Logs table

The logs table in the Log Search > Log discovery view lists log records according to search and filtering criteria. The fields available for a log record depend on the log source and how you process the logs. However, all logs contain the NXLog Agent core fields.

Core fields

The NXLog Agent adds the following fields to every log record it collects. The logs table displays these fields by default, and you can use them to search and filter your logs.

Table 1. NXLog Agent core fields
Field	Type	Description
EventReceivedTime	datetime	The date and time that the NXLog Agent received or collected the log record. The display format is `MM-DD-YYYY HH:MM:SS.SSS A`.
Hostname	string	The IP address or hostname where the event originated.
SourceModuleName	string	The user-defined name of the NXLog Agent input module instance that collected the log record.
SourceModuleType	string	The type of NXLog Agent input module instance (e.g., `im_file`).

Standard fields

Apart from the core fields described above, the NXLog Agent contains a set of standard fields common to several modules.

Table 2. NXLog Agent standard fields
Field	Type	Description
ErrorCode	integer	A number indicating the type of event. Error codes are vendor-specific and especially useful for event correlation.
EventTime	datetime	The date and time of the event.
EventType	string	This field describes the type of event according to the log source, e.g., for Windows events, it represents the severity (`CRITICAL`, `ERROR`, etc.), while for IBM AIX audit logs, it represents the type of audit event (`USER_Login`, `FILE_Unlink`, etc.)
Message	string	The event message. In most cases, it contains user-friendly information about the recorded event.
MessageSourceAddress	ipaddr	The IP address of the remote host. Available in network modules (e.g., `im_tcp`, `im_udp`, etc.)
ProcessID	string, integer	The ID of the process that generated the event.
Severity	string	Severity name corresponding to the SeverityValue. It can be one of `Debug` (1), `Info` (2), `Warning` (3), `Error` (4), and `Critical` (5).
SeverityValue	integer	NXLog Agent normalized severity value between 1-5.
SourceName	string	The application, service/daemon, or device that generated the event.

Custom fields

The NXLog Agent may create additional fields according to the log source and the configuration. All fields will be available to display as table columns or to search and filter the logs table.

Consult the relevant NXLog Agent module documentation for a list of fields each module creates.