Activity Log Event AggregateAlert/Query
| Field Type | Type | Availability | Description |
|---|---|---|---|
| alertId | alert ID | ||
| alertName | Alert name | ||
| @id | |||
| @ingesttimestamp | |||
| @rawstring | |||
| @timestamp | |||
| @timestamp.nanos | |||
| @timezone | |||
| bucketSpan | |||
| category | Category of the event, such as Alert, Request, IngestFeed, Fdr, Query, Action, and ScheduledSearch | ||
| dataspace | Repository or view name | ||
| externalQueryId | External ID of the running query | ||
| #category | |||
| #repo | |||
| #severity | |||
| ingestTimeKnownGood | |||
| isLiveQuery | Whether or not the alert executed in the event contained a live query | ||
| lastSuccessfulQueryPollTime | |||
| message | Message of the alert or event | ||
| orgId | Organization ID | ||
| query | Query executed during the event | ||
| queryProcessedEvents | Number of events processed to return the final result set | ||
| queryTimestampType | |||
| severity | Severity of the event | ||
| subCategory | Subcategory of the event | ||
| timestamp | Timestamp in milliseconds of the event | ||
| triggerMode | |||
| viewId | View ID |