humio-audit Event types
The type field in each humio-audit event defines the type of operation recorded in the audit log. The list of possible types is provided below.
Table: humio-audit type Values
| Field Value | Availability | Description | Functionality |
|---|---|---|---|
$singularName.delete | Entity was deleted. | ||
action | Limit for organization added or updated | LimitV2 | |
action.add-labels | (added in 1.215) | Label(s) added to action | Manage Actions, addActionLabels() |
action.delete | Action has been deleted | Delete an action | |
action.remove-labels | (added in 1.215) | Label(s) removed from action | Manage Actions, removeActionLabels() |
aggregateAlert.add-label | (available 1.201 to 1.214.0) | A label was added to an aggregate alert. | General properties, addAggregateAlertLabel() |
aggregateAlert.add-labels | (added in 1.215) | Label(s) added to aggregate alert | General properties, addAggregateAlertLabels() |
aggregateAlert.remove-label | (available 1.201 to 1.214.0) | A label was removed from an aggregate alert | General properties, removeAggregateAlertLabel() |
aggregateAlert.remove-labels | (added in 1.215) | Label(s) removed from aggregate alert | General properties, removeAggregateAlertLabels() |
alert.add-labels | (added in 1.215) | Label(s) added to legacy alert | General properties, addLegacyAlertLabels() |
alert.clear-error | Alert error has been cleared | Editing Alerts | |
alert.create | Alert has been created | Triggers | |
alert.delete | Alert has been deleted | Deleting Automated Alerts | |
alert.disable | Alert has been disabled | Disabling an Alert | |
alert.enable | Alert has been enabled | automated-alerts-create-general-new-labels, enableAlert() | |
alert.remove-labels | (added in 1.215) | Label(s) removed from legacy alert | General properties, removeLegacyAlertLabels() |
alert.update | Alert has been updated | Editing Alerts | |
baseaudit | Generic auditing entry | The humio-audit Repository | |
bucket-storage.update | Bucket storage configuration has been updated | Storage Architecture | |
bucket.storage.target.delete | Bucket storage target has been deleted | Delete Bucket Storage Targets | |
bucket.storage.target.update | Bucket storage target has been updated | Update Segments Storage Targets | |
cachepolicy.delete | Data caching policy has been deleted | removeRepoCachePolicy() | |
cachepolicy.update | Cache policy has been updated | setRepoCachePolicy() | |
cluster-management-stats.refresh | (added in 1.172) | Forced refresh of cluster management stats was done | refreshClusterManagementStats() |
cluster-management.update | A change was made to a setting involving digester replication factor, update of desired digesters, rebalance of existing segments, segment replication factor, or minimum host alive percentage. | setAllowUpdateDesiredDigesters() , setDigestReplicationFactor() , setMinHostAlivePercentageToEnableClusterRebalancing() , setSegmentReplicationFactor() , Rebalancing Segments | |
cluster.globalconsistencycheck.start | (added in 1.168) | Global consistency check run on a cluster | runGlobalConsistencyCheck() |
config.settings | (removed in 1.171.0) | Configuration settings have been changed | Configuration Settings |
dashboard.add-labels | (added in 1.215) | Label(s) added to dashboard | Customize Dashboards, addDashboardLabels() |
dashboard.create | A dashboard has been created | Create Dashboards | |
dashboard.delete | A dashboard has been deleted | Manage individual dashboards | |
dashboard.link.create | A shared dashboard link has been created | Share Dashboards | |
dashboard.link.delete | A shared dashboard link has been deleted | Disabling Access to Shared Dashboards | |
dashboard.link.update | A shared dashboard link has been updated | Disabling Access to Shared Dashboards | |
dashboard.remove-labels | (added in 1.215) | Label(s) removed from dashboard | Manage Dashboards, removeDashboardLabels() |
dashboard.update | A dashboard has been edited | Customize Dashboards | |
datasource.autoshard | Datasource autosharding has started | Configure Auto-Sharding for High-Volume Data Sources | |
datasource.autoshard | Default autosharding rule applied | Configure Auto-Sharding for High-Volume Data Sources | |
datasource.delete | A datasource has been deleted | Delete Datasources, Datasources | |
datasource.max-autoshard-count | The globally configured maximum number of autoshards in DATASOURCE_MAX_AUTOSHARD_COUNT was overridden. | Configure Auto-Sharding for High-Volume Data Sources, updateMaxAutoShardCount() | |
datasource.stop-autoshard | Autosharding for a datasource has stopped | Configure Auto-Sharding for High-Volume Data Sources | |
dataspace.block | Ingest has been paused | Disabling Ingestion | |
dataspace.datatype | Repository datatype has been updated | Repository and View Settings | |
dataspace.delete | A repository has been deleted | Delete a Repository or View | |
dataspace.kind | Dataspace kind has been updated | Repository and View Settings | |
dataspace.limit-id | Repository limit has been updated | Repository and View Settings | |
dataspace.max-ingest-request-size | Repository max ingest request size has been changed | Repository and View Settings | |
dataspace.query | Query has been executed | Write Queries | |
dataspace.query.export-bucket | (added in 1.215) | A query was streamed to an external file bucket. | |
dataspace.query.export-file | (added in 1.215) | A query was exported to a file | |
dataspace.retention | Retention settings have been changed | Data Retention | |
dataspace.settings | Repository settings have been updated | Repository and View Settings | |
dataspace.taggroupingrules | Repository tag grouping rules have been updated | Tag Grouping in AWS S3 | |
dataspace.unblock | The ingest pause has been cleared | Disabling Ingestion | |
delete.events | Events have been deleted | Redact Events API | |
dynamicconfig.set | A dynamic configuration value has been updated | Dynamic Configuration Parameters | |
dynamicconfig.unset | A dynamic configuration value has been removed | Dynamic Configuration Parameters | |
email-action.create | An email action has been created | Action Type: Email | |
email-action.update | An email action has been updated | Action Type: Email | |
eventforwarder.delete | An event forwarder has been deleted | Event Forwarders | |
eventforwarder.disable | An event forwarder has been disabled | Event Forwarders | |
eventforwarder.enable | An event forwarder has been enabled | Event Forwarders | |
eventforwarder.kafka.create | An event forwarder has been created | Event Forwarders | |
eventforwarder.kafka.update | An event forwarder has been updated | Event Forwarders | |
eventforwardingrule.add | An event forwarding rule has been added | createEventForwardingRule() , Event Forwarding Rules | |
eventforwardingrule.delete | An event forwarding rule has been deleted | Event Forwarding Rules | |
eventforwardingrule.update | An event forwarding rule has been updated | Event Forwarding Rules | |
fdrfeed-controls.update | Falcon Data Replicator feed controls have been created | Ingesting FDR Data into a Repository | |
fdrfeed.create | Falcon Data Replicator feed configurations have been created | Ingesting FDR Data into a Repository | |
fdrfeed.delete | Falcon Data Replicator feed configurations have been deleted | Ingesting FDR Data into a Repository | |
fdrfeed.update | Falcon Data Replicator feed configurations have been updated | Ingesting FDR Data into a Repository | |
featureflag.global.update | A feature flag has been updated at the cluster level | Enabling and Disabling Feature Flags, Syntax | |
featureflag.org.update | A feature flag has been updated at the organization level | Enabling and Disabling Feature Flags, Syntax | |
featureflag.user.update | A feature flag has been updated at the user level | Enabling and Disabling Feature Flags, Syntax | |
fieldaliasing.schema.create | A field aliasing schema has been created | Configuring Field Aliasing | |
fieldaliasing.schema.delete | A field aliasing schema has been deleted | Configuring Field Aliasing | |
fieldaliasing.schema.disable-org | A field aliasing schema in an organization has been disabled | Configuring Field Aliasing | |
fieldaliasing.schema.disable-view | Field aliasing on a view has been disabled | Configuring Field Aliasing | |
fieldaliasing.schema.disable-views | (added in 1.164) | Field aliasing on more than one view has been disabled | Configuring Field Aliasing |
fieldaliasing.schema.enable-org | A field aliasing schemas has been enabled on an organization | Configuring Field Aliasing | |
fieldaliasing.schema.enable-views | A field aliasing schema has been enabled on a view | Configuring Field Aliasing | |
fieldaliasing.schema.update | A field aliasing schema has been updated | Configuring Field Aliasing | |
filterAlert.add-label | (available 1.201 to 1.214.0) | A label was added to a filter alert. | General properties, addFilterAlertLabel() |
filterAlert.add-labels | (added in 1.215) | Label(s) added to filter alert | General properties, addFilterAlertLabels() |
filterAlert.clear-error | A filter alert error condition has been cleared | Monitor, diagnose, and troubleshoot triggers | |
filterAlert.create | A filter alert has been created | Triggers | |
filterAlert.delete | A filter alert has been deleted | Deleting an Alert | |
filterAlert.disable | A filter alert has been disabled | Disabling an Alert | |
filterAlert.enable | A filter alert has been enabled | Disabling an Alert | |
filterAlert.remove-label | (available 1.201 to 1.214.0) | A label was removed from a filter alert. | General properties, removeFilterAlertLabel() |
filterAlert.remove-labels | (added in 1.215) | Label(s) removed from filter alert | General properties, removeFilterAlertLabels() |
filterAlert.update | A filter alert has been updated | Editing Alerts | |
fleet.collectors.assignconfig | Log Collector(s) assigned to a configuration | assignLogCollectorConfiguration() , assignLogCollectorsToConfiguration() | |
fleet.collectors.disabledebuglogging | Debug for a Log Collector instance was disabled | disableLogCollectorInstanceDebugLogging() | |
fleet.collectors.enabledebugloggingstatic | Debug logging enabled for a Log Collector instance | enableLogCollectorInstanceDebugLogging() | |
fleet.collectors.enroll | Log Collector enrolled in fleet management | EnrolledCollector , Enrollment Command Options | |
fleet.collectors.unenroll | Log collectors have been unenrolled | unenrollLogCollectors() , Enroll Instances | |
fleet.collectors.wantedVersion | Wanted version of Log Collector set | setWantedLogCollectorVersion() | |
fleet.configuration.create | Log Collector configuration created | createLogCollectorConfiguration() | |
fleet.configuration.delete | Log Collector configuration deleted | deleteLogCollectorConfiguration() | |
fleet.configuration.publish | Updated Log Collector configuration published | publishLogCollectorConfiguration() | |
fleet.group.delete | Log Collector group deleted | deleteLogCollectorGroup() | |
fleet.group.setconfigids | Log Collector group configuration IDs updated | updateLogCollectorGroupConfigIds() | |
fleet.group.setfilter | Log Collector group filter updated | updateLogCollectorGroupFilter() | |
fleet.group.setwantedversion | Wanted Log Collector version set | setWantedLogCollectorVersion() | |
fleet.installtokens.create | Fleet installation token created | createFleetInstallToken() | |
fleet.installtokens.delete | Fleet installation token deleted | deleteToken() | |
fleet.installtokens.updateconfigid | Configuration ID updated | updateLogCollectorGroupConfigIds() | |
fleet.settings.disabledebuglogging | Debug for Log Collector was disabled | disableLogCollectorDebugLogging() | |
fleet.settings.enabledebugloggingstatic | Debug enabled for all Log Collector instances | enableLogCollectorDebugLogging() | |
fleet.settings.setlostcollectordays | Lost Log Collector days set | setLostCollectorDays() | |
flight-recorder-settings.update | FlightRecorder settings updated | flightRecorderSettings() | |
flushingstate.org.clear | Event triggered by Falcon LogScale support performing an organization transfer to new cluster. | ||
flushingstate.org.deleted | (added in 1.223) | Organization state set to deleted | |
flushingstate.org.update | Event triggered by Falcon LogScale support performing an organization transfer to new cluster. | ||
global.patch | Global patch event | Patch global | |
group.create | New group created | addGroup() , Manage Groups | |
group.delete | Group was deleted | removeGroup() , Manage Groups | |
group.membership.change | A user has been added or removed in a group | Group Memberships | |
group.organizationmanagementrole.assigned | An organization management role has been assigned to a group | assignOrganizationManagementRoleToGroup() , Assign Roles to Groups | |
group.organizationmanagementrole.unassigned | An organization management role has been unassigned from a group | unassignOrganizationRoleFromGroup() , Assign Roles to Groups | |
group.organizationrole.assigned | An organization role has been assigned to a group | Assign Roles to Groups | |
group.organizationrole.unassigned | An organization role has been unassigned from a group | Assign Roles to Groups | |
group.role.assigned | A role has been assigned to a group | Assign Roles to Groups | |
group.role.unassigned | A role has been removed from a group | Assign Roles to Groups | |
group.systemrole.assigned | The system role has been added to a group | Manage Groups | |
group.systemrole.unassigned | The system role has been removed from a group | Manage Groups | |
group.update | Group was updated | updateGroup() , Manage Groups | |
group.update.defaultQueryPrefix | Default query prefix for group was updated | updateDefaultQueryPrefix() , Manage Groups | |
group.update.defaultRole | Default role of group was updated | updateDefaultRole() , Add or change roles | |
group.update.queryPrefix | Query prefix updated for group | updateQueryPrefix() , Manage Groups | |
hashedtokens.change | (added in 1.177) | Permissions for an API token have been changed | API Tokens |
hashedtokens.change | An API token has been changed | API Tokens | |
hashedtokens.change | (added in 1.170) | Permissions for an API token have been created | API Tokens |
hashedtokens.change | (available 1.170 to 1.176.0) | Permissions for an API token have been changed | API Tokens |
hashedtokens.rotate | An API token has been rotated | API Tokens | |
host-management.update | Host management settings updated | ||
humio-repo-action.create | A LogScale repo action has been created | Action Type: Falcon LogScale Repository | |
humio-repo-action.update | A LogScale repo action has been updated | Action Type: Falcon LogScale Repository | |
identityProvider | Identity providers have been changed | Authentication and identity providers | |
ingest.block | Event ingest was blocked | Disabling Ingestion, Blocking and Unblocking Ingestion | |
ingestconsumer.force-release | Forced release of ingest consumer | ||
ingestfeed.create | (removed in 1.163.0) | An ingest feed has been created | Set up a New AWS Ingest Feed |
ingestfeed.delete | (removed in 1.163.0) | An ingest feed has been deleted | Delete an Ingest Feed |
ingestfeed.reset-quota | (removed in 1.163.0) | Quota/rate for ingest feed was set to a value or reset to defaults | |
ingestfeed.update | (removed in 1.163.0) | An ingest feed has been updated | Edit Ingest Feed Configuration |
ingestlistener.create | An ingest listener has been created | Ingest Listeners | |
ingestlistener.delete | Ingest listeners have been deleted | Ingest Listeners | |
ingestlistener.update | Ingest listeners have been updated | Ingest Listeners | |
iocaccess.update | IOC access was updated | IOC Configuration, disableOrganizationIocAccess() , enableOrganizationIocAccess() | |
ipfilters.change | An IP filter has been updated | Edit an IP Filter | |
limit.delete | Limit removed from organization | removeLimitWithId() | |
limit.mark.deleted | Limit mark was deleted. | Query Quotas, markLimitDeleted() , Limits and Standards | |
login.bridge.allowed.users | Third-party authentication allowed users has been updated | addLoginBridgeAllowedUsers() | |
login.bridge.change | Third-party authentication method has been changed | updateLoginBridge() | |
login.bridge.delete | Third-party authentication method has been deleted | removeLoginBridge() | |
login.bridge.generate.login | Third-party authentication user login request has been generated | LoginBridgeRequest | |
login.bridge.terms.change | Third-party authentication has been updated | updateLoginBridge() | |
no-op-action.create | Action created as a product of alerts during unit tests where the alert must register an action but it is not necessary for an email, etc to be sent. The action does nothing, hence the name no op. | ||
no-op-action.update | Action updated as a product of alerts during unit tests where the alert must register an action but it is not necessary for an email, etc to be sent. The action does nothing, hence the name no op. | ||
notifications.create | A notification has been created | ||
notifications.delete | A notification has been deleted | deleteNotification() | |
notifications.user.change | Notification user has been updated | ||
notifications.user.create | Notification user has been created | ||
notifications.user.delete | Notification user has been deleted | ||
ops-genie-action.create | OpsGenie action has been created | Action Type: OpsGenie | |
ops-genie-action.update | OpsGenie action has been updated | Action Type: OpsGenie | |
org.datasources.import | Event triggered by Falcon LogScale support performing an organization transfer to new cluster. | ||
org.metadata.import | Event triggered by Falcon LogScale support performing an organization transfer to new cluster. | ||
org.metadata.import.rollback | Event triggered by Falcon LogScale support performing an organization transfer to new cluster. | ||
org.segments.import | Event triggered by Falcon LogScale support performing an organization transfer to new cluster. | ||
organization.inconsistencyjob.start | An organization cleanup job was started | ||
organization.userdefaults.update | User defaults for organization updated | ||
organizations | Organization settings have been changed | Organization Settings | |
organizations.batch | Organization inconsistency cleanup job run. | ||
organizations.buckets.readonly | Event triggered by Falcon LogScale support performing an organization transfer to new cluster. | ||
organizations.cid.set | A CrowdStrike CID (customer ID) was associated with an organization | ||
organizations.cross-org-view.add-connections | (added in 1.165) | A cross organization view connection was added | addCrossOrgViewConnections() |
organizations.cross-org-view.create | (added in 1.165) | A cross-organization view was created | createCrossOrgView() |
organizations.cross-org-view.remove-connections | (added in 1.165) | Remove connections for cross-organization view | |
organizations.cross-org-view.update-filters | (added in 1.165) | View connection filters for a cross-organization view have been updated | updateCrossOrgViewConnectionFilters() |
organizations.cross.change | A cross organization view was created or updated. | Repository and View Settings | |
organizations.link.create | A link between an organization and a "child" organization was created. | ||
organizations.link.unlink | All links for the organization were removed. | ||
organizations.link.unlink.child | Link to a child organization was removed. | ||
organizations.queryhandles.ownership-batch.update | Query ownership handles have been batch updated | Updating Organization Ownership for Existing Queries | |
organizations.securitypolicies.actions.update | The security policy for Actions has been updated | Change actions security policies | |
organizations.securitypolicies.shared-dashboards.update | Shared dashboard security policies have been updated | Dashboard security policies | |
organizations.securitypolicies.tokens.update | Security policy for API tokens has been updated | API token security policies | |
organizations.selected.batch | Event triggered by Falcon LogScale support performing an organization transfer to new cluster. | ||
organizations.subscription.change | Subscription changed for an organization | updateOrganizationSubscription() | |
organizations.transfer.user | A user has been invited to join and joined another organization | addUserV2() | |
organizations.update.foreignkey | Bad reference fixed in organization settings | updateOrganizationForeignKey() | |
organizations.users | Organization users have been updated | ||
organizations.users.batch | Certain users within an organization have been fixed or removed. | ||
orgtransfer-job-status.create | Event triggered by Falcon LogScale support performing an organization transfer to new cluster. | ||
orgtransfer-job-status.delete | Event triggered by Falcon LogScale support performing an organization transfer to new cluster. | ||
package.entity.create | An item (query, dashboard, widget) within a package has been changed | Package Management | |
package.entity.delete | An item (query, dashboard, widget) within a package has been deleted | Package Management | |
package.error | A package error has been triggered | Package Management | |
package.install | A package has been installed | Installing & Updating Packages | |
package.uninstall | A package has been uninstalled | Installing & Updating Packages | |
package.update | A package has been updated | Installing & Updating Packages | |
pager-duty-action.create | A PagerDuty action has been created | Action Type: PagerDuty | |
pager-duty-action.update | A PagerDuty action has been updated | Action Type: PagerDuty | |
parser.create | A parser has been created | Custom Parsers | |
parser.delete | A parser has been deleted | Custom Parsers | |
parser.update | A parser has been updated | updateParserV2() | |
partition.offset.set | Offset for an ingest partition was set | setOffsetForDatasourcesOnPartition() | |
permission.assignment.create | (available 1.161 to 1.167.0) | Permission granted | Asset permissions |
permission.assignment.create | Permission granted | Asset permissions | |
permission.assignment.delete | (available 1.161 to 1.167.0) | Permission removed. | Asset permissions |
permission.assignment.delete | (added in 1.160) | Permission removed. For more information, see Asset permissions. | |
permission.assignment.update | (added in 1.160) | Permission updated. | Asset permissions |
query-blocklist.add | Query blocklist has been created | Blocking Queries, addToBlocklist() , addToBlocklistById() | |
query-blocklist.remove | Query blocklist has been removed | Blocking Queries | |
query-quota.set | Query quota setting has been updated | Query Quotas | |
query.stop-all-queries | All queries have been stopped | stopAllQueries() | |
query.stop-exporting-queries | All Streaming (live) queries have been stopped | stopStreamingQueries() | |
query.stop-static-queries | All historical queries have been stopped | stopHistoricalQueries() | |
readonly.dashboard.accessed | A read-only dashboard has been accessed | Share Dashboards, Dashboard security policies | |
readonly.dashboard.update | A read-only dashboard has been updated | Dashboard security policies | |
redirectingest.org.clear | Redirect of ingest to target cluster has been cleared; event triggered by Falcon LogScale support performing an organization transfer to new cluster. | ||
redirectingest.org.update | Redirect of ingest to target cluster was set; event triggered by Falcon LogScale support performing an organization transfer to new cluster. | ||
repo.users | User access to a repo or view has been changed | Repository and View permissions, Manage Roles | |
repository.create | A repository has been created | Creating a Repository or View | |
role.create | New role created | createRole() , Manage Roles | |
role.delete | Role was deleted | removeRole() , Manage Roles | |
role.description.change | Role description was changed | ||
role.name.change | Name change of role | updateRole() , Manage Roles | |
role.objectaction.change | Role has been changed | updateRole() , Manage Roles | |
role.organizationmanagementpermissions.change | Organization management permissions for role changed | Organization Administration Permissions, Manage Roles | |
role.organizationpermissions.change | Role organization permissions have been changed | Organization Administration Permissions, Manage Roles | |
role.systempermissions.change | Role system permissions have been changed | Cluster Management Permissions, Manage Roles | |
role.viewpermissions.change | Role view or repository permissions have been changed | Repository and View permissions, Manage Roles | |
s3-action.create | (added in 1.221) | ||
s3-action.update | (added in 1.221) | ||
s3-archiving.configure | S3 archiving settings were changed | S3 Archiving | |
s3-archiving.disable | S3 archiving was disabled | S3 Archiving | |
s3-archiving.enable | S3 archiving was enabled | S3 Archiving | |
s3-archiving.restart | S3 archiving was restarted | S3 Archiving | |
saved-query.add-labels | (added in 1.215) | Label(s) added to saved query | addSavedQueryLabels() , Save searches |
saved-query.create | A saved query has been created | Saved Searches (User Functions) | |
saved-query.delete | A saved query has been deleted | Saved Searches (User Functions) | |
saved-query.remove-labels | (added in 1.215) | Label(s) removed from saved query | removeSavedQueryLabels() , Save searches |
saved-query.update | A saved query has been updated | Saved Searches (User Functions) | |
scheduled-search.add-labels | (added in 1.215) | Label(s) added to scheduled search | General properties, addScheduledSearchLabels() |
scheduled-search.clear-error | A scheduled search error condition has been cleared | Scheduled searches | |
scheduled-search.create | A scheduled search has been created | Creating a Scheduled Search | |
scheduled-search.delete | A scheduled search has been deleted | Scheduled searches | |
scheduled-search.remove-labels | (added in 1.215) | Label(s) removed from scheduled search | General properties, removeScheduledSearchLabels() |
scheduled-search.update | A scheduled search has been updated | Scheduled searches | |
segment.delete | A segment has been deleted | Mark Segment for Deletion | |
segment.unset-bucketId | (added in 1.219) | A bucket ID has been removed for a segment | |
sessions.change.config | Session settings for organization updated. | updateSessionSettings() , Session management | |
sessions.create | A user session has been created | Manage sessions within an organization | |
sessions.revoke | A user session has been revoked | revokeSession() , Manage sessions within an organization | |
slack-action.create | Slack action has been created | Action Type: Slack | |
slack-action.update | Slack action has been updated | Action Type: Slack | |
slack-post-message-action.create | Slack message action has been created | Action Type: Slack | |
slack-post-message-action.update | Slack message action has been updated | Action Type: Slack | |
sociallogin.settings.update | Social login options for an organization were updated | updateSocialLoginSettings() | |
subdomain.remove | Subdomain settings for an organization have been removed | SubdomainConfig , Authentication and Adding Collaborators | |
subdomain.set | Subdomain settings for an organization have been updated | SubdomainConfig , Authentication and Adding Collaborators | |
system-repository.create | LogScale system repository has been created | ||
tokens | API or security tokens have been updated | API Tokens | |
transfer.ingest-redirection | Event triggered by Falcon LogScale support performing an organization transfer to new cluster. | ||
transfer.metadata | Event triggered by Falcon LogScale support performing an organization transfer to new cluster. | ||
transfer.segment | Event triggered by Falcon LogScale support performing an organization transfer to new cluster. | ||
transfer.snapshot | TRANSFER_SNAPSHOT; event triggered by Falcon LogScale support performing an organization transfer to new cluster. | ||
transfercheckmark.org.update | Event triggered by Falcon LogScale support performing an organization transfer to new cluster. | ||
transfercheckmarks.org.update | Event triggered by Falcon LogScale support performing an organization transfer to new cluster. | ||
transferjob.added | A transfer job between clusters was added | ||
transferjob.cancelled | A transfer job was canceled | ||
transferstate.org.update | Event triggered by Falcon LogScale support performing an organization transfer to new cluster. | ||
upload-file-action.create | Update file action has been created | Action Type: Lookup File | |
upload-file-action.update | Update file action has been updated | Action Type: Lookup File | |
uploaded-file.add-labels | (added in 1.215) | Label(s) added to uploaded lookup file | Action Type: Lookup File, addFileLabels() , Lookup Files |
uploaded-file.create | A lookup file has been created | UploadFileAction , Create a Lookup File | |
uploaded-file.delete | An uploaded file has been deleted | Delete a lookup file | |
uploaded-file.remove-labels | (added in 1.215) | Label(s) removed from uploaded lookup file | Action Type: Lookup File, removeFileLabels() , Lookup Files |
uploaded-file.update | An uploaded file has been updated | UploadFileAction , Lookup Files | |
user.accept-standard-mandatory-dod-notice-and-consent | User has accepted the usage notice | ||
user.accept-terms | User has accepted the terms | acceptTermsAndConditions() | |
user.invite-accepted | User has accepted an invite | Manage Users | |
user.invited | A user has been invited to access the cluster | Manage Users | |
user.profile | User settings have been changed | Manage Users | |
user.roles.change | The roles assigned to a user have been changed | Manage Users | |
user.signin | User has signed in | Manage Users | |
user.signout | User has signed out (manually or automatically) | Manage Users | |
victor-ops-action.create | A VictorOps action has been created | Action Type: VictorOps (Splunk On-Call) | |
victor-ops-action.update | A VictorOps action has been updated | Action Type: VictorOps (Splunk On-Call) | |
view.delete | A repository or view has been deleted | Delete a Repository or View | |
view.rename | A repository or view has been renamed | Repository and View Settings | |
view.restore | A previously deleted view was restored | Delete a Repository or View | |
view.storage | A view has been created, or the description, search limit, or automatic searching has been updated. | ||
viewinteraction.create | A view interaction was created | Event List Interactions | |
viewinteraction.delete | A view interaction was deleted | Event List Interactions | |
viewinteraction.update | A view interaction was updated | Event List Interactions | |
webhook-action.create | A webhook action has been created | Action Type: Webhooks | |
webhook-action.update | A webhook action has been updated | Action Type: Webhooks |