| alertId | | |
alert ID
|
| alertName | | |
Alert name
|
| @id | | | |
| @ingesttimestamp | | | |
| @rawstring | | | |
| @timestamp | | | |
| @timestamp.nanos | | | |
| @timezone | | | |
| bucketSpan | | | |
| category | | |
Category of the event, such as Alert, Request, IngestFeed, Fdr,
Query, Action, and ScheduledSearch
|
| dataspace | | |
Repository or view name
|
| externalQueryId | | |
External ID of the running query
|
| #category | | | |
| #repo | | | |
| #severity | | | |
| ingestTimeKnownGood | | | |
| isLiveQuery | | |
Whether or not the alert executed in the event contained a live
query
|
| lastSuccessfulQueryPollTime | | | |
| message | | |
Message of the alert or event
|
| orgId | | |
Organization ID
|
| query | | |
Query executed during the event
|
| queryEnd | | |
End of the time interval for the query
|
| queryProcessedEvents | | |
Number of events processed to return the final result set
|
| queryStart | | |
Start of the time interval for the query
|
| queryTimestampType | | | |
| severity | | |
Severity of the event
|
| status | | |
Whether the alert, scheduled search, or scheduled report was
successful (value Success) or failed (value Failure). An
individual failure may be triggered for multiple reasons, but
repeated failures over a period of time may indicate a problem
that needs investigation.
|
| subCategory | | |
Subcategory of the event
|
| timestamp | | |
Timestamp in milliseconds of the event
|
| triggerMode | | | |
| viewId | | |
View ID
|
