Activity Log Event Fdr/Ingest
Event for FDR ingest
This activity type records operations for the following features:
| Field Type | Type | Availability | Description |
|---|---|---|---|
| bucket | Bucket for FDR events | ||
| clientId | Client ID | ||
| dataspace | Repository or view name | ||
| dataspaceId | Dataspace ID | ||
| eventsCount | Count of FDR events | ||
| exception | Path of the exception file and the exception message of the event; only for scheduled search events | ||
| exceptionCause[0] | Exception that caused the final exception | ||
| exceptionMessage | Detailed error message that will include errors at the cluster-level that may have contributed; for example permission, API, or network issues | ||
| fdrFeedId | FDR feed ID | ||
| fdrFeedName | FDR feed name | ||
| fileDownloadParallelism | Number of files simultaneously downloaded | ||
| filesMalformedCount | Number of malformed files | ||
| filesNotFoundCount | Number of files not found | ||
| @id | Unique identifier for the event. Can be used to refer to and re-find specific events. | ||
| @ingesttimestamp | Timestamp when the event was ingested to the repository | ||
| key | Location of the block loaded when processing bucket data | ||
| maxNodes | Maximum number of nodes | ||
| message | Message of the alert or event | ||
| orgId | Organization ID | ||
| @rawstring | Original string of the event | ||
| #repo | Repository tag of the event indicating where event is stored | ||
| size | Size of the incoming data during FDR ingest | ||
| sqsUrl | The AWS SQS queue URL | ||
| sqsAckResponse.content | Content of SQS acknowledgement response | ||
| sqsAckResponse.statusCode | Status code of SQS acknowledgement response | ||
| sqsMessage.body | body of SQS message | ||
| sqsMessage.bodyChecksum | Checksum for body of SQS message | ||
| sqsMessage.bucket | Bucket of SQS message | ||
| sqsMessage.cid | CID of the SQS message | ||
| sqsMessage.fileCount | Number of files from SQS message included in the event | ||
| sqsMessage.id | SQS message ID | ||
| sqsMessage.pathPrefix | Path prefix of the SQS message | ||
| sqsMessage.receiptHandle | The receipt handle of the SQS message; the receipt handle is specific to the action of receiving the message and not the SQS message itself | ||
| sqsMessage.timestamp | Timestamp of SQS message | ||
| sqsMessage.totalSize | Total size of SQS message | ||
| streamId | Stream ID | ||
| subCategory | Subcategory of the event | ||
| suggestion | Suggestion text for how to resolve the error or warning from the event | ||
| @timestamp | Timestamp in milliseconds of the event | ||
| @timestamp.nanos | Extended precision of timestamp below millisecond | ||
| @timezone | Timezone the event originated in, if known. This is often set when the event's timestamp is parsed. |