Activity Log Event FilterAlert/Query
Event for a query as part of a filter alert
| Field Type | Type | Availability | Description |
|---|---|---|---|
| alertId | alert ID | ||
| alertName | Alert name | ||
| @id | |||
| @ingesttimestamp | |||
| @rawstring | |||
| @timestamp | |||
| @timestamp.nanos | |||
| @timezone | |||
| category | Category of the event, such as Alert, Request, IngestFeed, Fdr, Query, Action, and ScheduledSearch | ||
| dataspace | Repository or view name | ||
| eventsAlreadyTriggered | For filter alerts, the number of events already triggered | ||
| eventsBeingTriggered | For filter alerts, the number of events being triggered | ||
| eventsToTriggerOn | When polling a filter alert query | ||
| externalQueryId | External ID of the running query | ||
| #category | |||
| #repo | |||
| #severity | |||
| ingestTimeForWhichAllEventsAreTriggered | Latest time when all events with smaller @ingesttimestmp have triggered actions | ||
| ingestTimeKnownGood | |||
| isLiveQuery | Whether or not the alert executed in the event contained a live query | ||
| message | Message of the alert or event | ||
| orgId | Organization ID | ||
| query | Query executed during the event | ||
| queryEnd | End of the time interval for the query | ||
| queryProcessedEvents | Number of events processed to return the final result set | ||
| queryStart | Start of the time interval for the query | ||
| severity | Severity of the event | ||
| subCategory | Subcategory of the event | ||
| timestamp | Timestamp in milliseconds of the event | ||
| viewId | View ID |