Activity Log Event Fdr/Ingest

Event for FDR ingest

Field TypeTypeAvailabilityDescription
0]   
@id   
@ingesttimestamp   
@rawstring   
@timestamp   
@timestamp.nanos   
@timezone   
bucket   Bucket for FDR events
category   Category of the event, such as Alert, Request, IngestFeed, Fdr, Query, Action, and ScheduledSearch
dataspace   Repository or view name
dataspaceId   Dataspace ID
eventsCount   Count of FDR events
exception   Path of the exception file and the exception message of the event; only for scheduled search events
exceptionCause[0]   Exception that caused the final exception
exceptionMessage   Detailed error message that will include errors at the cluster-level that may have contributed; for example permission, API, or network issues
fdrFeedId   FDR feed ID
fdrFeedName   FDR feed name
#category   
#repo   
#severity   
key   Location of the block loaded when processing bucket data
message   Message of the alert or event
orgId   Organization ID
severity   Severity of the event
size   Size of the incoming data during FDR ingest
sqsAckResponse.content   Content of SQS acknowledgement response
sqsAckResponse.statusCode   Status code of SQS acknowledgement response
sqsMessage.body   body of SQS message
sqsMessage.bodyChecksum   Checksum for body of SQS message
sqsMessage.bucket   Bucket of SQS message
sqsMessage.cid   CID of the SQS message
sqsMessage.fileCount   Number of files from SQS message included in the event
sqsMessage.id   SQS message ID
sqsMessage.pathPrefix   Path prefix of the SQS message
sqsMessage.receiptHandle   The receipt handle of the SQS message; the receipt handle is specific to the action of receiving the message and not the SQS message itself
sqsMessage.timestamp   Timestamp of SQS message
sqsMessage.totalSize   Total size of SQS message
streamId   Stream ID
subCategory   Subcategory of the event
suggestion   Suggestion text for how to resolve the error or warning from the event
timestamp   Timestamp in milliseconds of the event