Logs table

The logs table in the Log Search > Log discovery view lists log records according to search and filtering criteria. The fields available for a log record depend on the log source and how you process the logs. However, all logs contain the NXLog Agent core fields.

Core fields

NXLog Agent adds the following fields to every log record it collects.

Table 1. NXLog Agent core fields
Field	Type	Description
EventReceivedTime	datetime	The date and time that NXLog Agent received or collected the log record. The format is `YYYY-MM-DD HH:MM:SS.SSS AM/PM`.
Hostname	string	The IP address or hostname where the event originated. This field is displayed by default on the Log discovery view.
SourceModuleName	string	The user-defined name of the NXLog Agent input module instance that collected the log record.
SourceModuleType	string	The type of NXLog Agent input module instance. For example, `im_file`.

Standard fields

Apart from the core fields described above, NXLog Agent contains a set of standard fields common to several modules.

Table 2. NXLog Agent standard fields
Field	Type	Description
_id	integer	Internal unique identifier of the log record.
AccountName	string	Name of the user who initiated the action described in the log entry.
ErrorCode	integer	A number indicating the type of event. Error codes are vendor-specific and especially useful for event correlation.
EventID	integer	Windows Event ID.
EventTime	datetime	The date and time of the event. The format is `YYYY-MM-DD HH:MM:SS.SSS AM/PM`. This field is displayed by default on the Log discovery view.
Message	string	The event message. In most cases, it contains user-friendly information about the recorded event. This field is displayed by default on the Log discovery view.
MessageSourceAddress	ipaddr	The IP address of the remote host. Available in network modules, such as `im_tcp`, `im_udp`, etc.
ModuleName	string	The name of the module instance which generated the internal log event. This field is only used for NXLog Platform application logs. If this field is used, the SourceModuleName field will identify the current `im_internal` instance.
ModuleType	string	The type of the module (such as `im_file`) which generated the internal log event. This field is only used for NXLog Platform application logs.
ProcessID	string, integer	The ID of the process that generated the event.
Severity	string	Severity name corresponding to the SeverityValue. It can be one of `Debug` (1), `Info` (2), `Warning` (3), `Error` (4), and `Critical` (5).
SeverityValue	integer	NXLog Agent normalized severity value between 1 and 5.
SourceName	string	The application, service/daemon, or device that generated the event.
SpanID	string	Identifier of the span. This field is only used by OpenTelemetry event records.
TargetUserName	string	Name of the user who was the target of the action described in the log entry.
TraceFlags	integer	Options for the trace. This field is only used by OpenTelemetry event records.
TraceID	string	Identifier of the trace. This field is only used for OpenTelemetry event records.

Custom fields

NXLog Agent may create additional fields according to the log source and the configuration. All fields will be available to display as table columns or to search and filter the logs table.

See the relevant NXLog Agent module documentation for the list of fields the module creates.