Activity Log Event Request

Event for an ingest request

This activity type records operations for the following features:

Field TypeTypeAvailabilityDescription
#category   Category of the event, such as Alert, Request, IngestFeed, Fdr, Query, Action, and ScheduledSearch
contentLength   Amount of data in bytes. If compressed, the size may differ; see decodedContentLength.
decodedContentLength   Amount of data in bytes after any compressed data is uncompressed
@id   Unique identifier for the event. Can be used to refer to and re-find specific events.
@ingesttimestamp   Timestamp when the event was ingested to the repository
internal   If the event was internal or not. If internal, URI is also shown.
logcollectorId   Log collector ID
message   Message of the alert or event
method   HTTP method type used during event
organisationId   Organization ID
organisationName   Organization name
orgId   Organization ID
parser   Name of the parser used to ingest data
@rawstring   Original string of the event
rejections   If a request was rejected, rejections shown
remote   IP address of resource that created the event
repo   Repository name
repoID   Unique Repository ID
responseLength   If there is a response with the event, the response length
route   Source of the request
sessionId   Session ID
#severity   Severity of the event
status   Whether the alert, scheduled search, or scheduled report was successful (value Success) or failed (value Failure). An individual failure may be triggered for multiple reasons, but repeated failures over a period of time may indicate a problem that needs investigation.
time   Time for the request
@timestamp.nanos   Extended precision of timestamp below millisecond
@timezone   Timezone the event originated in, if known. This is often set when the event's timestamp is parsed.
token   ID of the token used during event
uri   URI of the original sqsMessage
user   User who runs the query
userAgent   Web browser identifying information for the event; only for request category
userID   User ID