Activity Log Event Action
Event for an action
| Field Type | Type | Value | Availability | Description |
|---|---|---|---|---|
| actionId | ID of triggered action; only set for the invocation of a specific action | |||
| actionInvocationId | Unique ID for the invocation of an action, can be used to correlate logs; only set for the invocation of a specific action | |||
| actionName | name of the triggered action; only set for the invocation of a specific action | |||
| alertId | alert ID | |||
| alertName | Alert name | |||
| @id | ||||
| @ingesttimestamp | ||||
| @rawstring | ||||
| @timestamp | ||||
| @timestamp.nanos | ||||
| @timezone | ||||
| category | Category of the event, such as Alert, Request, IngestFeed, Fdr, Query, Action, and ScheduledSearch | |||
| dataspace | Repository or view name | |||
| #category | ||||
| #repo | ||||
| #severity | ||||
| httpRequestSize | HTTP request size of the event in bytes | |||
| message | Message of the alert or event | |||
| orgId | Organization ID | |||
| scheduledSearchId | Scheduled search ID | |||
| scheduledSearchName | Scheduled search name | |||
| severity | Severity of the event | |||
| timestamp | Timestamp in milliseconds of the event | |||
| viewId | View ID |