Location

Web Console Display Name	Lucene Search Syntax	Field Description
Country (Impacted) Country (Origin)	impactedCountry originCountry	The country involved in the log activity: Country (Impacted) is the destination area. Country (Origin) is the source area. The Country values are derived from the LogRhythm Enterprise's GeoLocation feature.
Entity (Impacted) Entity (Origin)	impactedEntityName originEntityName	The resolved host entities involved in the log data: Entity (Impacted) is the destination host. Entity (Origin) is the source host. An Entity is a record that represents a logical grouping of LogRhythm Enterprise or log objects in the enterprise. Administrators define Entities for security management and organization.
Location (Impacted) Location (Origin)	impactedLocation originLocation	The geographic area involved in the log activity: Location (Origin) is the source area. Location (Impacted) is the destination area. The Location values are derived from the LogRhythm Enterprise's GeoLocation feature.
Region (Impacted) Region (Origin)	impactedRegion originRegion	The region involved in the log activity: Region (Origin) is the source area. Region (Impacted) is the destination area. The Region values are derived from theLogRhythm Enterprise's GeoLocation feature.
Root Entity	rootEntityId	The root entity (top-most entity) for a log source. In the search syntax, provide the ID number that the root entity is mapped to in the LogRhythm Client Console, rather than the name of the root entity.
Zone (Impacted) Zone (Origin)	impactedZoneName originZoneName	The resolved zone (Internal, External, or DMZ) that LogRhythm identified in the log activity: Zone (Origin) is the source zone. Zone (Impacted) is the destination zone. Administrators assign zones in the Host records and Network records.