Activity Log Event Query
Event for a query
| Field Type | Type | Value | Availability | Description |
|---|---|---|---|---|
| @id | ||||
| @ingesttimestamp | ||||
| @rawstring | ||||
| @timestamp | ||||
| @timestamp.nanos | ||||
| @timezone | ||||
| cancelled | Indicates whether the query was cancelled | |||
| category | Category of the event, such as Alert, Request, IngestFeed, Fdr, Query, Action, and ScheduledSearch | |||
| data_scanned | Amount of data scanned in bytes during the event | |||
| error | Error message | |||
| #category | ||||
| #repo | ||||
| #severity | ||||
| isLive | Was the query executed as a live query | |||
| live_cost | Total live cost of the event | |||
| live_cost_minute | Cost per minute of the event | |||
| message | Message of the alert or event | |||
| name | ||||
| orgId | Organization ID | |||
| proxy | Was the request made through a proxy | |||
| queryEnd | End of the time interval for the query | |||
| queryInput | The query that was run | |||
| queryStart | Start of the time interval for the query | |||
| queued | ||||
| resultPipelineExecutionCount | ||||
| severity | Severity of the event | |||
| static_cost_total | Cost of the static (non-live) pat fot he query | |||
| time | Time for the request | |||
| timestamp | Timestamp in milliseconds of the event | |||
| user | User who runs the query | |||
| username | User name | |||
| viewId | View ID | |||
| warnings |