, etc.)\n(iii) Random sampling(bit 0x00000100)\n(iv) Session resume indication(bit 0x00000200) and\n(v) QUIC video session(bit 0x00000400)."},
	{"Name":"encryptedVideoFlags", "Datatype":"uint32", "Description":"The HTTPS video transaction flags that indicate:\n(i) Source of the SSL domain(bits 0x0000000*). Possible values: 0x00000001 SSL domain from SNI, 0x00000002 SSL domain from CN, 0x00000003 SSL domain from SAN when one dns name is available, 0x00000004 SSL domain from 1st SAN when the multiple dns names are available. 0x00000005 SSL domain from QUIC SNI.\n(ii) Status of sessionization(bits 0x000000*0). Possible values: 0x00000010 Transaction in progress, 0x00000020 Transaction added to video session, 0x00000030 Transaction not added to the Video Session due to outlier filtering, 0x00000040 Transaction not added to the Video Session because it is not eligible for sessionization, 0x00000050 Transaction not added to the Video Session due to operation time out, 0x00000060 Transaction not added to the Video Session due to other errors (ex.: DHT error, etc.)\n(iii) Random sampling(bit 0x00000100)\n(iv) Session resume indication(bit 0x00000200) and\n(v) QUIC video session(bit 0x00000400)."},
	{"Name":"videoTxnId", "Datatype":"uint32", "Description":"Current video transaction ID"},
	{"Name":"videoTxnReqBytes", "Datatype":"uint32", "Description":"The number of video request bytes in the current video transaction"},
	{"Name":"videoTxnAppReqBytes", "Datatype":"uint32", "Description":"The number of application request bytes in the current video transaction"},
	{"Name":"videoTxnRespBytes", "Datatype":"uint32", "Description":"The number of video response bytes in the current video transaction"},
	{"Name":"videoTxnAppRespBytes", "Datatype":"uint32", "Description":"The number of application response bytes in the current video transaction"},
	{"Name":"txnClientIpv4Addr", "Datatype":"uint32", "Description":"Client IPv4 address in the current video transaction"},
	{"Name":"txnServerIpv4Addr", "Datatype":"uint32", "Description":"Server IPv4 address in the current video transaction"},
	{"Name":"videoTxnStarttime", "Datatype":"uint32", "Description":"Video start time in seconds"},
	{"Name":"videoTxnEndtime", "Datatype":"uint32", "Description":"Video end time in seconds"},
	{"Name":"videoTxnLastDataTime", "Datatype":"uint32", "Description":"Video transaction last data time in seconds"},
	{"Name":"videoTxnStarttimeUsec", "Datatype":"uint32", "Description":"Video start time in microseconds"},
	{"Name":"videoTxnEndtimeUsec", "Datatype":"uint32", "Description":"Video end time in microseconds"},
	{"Name":"videoTxnLastDataTimeUsec", "Datatype":"uint32", "Description":"Video transaction last data time in microseconds"},
	{"Name":"videoSessMediaType", "Datatype":"uint32", "Description":"The media type of the current video session"},
	{"Name":"videoSessFlags", "Datatype":"uint32", "Description":"The video session flags that indicate random sampling information"},
	{"Name":"videoSessTxnCount", "Datatype":"uint32", "Description":"Number of transactions in the current video session"},
	{"Name":"videoSessID", "Datatype":"uint32", "Description":"Video session ID"},
	{"Name":"videoSessDuration", "Datatype":"uint32", "Description":"Video session duration in milliseconds"},
	{"Name":"videoSessAbsStarttime", "Datatype":"uint32", "Description":"Video session start time in seconds"},
	{"Name":"videoSessReqbytes", "Datatype":"uint32", "Description":"The number of video request bytes in the current video session"},
	{"Name":"videoSessAppReqBytes", "Datatype":"uint32", "Description":"The number of application request bytes in the current video session"},
	{"Name":"videoSessRespBytes", "Datatype":"uint32", "Description":"The number of video response bytes in the current video session"},
	{"Name":"videoSessAppRespBytes", "Datatype":"uint32", "Description":"The number of application response bytes in the current video session"},
	{"Name":"videoSessPacingRate", "Datatype":"uint32", "Description":"The pacing bitrate applied to the current video session"},
	{"Name":"videoSessClientIP4", "Datatype":"uint32", "Description":"Client IPv4 address in the current video session"},
	{"Name":"lsnSourceIPv4Address", "Datatype":"uint32", "Description":"The IPv4 source address in the IP packet header."},
	{"Name":"lsnPostNATSourceIPv4Address", "Datatype":"uint32", "Description":"Reports a modified address value caused by a NAT middlebox function after the packet passed the Observation Point."},
	{"Name":"lsnDestinationIPv4Address", "Datatype":"uint32", "Description":"The IPv4 destination address in the IP packet header."},
	{"Name":"lsnNatQuotaExceededEvent", "Datatype":"uint32", "Description":"Identifies the type of a NAT Quota Exceeded event."},
	{"Name":"lsnNatQuotaSrcipv4Addr", "Datatype":"uint32", "Description":"The IPv4 source address in the IP packet header."},
	{"Name":"lsnNatQuotaNatipv4Addr", "Datatype":"uint32", "Description":"Reports a modified address value caused by a NAT middlebox function after the packet passed the Observation Point."},
	{"Name":"ngsUsageTransactionId", "Datatype":"uint32", "Description":"Unique transaction id for the request. MSB Set for Last record"},
	{"Name":"ngsUsageUpdatStartTime", "Datatype":"uint32", "Description":"NGS Usage inro record reports bandwidth usage information after some internal. This Information Element contains the timestamp when the collection stats in this record began"},
	{"Name":"ngsUsageUpdateEndTime", "Datatype":"uint32", "Description":"NGS Usage inro record reports bandwidth usage information after some internal. This Information Element contains the timestamp when the collection stats in this record ended."},
	{"Name":"nsicaSessionUpdateServerIPAddress", "Datatype":"uint32", "Description":"Server IP address from server side connection on NetScaler."},
	{"Name":"videoSessDiamTimestamp", "Datatype":"uint32", "Description":"Absolute timestamp of beginning of Diameter session in seconds."},
	{"Name":"nsicaSessionSetupServerIPAddress", "Datatype":"uint32", "Description":"Server IP address from server side connection on NetScaler."},
	{"Name":"ciSourceip", "Datatype":"uint32", "Description":"Client IP Address"},
	{"Name":"ciDestinationip", "Datatype":"uint32", "Description":"Server IP Address"},
	{"Name":"botAttackTime", "Datatype":"uint32", "Description":"Bot traffic incident time"},
	{"Name":"botCategory", "Datatype":"uint32", "Description":"Bot Category"},
	{"Name":"botNSLongitude", "Datatype":"uint32", "Description":"Longitude of incoming attack location"},
	{"Name":"botNSLatitude", "Datatype":"uint32", "Description":"Latitude of incoming attack location"},
	{"Name":"botCtxID", "Datatype":"uint32", "Description":"Bot context ID"},
	{"Name":"sslCipherValueBE", "Datatype":"uint32", "Description":"Value of the cipher used in the backend SSL handshake per transaction."},
	{"Name":"sslCipherValueFE", "Datatype":"uint32", "Description":"Value of the cipher used in the frontend SSL handshake per transaction."},
	{"Name":"botTrueClientIP", "Datatype":"uint32", "Description":"Bot true client IP"},
	{"Name":"botAttackOffset", "Datatype":"uint16", "Description":"Bot attack offset"},
	{"Name":"botAttackOffsetLen", "Datatype":"uint16", "Description":"Bot attack offset length"},
	{"Name":"sourceTransportPortRx", "Datatype":"uint16", "Description":"The source port identifier in the transport header. For the transport protocols UDP, TCP, and SCTP, this is the source port number given in the respective header. This field MAY also be used for future transport protocols that have 16-bit source port identifiers."},
	{"Name":"destinationTransportPortRx", "Datatype":"uint16", "Description":"The destination port identifier in the transport header. For the transport protocols UDP, TCP, and SCTP, this is the destination port number given in the respective header. This field MAY also be used for future transport protocols that have 16-bit destination port identifiers."},
	{"Name":"destinationTransportPortTx", "Datatype":"uint16", "Description":"The destination port identifier in the transport header. For the transport protocols UDP, TCP, and SCTP, this is the destination port number given in the respective header. This field MAY also be used for future transport protocols that have 16-bit destination port identifiers."},
	{"Name":"httpRspStatus", "Datatype":"uint16", "Description":"Status of HTTP response."},
	{"Name":"icaClientType", "Datatype":"uint16", "Description":"This indicates the type of client on which the ICA client/receiver is running. 0x0001 = Citrix DOS client. 0x0003 = Citrix console. 0x0004 = Citrix Text terminals. 0x0007 = Citrix MVGA terminals. 0x0008 = Citrix JAVA client. 0x000A = Citrix EPOC client. 0x000B = Citrix OS/2 client. 0x000E = Citrix DOS32 client. 0x1f09 = Citrix WinCE client. 0x0051 = Citrix Unix client. 0x0052 = Citrix Mac client. 0x0053 = Citrix iPhone client. 0x0054 = Citrix Android client. 0x0055 = Citrix Blackberry client. 0x0056 = Citrix Windows Metro client. 0x0057 = Citrix Windows Phone client. 0x0058 = Citrix Blackberry playbook client. 0x0101 = Citrix HTML5 client. 0x0105 = Citrix JAVA client. 0x4000 = Client requires license number. 0x8000 = Terminal Client. 0x80ac = WinCE WYSE client. 0x80e1 = ThisOS WYSE."},
	{"Name":"icaConnectionPrioritySetup", "Datatype":"uint16", "Description":"This value is 0 for non-MSI sessions and non-CB cases. This priority is assigned by CB for QoS. The range is [0-3]. 0 : Highest Priority Connection. 3: Least priority connection."},
	{"Name":"icaConnectionPriorityUpdate", "Datatype":"uint16", "Description":"This value is 0 for non-MSI sessions and non-CB cases. This priority is assigned by CB for QoS. The range is [0-3]. 0 : Highest Priority Connection. 3: Least priority connection."},
	{"Name":"icaApplicationTerminationType", "Datatype":"uint16", "Description":"Indicates how the application termination happened, eg: User closed the app, session termination, abort etc. This field currently carries only value 0 and the support is yet to be implemented."},
	{"Name":"clientsidePacketsRetransmit", "Datatype":"uint16", "Description":"Number of packets retransmitted on clientside connection."},
	{"Name":"serversidePacketsRetransmit", "Datatype":"uint16", "Description":"Number of packets retransmitted on serverside connection."},
	{"Name":"icaClientLauncher", "Datatype":"uint16", "Description":"Indicates what type of launcher was used for the ICA client. PNA = 1 (Program Neighorhood Agent). WI = 2 (Web Interface). PNC = 3 (Old Program Neighborhood Classic). Others = 4."},
	{"Name":"icaLaunchMechanism", "Datatype":"uint16", "Description":"Indicates the launch mechanism. PN = 1, PNA = 2, WI = 3, MSAM = 4, Others = 5"},
	{"Name":"clientSideZeroWindowCount", "Datatype":"uint16", "Description":"Number of times TCP window became 0 on client side connection, during this appflow interval."},
	{"Name":"serverSideZeroWindowCount", "Datatype":"uint16", "Description":"Number of times TCP window became 0 on server side connection, during this appflow interval."},
	{"Name":"clientSideRTOCount", "Datatype":"uint16", "Description":"Number of times retransmit timer was hit on client side connection, during this appflow interval."},
	{"Name":"serverSideRTOCount", "Datatype":"uint16", "Description":"Number of times retransmit timer was hit on server side connection, during this appflow interval."},
	{"Name":"nsicaSessionStatusSetup", "Datatype":"uint16", "Description":"This field is used to indicate the ICA session status for session reliability. The status could be session reconnect, session disconnect, or session timeout cleanup. Also used to indicate Skip Flow.  \nThe flags used are indicated below:  \n0x00010000: Session Reconnect  \n0x00020000 = Session Disconnect  \n0x00040000 = Timeout Cleanup  \n0x00080000 = Skip Flow  \n0x00100000 = Auto Client Reconnect (ACR)  \nThe status codes used in this field are:  \n1000 = Session Reconnect  \n1001 = Session Disconnect  \n1002 = Session Timeout Cleanup  \n1003 = Session Reconnected with ACR  \n1004 = SmartControl (with this status, the icaFlags field will contain only SmartControl related information)"},
	{"Name":"nsicaSessionStatusUpdate", "Datatype":"uint16", "Description":"The ICA session setup status code."},
	{"Name":"nsicaSessionStatusLatency", "Datatype":"uint16", "Description":"The ICA session update status code."},
	{"Name":"nsicaSessionServerPort", "Datatype":"uint16", "Description":"Server port number from server side connection on NetScaler."},
	{"Name":"nsicaReconnectCount", "Datatype":"uint16", "Description":"Number of times the current session was resumed after a disruption through Session Reliability."},
	{"Name":"nsicaACRCount", "Datatype":"uint16", "Description":"Number of times the current session was resumed after a disruption through Receiver Auto Reconnect."},
	{"Name":"nsicaSessionClientPort", "Datatype":"uint16", "Description":"Client port from client side connection on NetScaler."},
	{"Name":"accessType", "Datatype":"uint16", "Description":"Informs whether the user is accessing the ICA application via Netscaler Gateway/Transparent Mode/LAN User Mode.  \nFollowing are the status codes for each of the mode: \nGateway User : 2000  \nTransparent User : 2001  \nLAN User : 2002"},
	{"Name":"clntTcpRtoCount", "Datatype":"uint16", "Description":"Number of retransmission timeouts occured for a transaction of client to NS connection"},
	{"Name":"srvrTcpRtoCount", "Datatype":"uint16", "Description":"Number of retransmission timeouts occured for a transaction of NS to server connection"},
	{"Name":"clntTcpZeroWindowCount", "Datatype":"uint16", "Description":"Number of zero windows received for client connection."},
	{"Name":"srvrTcpZeroWindowCount", "Datatype":"uint16", "Description":"Number of zero windows received for server connection."},
	{"Name":"originResStatus", "Datatype":"uint16", "Description":"The HTTP response code sent by the origin server"},
	{"Name":"observationDomainNumPoints", "Datatype":"uint16", "Description":"Number of observation points contained in the current observation domain information record."},
	{"Name":"gatewayPort", "Datatype":"uint16", "Description":"The Gateway virtual server port."},
	{"Name":"L7LatencyWaitTime", "Datatype":"uint16", "Description":"Once the threshold is exceeded, the NetScaler instance waits for this interval before sending out the \"Threshold Exceeded\" notification to the NetScaler Insight Center."},
	{"Name":"L7LatencyNotifyInterval", "Datatype":"uint16", "Description":"After the wait time is exceeded and the first -Threshold Exceeded- notification is sent to the Insight Center, we send out these \"Threshold Exceeded\" notifications at intervals governed by this notification interval."},
	{"Name":"transCltSrcPort", "Datatype":"uint16", "Description":"TCP port of the client."},
	{"Name":"transCltDstPort", "Datatype":"uint16", "Description":"TCP port of the vserver on which client connects."},
	{"Name":"transSrvSrcPort", "Datatype":"uint16", "Description":"TCP source port used to connect to server."},
	{"Name":"transSrvDstPort", "Datatype":"uint16", "Description":"TCP port of the server."},
	{"Name":"udpCltSrcPort", "Datatype":"uint16", "Description":"UDP port of the client."},
	{"Name":"udpCltDstPort", "Datatype":"uint16", "Description":"UDP port of the vserver on which client connects."},
	{"Name":"udpSrvSrcPort", "Datatype":"uint16", "Description":"UDP source port used to connect to server."},
	{"Name":"udpSrvDstPort", "Datatype":"uint16", "Description":"UDP port of the server."},
	{"Name":"vlanNumber", "Datatype":"uint16", "Description":"Vlan number on which client is located."},
	{"Name":"sslSigHashAlgFE", "Datatype":"uint16", "Description":"Signature hash used in the frontend SSL handshake per transaction."},
	{"Name":"sslSigHashAlgBE", "Datatype":"uint16", "Description":"Signature hash used in the backend SSL handshake per Transaction."},
	{"Name":"sslServerCertSizeFE", "Datatype":"uint16", "Description":"Size of the server certificate used in the frontend SSL handshake per transaction."},
	{"Name":"sslServerCertSizeBE", "Datatype":"uint16", "Description":"Size of the server certificate used in the backend SSL handshake per transaction."},
	{"Name":"sslClientCertSizeFE", "Datatype":"uint16", "Description":"Size of the client certificate used in the frontend SSL handshake per transaction."},
	{"Name":"sslClientCertSizeBE", "Datatype":"uint16", "Description":"Size of the client certificate used in the backend SSL handshake per transaction."},
	{"Name":"sslErrFlag", "Datatype":"uint8", "Description":"SSL error flag corresponding to an SSL handshake error on the frontend, or on the backend. The flag has the following details:\n  0x01 - NSIPFIX_IS_FRONTEND\n"},
	{"Name":"sslHandshakeErrorMsg", "Datatype":"uint16", "Description":"An integer value that corresponds to a specific SSL handshake error message."},
	{"Name":"sslSrvrCertSigHashFE", "Datatype":"uint16", "Description":"Signature hash of the server certificate used in the frontend SSL handshake per transaction."},
	{"Name":"sslSrvrCertSigHashBE", "Datatype":"uint16", "Description":"Signature hash of the server certificate used in the backend SSL handshake per transaction."},
	{"Name":"sslClntCertSigHashFE", "Datatype":"uint16", "Description":"Signature hash of the client certificate used in the frontend SSL handshake per transaction."},
	{"Name":"sslClntCertSigHashBE", "Datatype":"uint16", "Description":"Signature hash of the client certificate used in the backend SSL Handhsake per transaction."},
	{"Name":"clientMss", "Datatype":"uint16", "Description":"The TCP Maximum Segment Size value on the client connection."},
	{"Name":"ssliDomainCategory", "Datatype":"uint16", "Description":"Category of the accessed domain, when SSL Interception and URL Filtering are enabled."},
	{"Name":"ssliDomainCategoryGroup", "Datatype":"uint16", "Description":"Category group of the accessed domain, when SSL Interception and URL Filtering are enabled."},
	{"Name":"urlCategory", "Datatype":"uint16", "Description":"Numeric id of the matched category with the highest reputation"},
	{"Name":"urlCategoryGroup", "Datatype":"uint16", "Description":"Numeric id of the matched category group with the highest reputation"},
	{"Name":"videoSessClientVlan", "Datatype":"uint16", "Description":"Client VLAN in the current video session"},
	{"Name":"videoTxnClientVlan", "Datatype":"uint16", "Description":"Client VLAN in the current video transaction"},
	{"Name":"videoTxnServerVlan", "Datatype":"uint16", "Description":"Server VLAN in the current video transaction"},
	{"Name":"videoTxnClientPort", "Datatype":"uint16", "Description":"Client port in the current video transaction"},
	{"Name":"videoTxnServerPort", "Datatype":"uint16", "Description":"Server port in the current video transaction"},
	{"Name":"lsnSourceTransportPort", "Datatype":"uint16", "Description":"The source port identifier in the transport header. For the transport protocols UDP, TCP, and SCTP, this is the source port number given in the respective header. This field MAY also be used for future transport protocols that have 16-bit source port identifiers."},
	{"Name":"lsnPostNAPTsourceTransportPort", "Datatype":"uint16", "Description":"Reports a modified port value caused by a Network Address Port Translation (NAPT) middlebox function after the packet passed the Observation Point."},
	{"Name":"lsnDestinationTransportPort", "Datatype":"uint16", "Description":"The destination port identifier in the transport header. For the transport protocols UDP, TCP, and SCTP, this is the destination port number given in the respective header. This field MAY also be used for future transport protocols that have 16-bit destination port identifiers."},
	{"Name":"lsnPortRangeStart", "Datatype":"uint16", "Description":"The port number identifying the start of a range of ports. A value of zero indicates that the range start is not specified."},
	{"Name":"lsnPortRangeEnd", "Datatype":"uint16", "Description":"The port number identifying the end of a range of ports. A value of zero indicates that the range end is not specified."},
	{"Name":"nsPartitionId", "Datatype":"uint16", "Description":"Identifier of the Netscaler partition exporting the records."},
	{"Name":"gatewayPortAuth", "Datatype":"uint16", "Description":"The Gateway virtual server port."},
	{"Name":"gatewayPortSessUpdate", "Datatype":"uint16", "Description":"The Gateway virtual server port."},
	{"Name":"gatewayPortICA", "Datatype":"uint16", "Description":"The Gateway virtual server port."},
	{"Name":"gatewayPortAppLaunch", "Datatype":"uint16", "Description":"The Gateway virtual server port."},
	{"Name":"gatewayPortLogout", "Datatype":"uint16", "Description":"The Gateway virtual server port."},
	{"Name":"cltSrcPort", "Datatype":"uint16", "Description":"TCP port of the client."},
	{"Name":"cltDstPort", "Datatype":"uint16", "Description":"TCP port of the vserver on which client connects."},
	{"Name":"srvSrcPort", "Datatype":"uint16", "Description":"TCP source port used to connect to server."},
	{"Name":"srvDstPort", "Datatype":"uint16", "Description":"TCP port of the server."},
	{"Name":"botKMTotalSegmentNo", "Datatype":"uint16", "Description":"Bot KM Total segment no"},
	{"Name":"botKMCurrentSegmentNo", "Datatype":"uint16", "Description":"Bot KM current segment  no"},
	{"Name":"ngsIcaClientPort", "Datatype":"uint16", "Description":"Client port for NGS ICA connection."},
	{"Name":"ngsIcaVdaPort", "Datatype":"uint16", "Description":"VDA port for NGS ICA connection."},
	{"Name":"totalApps", "Datatype":"uint32", "Description":"Total Apps. In case of app enumeration fail, 0 apps will be published"},
	{"Name":"ciRespcode", "Datatype":"uint16", "Description":"Response Code"},
	{"Name":"ciSourceport", "Datatype":"uint16", "Description":"Client Port"},
	{"Name":"ciDestinationport", "Datatype":"uint16", "Description":"Server Port"},
	{"Name":"protocolIdentifier", "Datatype":"uint8", "Description":"In Internet Protocol version 4 (IPv4), this is carried in the Protocol field. In Internet Protocol version 6 (IPv6), this is carried in the Next Header field in the last extension header of the packet."},
	{"Name":"ipVersion4", "Datatype":"uint8", "Description":"The IP version field in the IP packet header."},
	{"Name":"licenseType", "Datatype":"uint8", "Description":"Not used currently."},
	{"Name":"connectionChainHopCount", "Datatype":"uint8", "Description":"The hop count of the current device in the connection chain from client to server (see connection chain id for more details)"},
	{"Name":"authenticationStage", "Datatype":"uint8", "Description":"The authentication stage/factor number."},
	{"Name":"authenticationtype", "Datatype":"uint8", "Description":"The authentication type:  \n1 - LOCAL AUTH,  \n2 - RADIUS AUTH,  \n3 - LDAP AUTH,  \n4 - TACACS AUTH,  \n5 - CERT AUTH,  \n6 - NEGOTIATE AUTH,  \n7 - SAML AUTH,  \n8 - PROFILE AUTH,  \n9 - DFA AUTH,  \n10 - SAMLIDP AUTH,  \n11 - WEBAUTH AUTH, \n12 - OAUTH AUTH,  \n13 - SFAUTH AUTH."},
	{"Name":"ssoAuthMethod", "Datatype":"uint8", "Description":"The SSO method used:  \n1 - BASIC,  \n2 - DIGEST,  \n3 - NTLM,  \n4 - NEGOTIATE,  \n5 - AGBASIC,  \n6 - FORM,  \n7 - AGBASIC WITH SCARD"},
	{"Name":"VPNSessionLogoutMode", "Datatype":"uint8", "Description":"The logout mode:  \n200 - CODE \n201 - INTERNAL ERROR,  \n202 - TIMED OUT,  \n203 - INITIATEDBYUSER,  \n204 - KILLED BY ADMIN,  \n205 - TLOGIN,  \n206 - MAXLICRCHD,  \n207 - CLI SECONDARY CHECK FAILED,  \n208 - PREAUTH CHANGED,  \n209 - COOKIE MISMATCH,  \n210 - DHT,  \n211 - TWO FACTOR FAIL, \n212 - ICA LICENSE,  \n213 - SAMLSP IDP INIT)"},
	{"Name":"appfwProfileSafetyIndex", "Datatype":"uint8", "Description":"Application firewall profile safety index"},
	{"Name":"appfwAppSafetyIndex", "Datatype":"uint8", "Description":"vserver safety index. A single-digit rating system that indicates how securely you have configured the NetScaler devices to protect applications from external threats and vulnerabilities. The lower the security risks for an application, the higher the safety index. Values range from 1 through 7."},
	{"Name":"iprepAppSafetyIndex", "Datatype":"uint8", "Description":"vserver safety index for IP reputation"},
	{"Name":"appfwHttpMethod", "Datatype":"uint8", "Description":"http method of violation"},
	{"Name":"appfwAppThreatIndex", "Datatype":"uint8", "Description":"vserver threat index"},
	{"Name":"appfwBlockFlags", "Datatype":"uint8", "Description":"8 bit flag where each bit indicates whether an attack has been blocked or not. At max 3 violation/attack info are exported in one appflow record. So fisrt 3 bits are currently used and remaining 5 bits are unused"},
	{"Name":"appfwTransformFlags", "Datatype":"uint8", "Description":"8 bit flag where each bit indicates whether an attack has been transfomred or not. At max 3 violation/attack info are exported in one appflow record. So fisrt 3 bits are currently used and remaining 5 bits are unused"},
	{"Name":"appfwProfileSigAutoUpdate", "Datatype":"uint8", "Description":"appfw signature auto update is on or off.\n0-OFF\n1-ON"},
	{"Name":"systemSafetyIndex", "Datatype":"uint8", "Description":"System safety index"},
	{"Name":"appfwProfileSignatureSafetyIndex", "Datatype":"uint8", "Description":"Signature file safety index"},
	{"Name":"appfwProfileSecChecksSafetyIndex", "Datatype":"uint8", "Description":"Application firewall profile safety index"},
	{"Name":"appfwSigRuleEnabledFlags", "Datatype":"uint8", "Description":"8 bit flag where first 5 bits indicates whether the corresponding signature rule is enabled or not, Remaining 3 bits are currently unused."},
	{"Name":"appfwSigRuleBlockFlags", "Datatype":"uint8", "Description":"8 bit flag where first 5 bits indicates whether the corresponding signature rule has block option enabled or not"},
	{"Name":"appfwSigRuleLogFlags", "Datatype":"uint8", "Description":"8 bit flag where first 5 bits indicates whether the corresponding signature rule has log action enabled or not"},
	{"Name":"appfwSigRuleStatsFlags", "Datatype":"uint8", "Description":"8 bits flag where first 5 bits indicates whether the corresponding signature rule has stats option enabled or not"},
	{"Name":"appfwProfileType", "Datatype":"uint8", "Description":"Application firewall profile type (HTML, XML)"},
	{"Name":"L7LatencyMaxNotifyCount", "Datatype":"uint8", "Description":"Maximum number of times the NetScaler instance would send out notifications to the NetScaler Insight Center. Count will be applicable once the threshold is exceeded and is reset when the active latency falls below the threshold. Periodicity of these notifications are governed by the Notification Interval."},
	{"Name":"L7LatencyThresholdFactor", "Datatype":"uint8", "Description":"The factor by which the active latency should exceed the minimum observed latency in order to send out notifications."},
	{"Name":"icaSessionType", "Datatype":"uint8", "Description":"The ICA session type: Application or Desktop."},
	{"Name":"iprepSeverity", "Datatype":"uint8", "Description":"IP reputation severity"},
	{"Name":"iprepHTTPMethod", "Datatype":"uint8", "Description":"IP reputation http method"},
	{"Name":"iprepAppThreatIndex", "Datatype":"uint8", "Description":"Vserver threat index"},
	{"Name":"ssliDomainReputation", "Datatype":"uint8", "Description":"Reputation score of the accessed domain, when SSL Interception and URL Filtering are enabled."},
	{"Name":"ssliPolicyAction", "Datatype":"uint8", "Description":"SSL Interception action, determined by an SSL policy evaluation. Possible values -\n0x0 (Not determined)\n0x1 (Intercept)\n0x2 (Don't Intercept)\n0x3 (Block/Reset)"},
	{"Name":"ssliExecutedAction", "Datatype":"uint8", "Description":"SSL Interception action performed. Possible values -\n0x0 (Not determined)\n0x1 (Intercept)\n0x2 (Don't Intercept)\n0x3 (Block/Reset)"},
	{"Name":"ssliReasonForAction", "Datatype":"uint8", "Description":"Reason for the SSL Interception action that was performed. Possible values -\n0x0 (Not determined)\n0x1 (Policy result)\n0x10 (Origin server certificate verification failed - hostname in server certificate does not match SNI)\n0x11 (Origin server certificate verification failed - server certificate has expired)\n0x12 (Origin server certificate verification failed - server certificate is not yet valid)\n0x13 (Origin server certificate verification failed - server certificate contains an invalid signature)\n0x14 (Origin server certificate verification failed - server certificate is self-signed)\n0x15 (Origin server certificate verification failed - certificate chain contains an untrusted self-signed certificate)\n0x16 (Origin server certificate verification failed - certificate chain contains an invalid CA certificate)\n0x17 (Origin server certificate verification failed - no local issuer certificate found)\n0x18 (Origin server certificate verification failed - Internal error)\n0x1F (Origin server certificate verification failed - Other error)\n0x20 (Origin server certificate revocation check failed - server certificate has been revoked)\n0x21 (Origin server certificate revocation check failed - revocation status in OCSP response is UNKNOWN)\n0x22 (Origin server certificate revocation check failed - OCSP response has an incorrect validity period)\n0x23 (Origin server certificate revocation check failed - OCSP response verification failed)\n0x24 (Origin server certificate revocation check failed - OCSP response contained multiple responses)\n0x30 (Origin server certificate could not be forged successfully)"},
	{"Name":"urlCategoryReputation", "Datatype":"uint8", "Description":"Reputation score of the URL category accessed."},
	{"Name":"responderActionType", "Datatype":"uint8", "Description":"The type of action to be taken for the URL category."},
	{"Name":"lsnNatEvent", "Datatype":"uint8", "Description":"Identifies the type of a NAT event. Examples of NAT events include, but are not limited to, NAT translation create, NAT translation delete, Threshold Reached, or Threshold Exceeded, etc. Values for this Information Element are listed in the NAT Event Type registry."},
	{"Name":"lsnProtocolIdentifier", "Datatype":"uint8", "Description":"In Internet Protocol version 4 (IPv4), this is carried in the Protocol field. In Internet Protocol version 6 (IPv6), this is carried in the Next Header field in the last extension header of the packet."},
	{"Name":"lsnQuotaNatEvent", "Datatype":"uint8", "Description":"Identifies the type of a NAT event. Examples of NAT events include, but are not limited to, NAT translation create, NAT translation delete, Threshold Reached, or Threshold Exceeded, etc. Values for this Information Element are listed in the NAT Event Type registry."},
	{"Name":"lsnQuotaProtoIdentifier", "Datatype":"uint8", "Description":"In Internet Protocol version 4 (IPv4), this is carried in the Protocol field. In Internet Protocol version 6 (IPv6), this is carried in the Next Header field in the last extension header of the packet."},
	{"Name":"urlsetMatched", "Datatype":"uint8", "Description":"Indicates client traffic matched a url which belongs to a urlset used in a policy."},
	{"Name":"urlsetPrivate", "Datatype":"uint8", "Description":"Indicates that the matched url belongs to a urlset that is marked private, thus URL set cannot be exported."},
	{"Name":"categoryDomainSource", "Datatype":"uint8", "Description":"Identifies the source that the SSL Domain is derived from (Client Hello's SNI / Server Certificate's CN / Server Certificate's SAN / Server Certificate's Multiple DNS Name, etc.)"},
	{"Name":"ssliurlsetMatched", "Datatype":"uint8", "Description":"Indicates client traffic matched a url which belongs to a urlset used in a policy."},
	{"Name":"ssliurlsetPrivate", "Datatype":"uint8", "Description":"Indicates that the matched url belongs to a urlset that is marked private, thus URL set cannot be exported ."},
	{"Name":"ngsRecordType", "Datatype":"uint8", "Description":"Record Type for the NGS session."},
	{"Name":"transportProtocolType", "Datatype":"uint8", "Description":"Transport protocol Type for PCB: \n 6 - TCP \n 17 - UDP ."},
	{"Name":"nsicaSessionUpdateServerPort", "Datatype":"uint16", "Description":"Server port number from server side connection on NetScaler."},
	{"Name":"diameterSubscriberIpv6PrefixLen", "Datatype":"uint8", "Description":"The subscriber IPv6 address prefix length"},
	{"Name":"ssoAuthMethodSessUpdate", "Datatype":"uint8", "Description":"The SSO method used:  \n1 - BASIC,  \n2 - DIGEST,\n3 - NTLM,  \n4 - NEGOTIATE,  \n5 - AGBASIC,  \n6 - FORM,  \n7 - AGBASIC WITH SCARD"},
	{"Name":"ssoAuthMethodAppLaunch", "Datatype":"uint8", "Description":"The SSO method used:  \n1 - BASIC,  \n2 - DIGEST,  \n3 - NTLM,  \n4 - NEGOTIATE,  \n5 - AGBASIC,  \n6 - FORM,  \n7 - AGBASIC WITH SCARD"},
	{"Name":"cltTcpFlagsRx", "Datatype":"uint8", "Description":"TCP control bits observed for packets of this Flow in the given interval. \nFIN  0x01\nSYN  0x02\nRST  0x04\nPUSH 0x08\nACK  0x10\nURG  0x20\nECE  0x40\nCWR  0x80."},
	{"Name":"cltTcpFlagsTx", "Datatype":"uint8", "Description":"TCP control bits observed for packets of this Flow in the given interval. \nFIN  0x01\nSYN  0x02\nRST  0x04\nPUSH 0x08\nACK  0x10\nURG  0x20\nECE  0x40\nCWR  0x80."},
	{"Name":"svrTcpFlagsRx", "Datatype":"uint8", "Description":"TCP control bits observed for packets of this Flow in the given interval. \nFIN  0x01\nSYN  0x02\nRST  0x04\nPUSH 0x08\nACK  0x10\nURG  0x20\nECE  0x40\nCWR  0x80."},
	{"Name":"svrTcpFlagsTx", "Datatype":"uint8", "Description":"TCP control bits observed for packets of this Flow in the given interval. \nFIN  0x01\nSYN  0x02\nRST  0x04\nPUSH 0x08\nACK  0x10\nURG  0x20\nECE  0x40\nCWR  0x80."},
	{"Name":"nsicaSessionSetupServerPort", "Datatype":"uint16", "Description":"Server port number from server side connection on NetScaler."},
	{"Name":"clientTypeFlags", "Datatype":"uint32", "Description":"App launch client."},
	{"Name":"ngsLaunchType", "Datatype":"uint8", "Description":"Launch Type for the NGS session\n 1 - Shield\n 2 - Non-Shield."},
	{"Name":"isTelemetryLaunch", "Datatype":"uint8", "Description":"Flag set if Telemetry Launch."},
	{"Name":"rendezvousEnabled", "Datatype":"uint8", "Description":"Flag set if Rendezvous enabled."},
	{"Name":"rendezvousCapability", "Datatype":"uint8", "Description":"Rendezvous version when Rendezvous enabled."},
	{"Name":"hdxOverUdp", "Datatype":"uint8", "Description":"Flag set if UDP is used, not set if TCP."},
	{"Name":"isReconnect", "Datatype":"uint8", "Description":"Flag set if reconnected session."},
	{"Name":"ngsProtocolType", "Datatype":"uint8", "Description":"Protocol Type for the NGS session\n 1 - CGP\n 2 - SOCKS."},
	{"Name":"icaEndReasonCode", "Datatype":"uint8", "Description":"Reason code for ICA END"},
	{"Name":"authenticationstage", "Datatype":"uint32", "Description":"The authentication stage/factor number."},
	{"Name":"authenticationType", "Datatype":"uint8", "Description":"The authentication type."},
	{"Name":"authenticationstatuscode", "Datatype":"uint32", "Description":"Authentication Status"},
	{"Name":"ciLogType", "Datatype":"uint8", "Description":"Type of CI log.\nICAP 1\nInline Inspection  2\nMirror Inspection 3"},
	{"Name":"ciReqAction", "Datatype":"uint8", "Description":"CI-Request Action"},
	{"Name":"ciRespAction", "Datatype":"uint8", "Description":"CI-Response Action"},
	{"Name":"botType", "Datatype":"uint8", "Description":"Bot Type"},
	{"Name":"botViolSeverity", "Datatype":"uint8", "Description":"Bot Violation Severity"},
	{"Name":"botDetMechanism", "Datatype":"uint8", "Description":"Mechanism used to categorize current bot transaction"},
	{"Name":"botAction", "Datatype":"uint8", "Description":"Action taken for current bot transaction"},
	{"Name":"grpcStatusCode", "Datatype":"uint8", "Description":"Indicates the status of grpc."},
	{"Name":"ngsAppType", "Datatype":"uint8", "Description":"Type of App in NGS\n 1 - WebApp \n 2 - SaaSApp."},
	{"Name":"httpReqMethod", "Datatype":"string", "Description":"The request method in an HTTP request."},
	{"Name":"httpReqHost", "Datatype":"string", "Description":"Value of Host header in an HTTP request."},
	{"Name":"httpReqUserAgent", "Datatype":"string", "Description":"The User Agent string in an HTTP request header."},
	{"Name":"httpContentType", "Datatype":"string", "Description":"The Content Type string in an HTTP header."},
	{"Name":"httpReqAuthorization", "Datatype":"string", "Description":"Value of the Authorization header in an HTTP request."},
	{"Name":"httpReqVia", "Datatype":"string", "Description":"Value of the Via header in an HTTP request."},
	{"Name":"httpResLocation", "Datatype":"string", "Description":"Value of the Location header in an HTTP response."},
	{"Name":"httpResSetCookie", "Datatype":"string", "Description":"Value of the Set-Cookie header in an HTTP response."},
	{"Name":"httpDomainName", "Datatype":"string", "Description":"HTTP domain name."},
	{"Name":"detectedDomainName", "Datatype":"string", "Description":"The detected server domain name in the current video transaction"},
	{"Name":"httpCustHdr1", "Datatype":"string", "Description":"Name of the first Custom header being exported"},
	{"Name":"httpCustHdrVal1", "Datatype":"string", "Description":"Value of the first Custom header being exported"},
	{"Name":"httpCustHdr2", "Datatype":"string", "Description":"Name of the second Custom header being exported"},
	{"Name":"httpCustHdrVal2", "Datatype":"string", "Description":"Value of the second Custom header being exported"},
	{"Name":"httpCustHdr3", "Datatype":"string", "Description":"Name of the third Custom header being exported"},
	{"Name":"httpCustHdrVal3", "Datatype":"string", "Description":"Value of the third Custom header being exported"},
	{"Name":"httpCustHdr4", "Datatype":"string", "Description":"Name of the fourth Custom header being exported"},
	{"Name":"httpCustHdrVal4", "Datatype":"string", "Description":"Value of the fourth Custom header being exported"},
	{"Name":"httpCustHdr5", "Datatype":"string", "Description":"Name of the fifth Custom header being exported"},
	{"Name":"httpCustHdrVal5", "Datatype":"string", "Description":"Value of the fifth Custom header being exported"},
	{"Name":"httpCustHdr6", "Datatype":"string", "Description":"Name of the sixth Custom header being exported"},
	{"Name":"httpCustHdrVal6", "Datatype":"string", "Description":"Value of the sixth Custom header being exported"},
	{"Name":"httpCustHdr7", "Datatype":"string", "Description":"Name of the seventh Custom header being exported"},
	{"Name":"httpCustHdrVal7", "Datatype":"string", "Description":"Value of the seventh Custom header being exported"},
	{"Name":"httpCustHdr8", "Datatype":"string", "Description":"Name of the eighth Custom header being exported"},
	{"Name":"httpCustHdrVal8", "Datatype":"string", "Description":"Value of the eighth Custom header being exported"},
	{"Name":"icaClientVersion", "Datatype":"string", "Description":"Client receiver software version number."},
	{"Name":"icaClientHostName", "Datatype":"string", "Description":"Hostname of ICA Client."},
	{"Name":"icaUsername", "Datatype":"string", "Description":"Username for the ICA session."},
	{"Name":"icaDomainName", "Datatype":"string", "Description":"Domain that ICA client is joined to."},
	{"Name":"serverName", "Datatype":"string", "Description":"Name of XA/XD server that client is accessing."},
	{"Name":"icaApplicationName", "Datatype":"string", "Description":"ICA application name."},
	{"Name":"icaAppModulePath", "Datatype":"string", "Description":"Full path of the ICA application executable."},
	{"Name":"coEmbedObjUrl", "Datatype":"string", "Description":"The URL of the embedded object that was moved, inlined or converted from import to link etc. as part of Front End Optimization."},
	{"Name":"policyName", "Datatype":"string", "Description":"The Authentication policyname."},
	{"Name":"authAgentName", "Datatype":"string", "Description":"The Authentication server name/FQDN."},
	{"Name":"groupName", "Datatype":"string", "Description":"The group name of which the user belongs to."},
	{"Name":"VPNRequestURL", "Datatype":"string", "Description":"The resource request URL."},
	{"Name":"SSORequestURL", "Datatype":"string", "Description":"SSO request URL."},
	{"Name":"resourceName", "Datatype":"string", "Description":"The resource domain name or application name."},
	{"Name":"appfwProfileName", "Datatype":"string", "Description":"Application firewall profile name"},
	{"Name":"appfwViolationProfileName", "Datatype":"string", "Description":"Application firewall profile name"},
	{"Name":"appfwSigName", "Datatype":"string", "Description":"Appfw profile signature name"},
	{"Name":"appfwReqUrl", "Datatype":"string", "Description":"Request url of a violatin"},
	{"Name":"appfwGeoLocation", "Datatype":"string", "Description":"Attack origin location"},
	{"Name":"iprepGeoLocation", "Datatype":"string", "Description":"Attack origin location"},
	{"Name":"appfwSigRuleFileName", "Datatype":"string", "Description":"Signature name of violation"},
	{"Name":"serverVersion", "Datatype":"string", "Description":"Version of XenApp/XenDesktop server that client is accessing."},
	{"Name":"cSecExpression", "Datatype":"string", "Description":"The client security expression which failed on user machine."},
	{"Name":"ssliDomainName", "Datatype":"string", "Description":"Accessed domain name that is extracted from the value of the SNI extension in the SSL Client Hello handshake message, when SSL Interception is enabled."},
	{"Name":"categoryDomainName", "Datatype":"string", "Description":"Accessed domain name that is extracted from the value of the SNI extension in the SSL Client Hello handshake message."},
	{"Name":"UrlCatPolicyName", "Datatype":"string", "Description":"Url Categorization Policy Name matched"},
	{"Name":"curFactorPolicyLabel", "Datatype":"string", "Description":"The current factor policylabel name."},
	{"Name":"nextFactorPolicyLabel", "Datatype":"string", "Description":"The Next factor policylabel name."},
	{"Name":"lsnPoolName", "Datatype":"string", "Description":"The name of a NAT pool identified by a natPoolID."},
	{"Name":"videoSessDiamSessionId", "Datatype":"string", "Description":"The subscriber Diamter session-id."},
	{"Name":"videoSessDiamSubscriberId", "Datatype":"string", "Description":"The subscriber Diamter ID (MSISDN)."},
	{"Name":"videoTxnSessionSubscriberID", "Datatype":"string", "Description":"Video session subscriber ID"},
	{"Name":"videoTxnSessionSubscriberSessionID", "Datatype":"string", "Description":"Video session subscriber session ID"},
	{"Name":"appfwLogExprName", "Datatype":"string", "Description":"AppFw LogExpression Name."},
	{"Name":"appfwLogExprValue", "Datatype":"string", "Description":"AppFw LogExpression Value."},
	{"Name":"appfwLogExprComment", "Datatype":"string", "Description":"AppFw LogExpression Comment."},
	{"Name":"SSORequestUrlSessUpdate", "Datatype":"string", "Description":"SSO request URL."},
	{"Name":"SSORequestUrlAppLaunch", "Datatype":"string", "Description":"SSO request URL."},
	{"Name":"correlationId", "Datatype":"string", "Description":"Correlation ID"},
	{"Name":"connectionLeaseId", "Datatype":"string", "Description":"Connection Lease ID"},
	{"Name":"zoneId", "Datatype":"string", "Description":"Resource Location(zone) ID"},
	{"Name":"vdaUuid", "Datatype":"string", "Description":"VDA UUID"},
	{"Name":"vdaFqdn", "Datatype":"string", "Description":"VDA FQDN"},
	{"Name":"connectorUuid", "Datatype":"string", "Description":"Connector UUID"},
	{"Name":"connectorFqdn", "Datatype":"string", "Description":"Connector FQDN"},
	{"Name":"icaEndCorrelationId", "Datatype":"string", "Description":"Correlation ID"},
	{"Name":"mismatchCiphers", "Datatype":"string", "Description":"List of all Ciphers sent by Client which are not bound on ADC"},
	{"Name":"unsupportedCiphers", "Datatype":"string", "Description":"List of all Ciphers sent by Client which are not supported on ADC"},
	{"Name":"ngsComponent", "Datatype":"string", "Description":"Name of the Component generating the event"},
	{"Name":"ngsSessionLaunch", "Datatype":"string", "Description":"SessionLaunch indicates to CAS to store events in splunk longer and avoids sampling. Values can be Yes or No"},
	{"Name":"ngsTime", "Datatype":"string", "Description":"Time of the event"},
	{"Name":"ngsState", "Datatype":"string", "Description":"State of the session at the time of event"},
	{"Name":"ngsMessage", "Datatype":"string", "Description":"Message describing the event"},
	{"Name":"ngsCode", "Datatype":"string", "Description":"Code uniquely identifies the event"},
	{"Name":"ngsDestinationComponent", "Datatype":"string", "Description":"Destination Component Name"},
	{"Name":"ngsChildTransactionID", "Datatype":"string", "Description":"Child Transaction ID links related Transaction IDs in events"},
	{"Name":"ngsUserID", "Datatype":"string", "Description":"User ID uniquely identifies the user"},
	{"Name":"ngsSessionLaunchUserName", "Datatype":"string", "Description":"User name of the corresponding User ID"},
	{"Name":"ngsApp", "Datatype":"string", "Description":"Published name of the App"},
	{"Name":"ngsVdaMachineSid", "Datatype":"string", "Description":"VDA Machine SID can be virtual SID for non domain joined VDAs"},
	{"Name":"ngsVdaMachineName", "Datatype":"string", "Description":"Name of the VDA Machine"},
	{"Name":"ngsResourceLocationID", "Datatype":"string", "Description":"Resource location ID of the event source"},
	{"Name":"ngsVdaSessionID", "Datatype":"string", "Description":"VDA Session ID uniquely identifies the VDA Session"},
	{"Name":"ngsClientNetworkName", "Datatype":"string", "Description":"Client Network Name is either name of the network or adapter used for the connection"},
	{"Name":"PopId", "Datatype":"string", "Description":"NGS POP ID (region code)"},
	{"Name":"TimestampAppLaunch", "Datatype":"uint32", "Description":"NGS ICA Start Time stamp."},
	{"Name":"botGeoLocation", "Datatype":"string", "Description":"Bot attack origin geo location"},
	{"Name":"botProfileName", "Datatype":"string", "Description":"Bot management profile name"},
	{"Name":"botReqUrl", "Datatype":"string", "Description":"URL requested by Bot"},
	{"Name":"botDomain", "Datatype":"string", "Description":"Bot detection based on domain"},
	{"Name":"botLogExprName", "Datatype":"string", "Description":"Bot LogExpression Name."},
	{"Name":"botLogExprValue", "Datatype":"string", "Description":"Bot LogExpression Value."},
	{"Name":"botLogExprComment", "Datatype":"string", "Description":"Bot LogExpression Comment."},
	{"Name":"botDeveloper", "Datatype":"string", "Description":"Bot Developer"},
	{"Name":"botLogMessage", "Datatype":"string", "Description":"Bot Log Message"},
	{"Name":"botKMSessionId", "Datatype":"string", "Description":"Bot Session ID."},
	{"Name":"botKMUserAgent", "Datatype":"string", "Description":"Bot User Agent."},
	{"Name":"botKMSegmentData", "Datatype":"string", "Description":"Bot Segment Data."},
	{"Name":"botKMInsertionURL", "Datatype":"string", "Description":"Bot KM Insertion URL."},
	{"Name":"botCategoryStr", "Datatype":"string", "Description":"Bot Category String"},
	{"Name":"botIPv6TrueClientIPAddress", "Datatype":"string", "Description":"Bot IPv6 address"},
	{"Name":"grpcStatusMsg", "Datatype":"string", "Description":"Value of grpc status message header"},
	{"Name":"rate_limit_identifier_name", "Datatype":"string", "Description":"Limit Identifier Name used in rate-limiting."},
	{"Name":"queryTypeStr", "Datatype":"string", "Description":"MongodbQuery Type"},
	{"Name":"collectionName", "Datatype":"string", "Description":"MongodbQuery Collection Name"},
	{"Name":"jsonTextBuffer", "Datatype":"string", "Description":"MongodbQuery Buffer"},
	{"Name":"respQueryTypeStr", "Datatype":"string", "Description":"MongodbQuery Resp Querytype"},
	{"Name":"srcMetadataJSON", "Datatype":"string", "Description":"Source Endpoint Metadata information."},
	{"Name":"dstMetadataJSON", "Datatype":"string", "Description":"Destination Endpoint Metadata information."},
	{"Name":"srcLabelsJSON", "Datatype":"string", "Description":"Source Endpoint Label information."},
	{"Name":"dstLabelsJSON", "Datatype":"string", "Description":"Destination Endpoint Label information."},
	{"Name":"mqtt_clientid", "Datatype":"string", "Description":"The Mqtt message client identifier."},
	{"Name":"mqtt_usrname", "Datatype":"string", "Description":"The Mqtt message username."},
	{"Name":"mqtt_pub_sub_unsub_topic", "Datatype":"string", "Description":"The Mqtt message topic."},
	{"Name":"httpReqUrl", "Datatype":"string", "Description":"HTTP request URL"},
	{"Name":"appName", "Datatype":"string", "Description":"Name of the entity configured on Netscaler for which the name-to-id mapping is being sent in the current record."},
	{"Name":"sslErrAppName", "Datatype":"string", "Description":"Name of the virtual server on which the SSL handshake error is reported."},
	{"Name":"appTemplateName", "Datatype":"string", "Description":"Name of the template to which the current entity belongs (see netscalerAppTemplateID)"},
	{"Name":"aaaUsername", "Datatype":"string", "Description":"If the connection is over VPN, the AAA username for the session."},
	{"Name":"streamIdentifierName", "Datatype":"string", "Description":"Name of the Stream Identifier."},
	{"Name":"streamSessionName", "Datatype":"string", "Description":"Name of the stream session."},
	{"Name":"icPolicyName", "Datatype":"string", "Description":"The integrated cache policy name"},
	{"Name":"observationDomainName", "Datatype":"string", "Description":"The name of an observation domain identified by an observationDomainId"},
	{"Name":"backendServerName", "Datatype":"string", "Description":"The backend service name (FQDN)."},
	{"Name":"vserverFQDN", "Datatype":"string", "Description":"The gateway FQDN."},
	{"Name":"appfwSessionId", "Datatype":"string", "Description":"Application firewall session id"},
	{"Name":"appfwViolationTypeName1", "Datatype":"string", "Description":"field name of 1st violations.At max 3 violations are exported in one appflow record."},
	{"Name":"appfwViolationNameValue1", "Datatype":"string", "Description":"field value of 2nd violation"},
	{"Name":"appfwSigCategory1", "Datatype":"string", "Description":"signature category of 1st violation"},
	{"Name":"appfwViolationTypeName2", "Datatype":"string", "Description":"field name of 2nd violation"},
	{"Name":"appfwViolationNameValue2", "Datatype":"string", "Description":"field value of 2nd violation"},
	{"Name":"appfwSigCategory2", "Datatype":"string", "Description":"signature category of 2nd violation"},
	{"Name":"appfwViolationTypeName3", "Datatype":"string", "Description":"field name of 3rd violation"},
	{"Name":"appfwViolationNameValue3", "Datatype":"string", "Description":"field value of 3rd violation"},
	{"Name":"appfwSigCategory3", "Datatype":"string", "Description":"signature category of 3rd violation"},
	{"Name":"appfwSigRuleCategory1", "Datatype":"string", "Description":"signature category of 1st rule. At max 5 signature rules are being exported in one appflow record"},
	{"Name":"appfwSigRuleLogstring1", "Datatype":"string", "Description":"signature log string of 1st rule"},
	{"Name":"appfwSigRuleCategory2", "Datatype":"string", "Description":"signature category of 2nd rule"},
	{"Name":"appfwSigRuleLogstring2", "Datatype":"string", "Description":"signature log string of 2nd rule"},
	{"Name":"appfwSigRuleCategory3", "Datatype":"string", "Description":"signature category of 3rd rule"},
	{"Name":"appfwSigRuleLogstring3", "Datatype":"string", "Description":"signature log string of 3rd rule"},
	{"Name":"appfwSigRuleCategory4", "Datatype":"string", "Description":"signature category of 4th rule"},
	{"Name":"appfwSigRuleLogstring4", "Datatype":"string", "Description":"signature log string of 4th rule"},
	{"Name":"appfwSigRuleCategory5", "Datatype":"string", "Description":"signature category of 5th rule"},
	{"Name":"appfwSigRuleLogString5", "Datatype":"string", "Description":"signature log string of 5th rule"},
	{"Name":"subscriberIdentifier", "Datatype":"string", "Description":"The subscriber ID received in a AAA message. When RADIUS Accounting is used as the control-plane interface, the Subscriber ID is mapped to the Calling-Station-Id AVP, which typically corresponds to the MSISDN. When PCRF is used as the control-plane interface, the Subscriber ID is mapped to the END_USER_E164 (i.e. MSISDN) subtype of the Subscription-AVP Grouped AVP."},
	{"Name":"maxBurstNetLabel", "Datatype":"string", "Description":"Network type derived from the TCP speed reporting."},
	{"Name":"maxBurstAdTcpProfile", "Datatype":"string", "Description":"Adaptive TCP profile bound to the TCP session"},
	{"Name":"maxBurstTCPProfile", "Datatype":"string", "Description":"TCP profile bound to the TCP session."},
	{"Name":"appfwReqXForwardedFor", "Datatype":"string", "Description":"Value of the X-Forwarded-For HTTP header."},
	{"Name":"icContGrpName", "Datatype":"string", "Description":"The integrated cache content group name"},
	{"Name":"appfwAppNameLs", "Datatype":"string", "Description":"vserver name"},
	{"Name":"appNameLs", "Datatype":"string", "Description":"Name of the LB vserver."},
	{"Name":"appName1Ls", "Datatype":"string", "Description":"Name of the CS vserver."},
	{"Name":"lsnMobileIMSI", "Datatype":"string", "Description":"The International Mobile Subscription Identity (IMSI). The IMSI is a decimal digit string with up to a maximum of 15 ASCII/UTF-8 encoded digits (0x30 - 0x39)."},
	{"Name":"aaaUserEmailId", "Datatype":"string", "Description":"email id of a user logged into VPN"},
	{"Name":"tenantName", "Datatype":"string", "Description":"NGS Customer name"},
	{"Name":"ngsUsername", "Datatype":"string", "Description":"Username for the NGS session."},
	{"Name":"ngsDomainName", "Datatype":"string", "Description":"Domain that NGS user is joined to."},
	{"Name":"ngsProductName", "Datatype":"string", "Description":"Product name that NGS user is joined to."},
	{"Name":"ngsAppId", "Datatype":"string", "Description":"Unique App Id associated NGS Apps"},
	{"Name":"ngsAppName", "Datatype":"string", "Description":"User defined App Name associated with NGS app"},
	{"Name":"appFqdn", "Datatype":"string", "Description":"App/host FQDN used to access data"},
	{"Name":"nsPartitionName", "Datatype":"string", "Description":"Name of the Netscaler Partition which is exporting the records."},
	{"Name":"appNameVserverLs", "Datatype":"string", "Description":"Name of the Vserver if the Vserver is bound to a CS vserver"},
	{"Name":"diameterSessionId", "Datatype":"string", "Description":"The subscriber session-id."},
	{"Name":"diameterSubscriberId", "Datatype":"string", "Description":"The subscriber ID (MSISDN)."},
	{"Name":"diameterAvpCustom1", "Datatype":"string", "Description":"Diameter Custom AVP #1"},
	{"Name":"diameterAvpCustom2", "Datatype":"string", "Description":"Diameter Custom AVP #2"},
	{"Name":"diameterAvpCustom3", "Datatype":"string", "Description":"Diameter Custom AVP #3"},
	{"Name":"diameterAvpCustom4", "Datatype":"string", "Description":"Diameter Custom AVP #4"},
	{"Name":"diameterAvpCustom5", "Datatype":"string", "Description":"Diameter Custom AVP #5"},
	{"Name":"subscriberSessionId", "Datatype":"string", "Description":"The Subscriber Session ID"},
	{"Name":"urlCategoryactionReason", "Datatype":"string", "Description":"Reason for urlcategory action"},
	{"Name":"tracingTraceId", "Datatype":"string", "Description":"Trace ID for the distributed tracing transaction"},
	{"Name":"tracingReqSpanId", "Datatype":"string", "Description":"Span ID for the distributed tracing request transaction"},
	{"Name":"tracingReqParentSpanId", "Datatype":"string", "Description":"Parent span ID for the distributed tracing request transaction"},
	{"Name":"GIaaaUsername", "Datatype":"string", "Description":"If the connection is over VPN, the AAA username for the session."},
	{"Name":"GIaaaUserEmailId", "Datatype":"string", "Description":"email id of a user logged into VPN"},
	{"Name":"ciLogId", "Datatype":"string", "Description":"Content Inspection log generator ID"},
	{"Name":"ciLogMsg", "Datatype":"string", "Description":"Content Inspection log message"},
	{"Name":"userObjectId", "Datatype":"string", "Description":"Unique Use id received by IDP."},
	{"Name":"userSId", "Datatype":"string", "Description":"User Security Identifier received from Athena or OAuth token."},
	{"Name":"deviceName", "Datatype":"string", "Description":"Client Device Name."},
	{"Name":"deviceId", "Datatype":"string", "Description":"Client Device ID."},
	{"Name":"RequestURL", "Datatype":"string", "Description":"The Resource Request URL."},
	{"Name":"AAAUsername", "Datatype":"string", "Description":"AAA Username."},
	{"Name":"AuthPolicyActionName", "Datatype":"string", "Description":"Auth Policy Action Name."},
	{"Name":"AuthSessionID", "Datatype":"string", "Description":"Auth Session ID."},
	{"Name":"ciDomainname", "Datatype":"string", "Description":"Domain Name"},
	{"Name":"ciReqUrl", "Datatype":"string", "Description":"Request URL"},
	{"Name":"ciLogServername", "Datatype":"string", "Description":"CI Server name"},
	{"Name":"ciProfilename", "Datatype":"string", "Description":"CI Profile name"},
	{"Name":"ciReqmethod", "Datatype":"string", "Description":"Request Method"},
	{"Name":"ciAppVservername", "Datatype":"string", "Description":"CI-App_Vserver Name"},
	{"Name":"swaPopLocation", "Datatype":"string", "Description":"SWA POP Location"},
	{"Name":"connectorInfo", "Datatype":"string", "Description":"Gateway Connector info"},
	{"Name":"reason", "Datatype":"string", "Description":"Reason For Failure Case or Success Case"},
	{"Name":"userOperation", "Datatype":"string", "Description":"User Operation"},
	{"Name":"successOrFailure", "Datatype":"string", "Description":"Success Or Failure"},
	{"Name":"recommendedFix", "Datatype":"string", "Description":"Recommended Fix"},
	{"Name":"ngsTransactionID", "Datatype":"string", "Description":"Transaction ID uniquely identifies the session"},
	{"Name":"appfwFDISessionId", "Datatype":"string", "Description":"Application firewall FDI session id"},
	{"Name":"appfwFDIReqUrl", "Datatype":"string", "Description":"WAF Form Insights submission URL."},
	{"Name":"WAFFormData", "Datatype":"string", "Description":"WAF Form Insights Data."},
	{"Name":"appfwFDIUserAgent", "Datatype":"string", "Description":"Application firewall FDI User Agent."},
	{"Name":"appfwClientIPExpValue", "Datatype":"string", "Description":"Value of the ClientIPExpression."},
	{"Name":"AppfwAaaUsername", "Datatype":"string", "Description":"AAA Username."},
	{"Name":"AppfwAaaUserEmailId", "Datatype":"string", "Description":"email id of a user logged into VPN"},
	{"Name":"httpBody", "Datatype":"string", "Description":"HTTP Body for HTTP Req Response"},
	{"Name":"httpUrl", "Datatype":"string", "Description":"HTTP Req URL"},
	{"Name":"httpConType", "Datatype":"string", "Description":"HTTP Req Content Type"},
	{"Name":"httpReQMethod", "Datatype":"string", "Description":"HTTP Req Method"},
	{"Name":"httpBodyComplete", "Datatype":"uint8", "Description":"Flag to indicate if response is complete"},
	{"Name":"httpRespStatus", "Datatype":"uint8", "Description":"HTTP Resp Status value"},
	{"Name":"apiHttpRequestUrl", "Datatype":"string", "Description":"HTTP URL of the API Request"},
	{"Name":"apiHttpRequestContentType", "Datatype":"string", "Description":"HTTP content type of the API Request"},
	{"Name":"apiHttpRequestMethod", "Datatype":"string", "Description":"HTTP method of the API Request"},
	{"Name":"apiEndpoint", "Datatype":"string", "Description":"Matched API Endpoint from the bounded Spec"},
	{"Name":"apiSpecName", "Datatype":"string", "Description":"API Spec Name attached to Vserver"},
	{"Name":"isApi", "Datatype":"uint8", "Description":"Flag to indicate if request is API"},
	{"Name":"stream_usecase", "Datatype":"string", "Description":"Stream Insights Usecase"},
	{"Name":"Requests", "Datatype":"uint32", "Description":"Stream Insights Requests"},
	{"Name":"Bandwidth", "Datatype":"uint32", "Description":"Stream Insights Bandwidth"},
	{"Name":"Connections", "Datatype":"uint32", "Description":"Stream Insights Connections"},
	{"Name":"Resptime", "Datatype":"uint32", "Description":"Stream Insights Response Time"},
	{"Name":"stream_sess_name", "Datatype":"string", "Description":"Stream Insights Stream Session Name"},
	{"Name":"stream_iden_name", "Datatype":"string", "Description":"Stream Insights Stream Identifier Name"},
	{"Name":"Timestamp", "Datatype":"uint32", "Description":"Stream Insights Timestamp"},
]
