Logs table

The table in the Logs > Log search > Log discovery view lists records according to search and filtering criteria. The fields available for a record depend on the log source and how you process the data. However, all records contain the NXLog Agent core fields.

Core fields

NXLog Agent adds the following fields to every record it collects.

Table 1. NXLog Agent core fields
Field	Type	Description
`EventReceivedTime`	datetime	The date and time that NXLog Agent received or collected the record. The format is `YYYY-MM-DD HH:MM:SS.SSS AM/PM`.
`Hostname`	string	The IP address or hostname where the data originated. This field is displayed by default on the Log discovery view.
`SourceModuleName`	string	The user-defined name of the NXLog Agent input module instance that collected the record.
`SourceModuleType`	string	The type of NXLog Agent input module instance. For example, `im_file`.

Standard fields

Apart from the core fields described above, NXLog Agent contains a set of standard fields common to several modules.

Table 2. NXLog Agent standard fields
Field	Type	Description
`_id`	integer	Internal unique identifier of the record.
`AccountName`	string	Name of the user who initiated the action described in the event.
`ErrorCode`	integer	A number indicating the type of event. Error codes are vendor-specific and especially useful for event correlation.
`EventID`	integer	Windows Event ID.
`EventTime`	datetime	The date and time of the event. The format is `YYYY-MM-DD HH:MM:SS.SSS AM/PM`. This field is displayed by default on the Log discovery view.
`Message`	string	The event message. In most cases, it contains user-friendly information about the recorded event. This field is displayed by default on the Log discovery view.
`MessageSourceAddress`	ipaddr	The IP address of the remote host. Available in network modules, such as `im_tcp`, `im_udp`, etc.
`ModuleName`	string	The name of the module instance that generated the internal event. This field is only used for NXLog Platform system logs. If this field is used, the SourceModuleName field will identify the current `im_internal` instance.
`ModuleType`	string	The type of module, such as `im_file`, that generated the internal event. This field is only used for NXLog Platform system logs.
`ProcessID`	string, integer	The ID of the process that generated the event.
`Severity`	string	Severity name corresponding to the SeverityValue. It can be one of `Debug` (1), `Info` (2), `Warning` (3), `Error` (4), and `Critical` (5).
`SeverityValue`	integer	NXLog Agent normalized severity value between 1 and 5.
`SourceName`	string	The application, service/daemon, or device that generated the event.
`SpanID`	string	Identifier of the span. This field is only used by OpenTelemetry event records.
`TargetUserName`	string	Name of the user who was the target of the action described in the event.
`TraceFlags`	integer	Options for the trace. This field is only used by OpenTelemetry event records.
`TraceID`	string	Identifier of the trace. This field is only used for OpenTelemetry event records.

Custom fields

NXLog Agent may create additional fields according to the log source and the configuration. All fields will be available to display as table columns or to search and filter the data.

See the relevant NXLog Agent module documentation for the list of fields the module creates.