Activity Log Event ScheduledSearch/ScheduledSearch
Event for a scheduled search
| Field Type | Type | Availability | Description |
|---|---|---|---|
| actionIds | List of action IDs for when an alert or scheduled search trigger has been triggered for an event | ||
| actionInvocationIds | List of action invocation IDs for when an alert or scheduled search has been triggered | ||
| @id | |||
| @ingesttimestamp | |||
| @rawstring | |||
| @timestamp | |||
| @timestamp.nanos | |||
| @timezone | |||
| category | Category of the event, such as Alert, Request, IngestFeed, Fdr, Query, Action, and ScheduledSearch | ||
| dataspace | Repository or view name | ||
| externalQueryId | External ID of the running query | ||
| #category | |||
| #repo | |||
| #severity | |||
| message | Message of the alert or event | ||
| orgId | Organization ID | ||
| plannedExecutionTime | Planned execution timestamp | ||
| queryFinishedTime | Time in milliseconds when query in scheduled search finished | ||
| queryIntervalEndTime | |||
| queryIntervalStartTime | |||
| scheduledSearchId | Scheduled search ID | ||
| scheduledSearchName | Scheduled search name | ||
| severity | Severity of the event | ||
| status | Whether the alert, scheduled search, or scheduled report was successful (value Success) or failed (value Failure). An individual failure may be triggered for multiple reasons, but repeated failures over a period of time may indicate a problem that needs investigation. | ||
| subCategory | Subcategory of the event | ||
| timestamp | Timestamp in milliseconds of the event | ||
| viewId | View ID |