|Web Console Display Name||Lucene Search Syntax||Field Description|
An action taken by a device.
Integer value representing a quantity.
A network protocol or a web application impacted by the event generated from the log message.
The "unknown" category is an aggregation of applications that have not been classified.
The name of an executed command within the metadata (for example: login, get, or put).
Running time of a session, job, activity, etc.
The digital signature, or mathematical equivalent, of the file that retrieves data from a URL or is the combination of other downloaded files.
Known application or service, such as HTTP, POP3, or Telnet. An application is known if LogRhythm can match the protocol number from the log to a service name in the Events Database.
Resource that is referenced or impacted by the log activity. An object can include a file, file path, registry key, etc.
The Object field contains the full path and name, but objectName only stores the object name.
A pair with an Object and an Object Name (for example, the content type from HTTP logs).
Parent Process ID
An ID number for a service or process running on a device, also known as PID.
Parent Process Name
The name of a process currently running on a system.
Parent Process Path
The logical storage path for a given process.
The specific policy referenced (i.e., Firewall, Proxy) in a log message.
Name or value that identifies a process (for example, "inetd" or "sshd").
The ID associated with a process.
Rate of an item.
The justification for an action or result when not an explicit policy.
The explicit and well-defined response code for an action or command captured in a log. Response Code differs from Result in that response code should be well-structured and easily identifiable as a code.
The outcome of a command operation or action (for example, the result of "quarantine" might be "success").
The type of session described in the log (e.g., console, CLI, web). Unique from IANA Protocol.
The size of an item, which depends on the log type (for example, logs relating to firewalls may show the size or length of a packet).
The vendor's perspective on the state of a system, process, or entity. Status should NOT be used as the result of an action.
Email subject line. For non-email logs, this field could represent the subject in some form of communicated information.
An Identification Number specified for a given threat, as defined from a third-party security system or device, such as a firewall, IPS/IDS, AV, Endpoint Protection System, etc.
The User Agent string from web server logs.
A value that represents a version (OS version, patch version, doc version, etc.).