Logs table

The logs table in the Log Search > Log discovery view lists log records according to search and filtering criteria. The fields available for a log record depend on the log source and how you process the logs. However, all logs contain the NXLog Agent core fields.

Core fields

The NXLog Agent adds the following fields to every log record it collects. The logs table displays these fields by default, and you can use them to search and filter your logs.

Table 1. NXLog Agent core fields
Field Type Description

EventReceivedTime

datetime

The date and time that the NXLog Agent received or collected the log record. The display format is MM-DD-YYYY HH:MM:SS.SSS A.

Hostname

string

The IP address or hostname where the event originated.

SourceModuleName

string

The user-defined name of the NXLog Agent input module instance that collected the log record.

SourceModuleType

string

The type of NXLog Agent input module instance (e.g., im_file).

Standard fields

Apart from the core fields described above, the NXLog Agent contains a set of standard fields common to several modules.

Table 2. NXLog Agent standard fields
Field Type Description

ErrorCode

integer

A number indicating the type of event. Error codes are vendor-specific and especially useful for event correlation.

EventTime

datetime

The date and time of the event.

EventType

string

This field describes the type of event according to the log source, e.g., for Windows events, it represents the severity (CRITICAL, ERROR, etc.), while for IBM AIX audit logs, it represents the type of audit event (USER_Login, FILE_Unlink, etc.)

Message

string

The event message. In most cases, it contains user-friendly information about the recorded event.

MessageSourceAddress

ipaddr

The IP address of the remote host. Available in network modules (e.g., im_tcp, im_udp, etc.)

ProcessID

string, integer

The ID of the process that generated the event.

Severity

string

Severity name corresponding to the SeverityValue. It can be one of Debug (1), Info (2), Warning (3), Error (4), and Critical (5).

SeverityValue

integer

NXLog Agent normalized severity value between 1-5.

SourceName

string

The application, service/daemon, or device that generated the event.

Custom fields

The NXLog Agent may create additional fields according to the log source and the configuration. All fields will be available to display as table columns or to search and filter the logs table.

Consult the relevant NXLog Agent module documentation for a list of fields each module creates.