GIM Fields

The gim fields are meta fields used by Graylog to assign a standard category, subcategory, and type to messages.

GIM Fields

Field Name	Example Values	Field Type	Notes
gim_event_type_code	100000	long	This field is assigned during the normalization process. Based on this field messages will have category, subcategory, and type fields applied.

GIM Derived fields (These fields are added to messages during the enrichment process)

Field Name	Example Values	Field Type	Notes
gim_event_category	process, audit, authentication	keyword	The category the associated log message falls under. Message categories are groupings of related messages that often have common fields.
gim_event_class	endpoint, protocol	keyword	This is an optional field that is used for related categories. For example, the process and service categories are part of the Endpoint gim_event_class, among others.
gim_event_type	network connection	keyword	A description of the event described in the associated log message.
gim_event_subcategory	credential validation, process	keyword	A secondary grouping of events under a category where individual events share many common characteristics.