| event_code |
4624, 1 |
keyword |
Vendor-provided numeric event defined by the vendor representing the source message type, e.g. EventCode/Event ID for Microsoft |
| event_created |
2020-02-20 08:00:00, 1602080607 |
date |
Date/time that the event was created |
| event_duration |
10293874 |
long |
Length of time in seconds for the event being described |
| event_end |
2021-03-26T11:25:13.113UTC |
date |
Date/time that event concluded |
| event_error_code |
0xC00008 |
keyword |
Vendor-provided error code associated with the current message |
| event_error_description |
ERROR_ACCESS_DENIED, Not Found |
keyword |
Description of error associated with the current message |
| event_log_name |
security, auth.log |
keyword |
Reference to log - “Security” “auth.log”, etc. |
| event_observer_hostname |
|
keyword/loweronly |
Hostname or FQDN of a system such as an IDS or IPS that generates an message (such as an alert) based on inspection of a thing, such as network traffic. |
| event_observer_id |
234cd78sc |
keyword |
Unique ID of the Observer Device, Serial Number, etc |
| event_observer_ip |
10.1.2.3, fe80:5cc3:11:4::2c |
ip |
IP address of the event observer |
| event_observer_uid |
|
keyword |
Unique identifier (such as a serial number or asset ID) associated with the event observer |
| event_received_time |
2020-02-20 08:00:00, 1602080607 |
date |
Date/time that the event was received by the reporting host. Normally applicable to logs relayed by a centralized log server. |
| event_repeat_count |
5, 3, 9185 |
long |
Count of times a message has been repeated - provided by log creator/processor |
| event_reporter |
|
keyword |
System that delivered the message to Graylog - a WEC server, syslog collector, etc. |
| event_source |
|
keyword |
Source system that generated the event |
| event_source_api_version |
|
keyword |
API version of source where logs are collected via API |
| event_source_product |
windows, linux, okta |
keyword |
System responsible for generating the event, e.g. “windows”, “okta”, etc. |
| event_start |
2020-02-20 08:00:00, 1602080607 |
date |
Beginning time of an event described in a log message, usually associated with an event that has a duration. |
| event_uid |
1123523564, 0122e2b3-9923-11ea-ab51-061b68b4ca16 |
keyword |
Unique identification associated with a single event/message (e.g, “record number” from Windows event logs, a Graylog message ID) |