Activity Log Event Action
Event for an action
This activity type records operations for the following features:
| Field Type | Type | Availability | Description |
|---|---|---|---|
| actionId | ID of triggered action; only set for the invocation of a specific action | ||
| actionInvocationId | Unique ID for the invocation of an action, can be used to correlate logs; only set for the invocation of a specific action | ||
| actionName | name of the triggered action; only set for the invocation of a specific action | ||
| alertId | alert ID | ||
| alertName | Alert name | ||
| #category | Category of the event, such as Alert, Request, IngestFeed, Fdr, Query, Action, and ScheduledSearch | ||
| dataspace | Repository or view name | ||
| httpRequestSize | HTTP request size of the event in bytes | ||
| @id | Unique identifier for the event. Can be used to refer to and re-find specific events. | ||
| @ingesttimestamp | Timestamp when the event was ingested to the repository | ||
| message | Message of the alert or event | ||
| orgId | Organization ID | ||
| @rawstring | Original string of the event | ||
| #repo | Repository tag of the event indicating where event is stored | ||
| scheduledSearchId | Scheduled search ID | ||
| scheduledSearchName | Scheduled search name | ||
| @timestamp.nanos | Extended precision of timestamp below millisecond | ||
| @timezone | Timezone the event originated in, if known. This is often set when the event's timestamp is parsed. | ||
| viewId | View ID |