Auth (IDAM)
Version 1.2
Please check back often. These tables are updated regularly to accommodate new fields as provided by vendors.
Field Name
Data Type
agent.type
text
cloud.account.id
text
cloud.instance.name
text
cloud.provider
text
cloud.region
text
cloud.service.name
text
destination.as.number
text
destination.as.organization.name
text
destination.geo.city_name
text
destination.geo.continent_code
text
destination.geo.country_code
text
destination.geo.country_name
text
destination.geo.location.lat
geopoint
destination.geo.location.lon
geopoint
destination.geo.region_name
text
destination.locality
text
error.description
text
event.action
text
event.category
array
event.created
date
event.dataset
text
event.id
text
event.kind
text
event.module
text
event.original
event.outcome
text
event.reason
text
event.severity
text
event.type
array
group.id
text
log.type
text
message
text
network.community_id
text
observer.type
text
organisation.id
text
related.hash
array
related.hosts
array
related.ip
array
related.user
array
rule.id
text
rule.name
text
sensor.id
text
source.as.number
text
source.as.organization.name
text
source.geo.city_name
text
source.geo.continent_code
text
source.geo.country_code
text
source.geo.country_name
text
source.geo.location.lat
geopoint
source.geo.location.lon
geopoint
source.geo.region_name
text
source.ip
ip
source.locality
text
source.port
int
source.user.email
text
source.user.group.name
text
source.user.id
text
source.user.name
text
threatintel.days
int
threatintel.entity
text
threatintel.event_data
text
threatintel.lookup
text
threatintel.malware.malware
text
threatintel.malware.timestamp
date/time
threatintel.severity
text
threatintel.tags
text
threatintel.white_list
text
user_agent.name
text
user_agent.original
text
user_agent.os.name
text
user_agent.version
text
user.email
text
user.first.name
text
user.full_name
text
user.id
text
user.last_name
text
user.name
text
user.principal_name
text
user.role
text
uuid
text
uuid.full_uuid
text