Activity Log Event Request
Event for an ingest request
| Field Type | Type | Availability | Description |
|---|---|---|---|
| @id | |||
| @ingesttimestamp | |||
| @rawstring | |||
| @timestamp | |||
| @timestamp.nanos | |||
| @timezone | |||
| category | Category of the event, such as Alert, Request, IngestFeed, Fdr, Query, Action, and ScheduledSearch | ||
| contentLength | Amount of data in bytes. If compressed, the size may differ; see decodedContentLength. | ||
| decodedContentLength | Amount of data in bytes after any compressed data is uncompressed | ||
| #category | |||
| #repo | |||
| #severity | |||
| internal | If the event was internal or not. If internal, URI is also shown. | ||
| logcollectorId | Log collector ID | ||
| message | Message of the alert or event | ||
| method | HTTP method type used during event | ||
| organisationId | Organization ID | ||
| organisationName | Organization name | ||
| orgId | Organization ID | ||
| parser | Name of the parser used to ingest data | ||
| remote | IP address of resource that created the event | ||
| repo | Repository name | ||
| repoID | Unique Repository ID | ||
| responseLength | If there is a response with the event, the response length | ||
| route | Source of the request | ||
| sessionId | Session ID | ||
| severity | Severity of the event | ||
| status | Whether the alert, scheduled search, or scheduled report was successful (value Success) or failed (value Failure). An individual failure may be triggered for multiple reasons, but repeated failures over a period of time may indicate a problem that needs investigation. | ||
| time | Time for the request | ||
| timedOut | |||
| timestamp | Timestamp in milliseconds of the event | ||
| token | ID of the token used during event | ||
| uri | URI of the original sqsMessage | ||
| user | User who runs the query | ||
| userAgent | Web browser identifying information for the event; only for request category | ||
| userID | User ID |