Activity Log Event FilterAlert/Alert
Alert event for a filter alert
| Field Type | Type | Value | Availability | Description |
|---|---|---|---|---|
| alertId | Alert ID; only for filter alerts | |||
| alertName | Alert name | |||
| @id | ||||
| @ingesttimestamp | ||||
| @rawstring | ||||
| @timestamp | ||||
| @timestamp.nanos | ||||
| @timezone | ||||
| category | Category of the event, such as Alert, Request, IngestFeed, Fdr, Query, Action, and ScheduledSearch | |||
| dataspace | Repository or view name | |||
| eventsAlreadyTriggered | For filter alerts, the number of events already triggered | |||
| eventsBeingTriggered | For filter alerts, the number of events being triggered | |||
| externalQueryId | External ID of the running query | |||
| #category | ||||
| #repo | ||||
| #severity | ||||
| ingestTimeForWhichAllEventsAreTriggered | Latest time when all events with smaller @ingesttimestmp have triggered actions | |||
| ingestTimeKnownGood | ||||
| isLiveQuery | Whether or not the alert executed in the event contained a live query | |||
| message | Message of the alert or event | |||
| orgId | Organization ID | |||
| query | Query executed during the event | |||
| queryEnd | End of the time interval for the query | |||
| queryProcessedEvents | Number of events processed to return the final result set | |||
| queryStart | Start of the time interval for the query | |||
| severity | Severity of the event | |||
| status | Whether the alert, scheduled search, or scheduled report was successful (value Success) or failed (value Failure). An individual failure may be triggered for multiple reasons, but repeated failures over a period of time may indicate a problem that needs investigation. | |||
| subCategory | Subcategory of the event | |||
| timestamp | Timestamp in milliseconds of the event | |||
| viewId | View ID |