Logs table
The logs table in the Log Search > Log discovery view lists log records according to search and filtering criteria. The fields available for a log record depend on the log source and how you process the logs. However, all logs contain the NXLog Agent core fields.
Core fields
NXLog Agent adds the following fields to every log record it collects.
Field | Type | Description |
---|---|---|
EventReceivedTime |
The date and time that NXLog Agent received or collected the log record.
The format is |
|
Hostname |
The IP address or hostname where the event originated. This field is displayed by default on the Log discovery view. |
|
SourceModuleName |
The user-defined name of the NXLog Agent input module instance that collected the log record. |
|
SourceModuleType |
The type of NXLog Agent input module instance.
For example, |
Standard fields
Apart from the core fields described above, NXLog Agent contains a set of standard fields common to several modules.
Field | Type | Description |
---|---|---|
_id |
Internal unique identifier of the log record. |
|
AccountName |
Name of the user who initiated the action described in the log entry. |
|
ErrorCode |
A number indicating the type of event. Error codes are vendor-specific and especially useful for event correlation. |
|
EventID |
Windows Event ID. |
|
EventTime |
The date and time of the event.
The format is This field is displayed by default on the Log discovery view. |
|
Message |
The event message. In most cases, it contains user-friendly information about the recorded event. This field is displayed by default on the Log discovery view. |
|
MessageSourceAddress |
The IP address of the remote host.
Available in network modules, such as |
|
ModuleName |
The name of the module instance which generated the internal log event.
This field is only used for NXLog Platform application logs.
If this field is used, the SourceModuleName field will identify the current |
|
ModuleType |
The type of the module (such as |
|
ProcessID |
The ID of the process that generated the event. |
|
Severity |
Severity name corresponding to the SeverityValue.
It can be one of |
|
SeverityValue |
NXLog Agent normalized severity value between 1 and 5. |
|
SourceName |
The application, service/daemon, or device that generated the event. |
|
SpanID |
Identifier of the span. This field is only used by OpenTelemetry event records. |
|
TargetUserName |
Name of the user who was the target of the action described in the log entry. |
|
TraceFlags |
Options for the trace. This field is only used by OpenTelemetry event records. |
|
TraceID |
Identifier of the trace. This field is only used for OpenTelemetry event records. |