Location | LogRhythm Documentation

Web Console Display Name	Lucene Search Syntax	Field Description
Country (Impacted) Country (Origin)	impactedCountry originCountry	The country involved in the log activity: Country (Impacted) is the destination area. Country (Origin) is the source area. The Country values are derived from the LogRhythm SIEM's GeoLocation feature.
Entity (Impacted) Entity (Origin)	impactedEntityName originEntityName	The resolved host entities involved in the log data: Entity (Impacted) is the destination host. Entity (Origin) is the source host. An Entity is a record that represents a logical grouping of LogRhythm SIEM or log objects in the SIEM. Administrators define Entities for security management and organization.
Location (Impacted) Location (Origin)	impactedLocation originLocation	The geographic area involved in the log activity: Location (Origin) is the source area. Location (Impacted) is the destination area. The Location values are derived from the LogRhythm SIEM's GeoLocation feature.
Region (Impacted) Region (Origin)	impactedRegion originRegion	The region involved in the log activity: Region (Origin) is the source area. Region (Impacted) is the destination area. The Region values are derived from theLogRhythm SIEM's GeoLocation feature.
Root Entity	rootEntityId	The root entity (top-most entity) for a log source. In the search syntax, provide the ID number that the root entity is mapped to in the LogRhythm Client Console, rather than the name of the root entity.
Zone (Impacted) Zone (Origin)	impactedZoneName originZoneName	The resolved zone (Internal, External, or DMZ) that LogRhythm identified in the log activity: Zone (Origin) is the source zone. Zone (Impacted) is the destination zone. Administrators assign zones in the Host records and Network records.

Web Console Display Name

Lucene Search Syntax

Field Description

Country (Impacted)

Country (Origin)

impactedCountry

originCountry

The country involved in the log activity:

Country (Impacted) is the destination area.
Country (Origin) is the source area.

The Country values are derived from the LogRhythm SIEM's GeoLocation feature.

Entity (Impacted)

Entity (Origin)

impactedEntityName

originEntityName

The resolved host entities involved in the log data:

Entity (Impacted) is the destination host.
Entity (Origin) is the source host.

An Entity is a record that represents a logical grouping of LogRhythm SIEM or log objects in the SIEM. Administrators define Entities for security management and organization.

Location (Impacted)

Location (Origin)

impactedLocation

originLocation

The geographic area involved in the log activity:

Location (Origin) is the source area.
Location (Impacted) is the destination area.

The Location values are derived from the LogRhythm SIEM's GeoLocation feature.

Region (Impacted)

Region (Origin)

impactedRegion

originRegion

The region involved in the log activity:

Region (Origin) is the source area.
Region (Impacted) is the destination area.

The Region values are derived from theLogRhythm SIEM's GeoLocation feature.

Root Entity

rootEntityId

The root entity (top-most entity) for a log source.

In the search syntax, provide the ID number that the root entity is mapped to in the LogRhythm Client Console, rather than the name of the root entity.

Zone (Impacted)

Zone (Origin)

impactedZoneName

originZoneName

The resolved zone (Internal, External, or DMZ) that LogRhythm identified in the log activity:

Zone (Origin) is the source zone.
Zone (Impacted) is the destination zone.

Administrators assign zones in the Host records and Network records.