GIM Fields

The gim fields are meta fields used by Graylog to assign a standard category, subcategory, and type to messages.

GIM Fields
Field Name Example Values Field Type Notes
gim_event_type_code 100000 long This field is assigned during the normalization process. Based on this field messages will have category, subcategory, and type fields applied.
GIM Derived fields (These fields are added to messages during the enrichment process)
Field Name Example Values Field Type Notes
gim_event_type network connection keyword A description of the event described in the associated log message.
gim_category endpoint, authentication keyword The category the associated log message falls under. Message categories are groupings of messages with some common charactaristics.
gim_subcategory credential validation, process keyword A secondary grouping of events under a category where individual events share many common characteristics.