Skip to main content


Web Console Display Name
Lucene Search Syntax
Field Description

Country (Impacted)

Country (Origin)



The country involved in the log activity:

  • Country (Impacted) is the destination area.
  • Country (Origin) is the source area.

The Country values are derived from the LogRhythm SIEM's GeoLocation feature.

Entity (Impacted)

Entity (Origin)



The resolved host entities involved in the log data:

  • Entity (Impacted) is the destination host.
  • Entity (Origin) is the source host.

An Entity is a record that represents a logical grouping of LogRhythm SIEM or log objects in the SIEM. Administrators define Entities for security management and organization.

Location (Impacted)

Location (Origin)



The geographic area involved in the log activity:

  • Location (Origin) is the source area.
  • Location (Impacted) is the destination area.

The Location values are derived from the LogRhythm SIEM's GeoLocation feature.

Region (Impacted)

Region (Origin)



The region involved in the log activity:

  • Region (Origin) is the source area.
  • Region (Impacted) is the destination area.

The Region values are derived from theLogRhythm SIEM's GeoLocation feature.

Root Entity


The root entity (top-most entity) for a log source.

In the search syntax, provide the ID number that the root entity is mapped to in the LogRhythm Client Console, rather than the name of the root entity.

Zone (Impacted)

Zone (Origin)



The resolved zone (Internal, External, or DMZ) that LogRhythm identified in the log activity:

  • Zone (Origin) is the source zone.
  • Zone (Impacted) is the destination zone.

Administrators assign zones in the Host records and Network records.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.