The humio-activity Repository

The humio-activity repository contains information about operations and activities, including debug, error, and informational messages which are relevant to users and organizations.

Basic Structure

Events within humio-activity contain a record of the specific activities across the LogScale cluster. Events within the repository contain:

  • Timestamp of the activity.

  • Category, which defines the category of the event, such as Request, Query, Alert, ScheduledSearch, and so on.

  • Severity, which indicates the seriousness of the event and whether action may be required.

  • Event-specific information, for example, for a scheduled search, the scheduled search name and ID.

  • Metadata about the event, such as the subcategory of the event, username, used ID, and so on.

The table below shows the category and corresponding subcategory of events shown in the humio-activity repository.

CategorySub-CategoryAvailabilityDescriptionFunctionality
Action   Event for an action  
AggregateAlertAlert   
AggregateAlertQuery   
AlertAction  Event for an action from an alert  
AlertAlert  Event for an alert  
AlertQuery   
FdrEntity   
FdrIngest  Event for FDR ingest  
FilterAlertAlert  Alert event for a filter alert  
FilterAlertQuery  Event for a query as part of a filter alert  
PermissionAssignmentgroupAssignments   
PermissionAssignmentnumberOfGroups   
PermissionAssignmentnumberOfUsers   
PermissionAssignmentuserAssignments   
PermissionAssignmentuserPermissionCounts   
Query   Event for a query  
Request   Event for an ingest request  
ScheduledSearchAction  Event for actions from a scheduled search  
ScheduledSearchQuery  Event for a query that is part of a scheduled search  
ScheduledSearchSchedule  Event for schedule of a scheduled search  
ScheduledSearchScheduledSearch  Event for a scheduled search  
SystemPrivilegeChangeSystemPermission  Event for user permissions change  
SystemPrivilegeManageOrganizations  Event for organization permissions