Versions Compared

Old Version 3

changes.mady.by.user Juan Tomás Alonso Nieto (Deactivated)

Saved on

compared with

New Version Current

changes.mady.by.user Juan Tomás Alonso Nieto (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Rw ui tabs macro
Rw tab
title141-146

Anchor
tag121
tag121
cloud.azure.vm.systemevent

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

hostname

str

 

 

hostIp

ip4

 

 

Computer

str

 

 

EventCategory

int4

 

 

EventData

str

 

 

EventID

int4

 

 

EventLevel

int4

 

 

EventLevelName

str

 

 

EventLog

str

 

 

MG

str

 

 

ManagementGroupName

str

 

 

ParameterXml

str

 

 

RenderedDescription

str

 

 

Source

str

 

 

SourceSystem

str

 

 

TenantId

str

 

 

TimeGenerated

timestamp

Code Block
parsedate(TimeGenerated_str, dateformat("YYYY-MM-DD[T]HH:mm:ss.SSSSSSS[Z]", "UTC"))

TimeGenerated_str

Type

str

 

 

UserName

str

 

 

service

str

 

 

serviceSid

str

 

 

serviceFileName

str

 

 

serviceType

str

 

 

serviceStartType

str

 

 

serviceAccount

str

 

 

ServicePrincipalNames

str

 

 

imagePath

str

 

 

startType

str

 

 

accountName

str

 

 

procId

str

 

 

procName

str

 

 

currentBias

str

 

 

currentTimeZoneID

str

 

 

deviceName

str

 

 

deviceNameLength

str

 

 

deviceTime

str

 

 

deviceVersionMajor

str

 

 

deviceVersionMinor

str

 

 

dirtyPages

str

 

 

exitReason

str

 

 

finalStatus

str

 

 

firstRefresh

str

 

 

hiveName

str

 

 

hiveNameLength

str

 

 

keysUpdated

str

 

 

newTime

str

 

 

oldTime

str

 

 

reason

str

 

 

tSId

str

 

 

timeZoneInfoCacheUpdated

str

 

 

param1

str

 

 

param2

str

 

 

param3

str

 

 

param4

str

 

 

param5

str

 

 

param6

str

 

 

param7

str

 

 

param8

str

 

 

param9

str

 

 

param10

str

 

 

EventData_data

str

 

 

EventData_unkData

str

 

 

Internal_WorkspaceResourceId

str

 

 

ResourceId

str

 

 

at_devo_collector_version

int4

 

 

at_entry_offset

str

 

 

at_enqueued_time

timestamp

 

 

hostchain

str

 

 

tag

str

 

 

rawMessage

str

 

 

Anchor
tag122
tag122
cloud.azure.vm.unix

Field

Type

Extra fields

eventdate

timestamp

 

hostname

str

 

Computer

str

 

EventTime

str

 

Facility

str

 

HostIP

ip4

 

HostName

str

 

MG

str

 

ProcessName

str

 

ProcessID

int4

 

SeverityLevel

str

 

SourceSystem

str

 

SyslogMessage

str

 

srcUser

str

 

action

str

 

tty

str

 

pwd

str

 

user

str

 

cmd

str

 

obj

str

 

srcIp

ip4

 

srcPort

int4

 

attempt

int4

 

device

str

 

session

str

 

msg

str

 

srceventdate

timestamp

 

pid

str

 

uid

int4

 

euid

str

 

auid

str

 

ses

str

 

ruser

str

 

rhost

ip4

 

arch

str

 

syscall

str

 

success

str

 

exit

str

 

op

str

 

grantors

str

 

addr

str

 

type

str

 

res

str

 

terminal

str

 

comm

str

 

msg2

str

 

TenantId

str

 

TimeGenerated

str

 

Type

str

 

Internal_WorkspaceResourceId

str

 

ResourceId

str

 

at_devo_collector_version

int4

 

at_entry_offset

str

 

at_enqueued_time

timestamp

 

hostchain

str

tag

str

rawMessage

str

Anchor
tag123
tag123
cloud.azure.vm.unknown_events

Field

Type

Extra fields

eventdate

timestamp

hostname

str

SourceSystem

str

Internal_WorkspaceResourceId

str

ResourceId

str

at_devo_collector_version

int4

at_entry_offset

str

at_enqueued_time

timestamp

message

str

hostchain

str

tag

str

Anchor
tag124
tag124
cloud.azure.vmscalesets.administrative

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

hostname

str

 

 

region

str

 

 

roleLocation

str

 

 

timestamp

timestamp

Code Block
parsedate(time, dateformat("YYYY-MM-DD[T]HH:mm:ss.SSSSSSS[Z]", "UTC"))

time

resourceId

str

 

 

operationName

str

 

 

category

str

 

 

resultType

str

 

 

resultSignature

str

 

 

durationMs

str

 

 

callerIpAddress

ip4

 

 

correlationId

str

 

 

identity__authorization__scope

str

 

 

identity__authorization__action

str

 

 

identity__authorization__evidence__role

str

 

 

identity__authorization__evidence__roleAssignmentScope

str

 

 

identity__authorization__evidence__roleAssignmentId

str

 

 

identity__authorization__evidence__roleDefinitionId

str

 

 

identity__authorization__evidence__principalId

str

 

 

identity__authorization__evidence__principalType

str

 

 

identity__claims

json

 

 

identity__claims__aud

str

 

 

identity__claims__iss

str

 

 

identity__claims__iat

str

 

 

identity__claims__nbf

str

 

 

identity__claims__exp

str

 

 

identity__claims__aio

str

 

 

identity__claims__appid

str

 

 

identity__claims__appidacr

str

 

 

identity__claims__groups

str

 

 

identity__claims__rh

str

 

 

identity__claims__uti

str

 

 

identity__claims__ver

str

 

 

identity__claims__xms_tcdt

str

 

 

level

str

 

 

properties__eventCategory

str

 

 

properties__entity

str

 

 

properties__message

str

 

 

properties__hierarchy

str

 

 

tenantId

str

 

 

at_devo_collector_version

int4

 

 

at_entry_offset

str

 

 

at_enqueued_time

timestamp

 

 

hostchain

str

 

 

tag

str

 

 

rawMessage

str

 

 

Anchor
tag125
tag125
cloud.azure.vmscalesets.autoscale

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

hostname

str

 

 

region

str

 

 

timestamp

timestamp

Code Block
parsedate(time, dateformat("YYYY-MM-DD[T]HH:mm:ss.SSSSSSS[Z]", "UTC"))

time

resourceId

str

 

 

correlationId

str

 

 

operationName

str

 

 

level

str

 

 

resultType

str

 

 

resultDescription

str

 

 

category

str

 

 

properties__eventCategory

str

 

 

properties__eventName

str

 

 

properties__operationId

str

 

 

properties__eventProperties__OldInstancesCount

int4

 

 

properties__eventProperties__NewInstancesCount

int4

 

 

at_devo_collector_version

int4

 

 

at_entry_offset

str

 

 

at_enqueued_time

timestamp

 

 

hostchain

str

 

 

tag

str

 

 

rawMessage

str

 

 

Anchor
tag126
tag126
cloud.azure.vmscalesets.policy

Field

Type

Extra fields

eventdate

timestamp

hostname

str

region

str

roleLocation

str

timestamp

timestamp

resourceId

str

operationName

str

category

str

resultType

str

resultSignature

str

durationMs

str

callerIpAddress

ip4

correlationId

str

identity__authorization__scope

str

identity__authorization__action

str

identity__authorization__evidence__role

str

identity__authorization__evidence__roleAssignmentScope

str

identity__authorization__evidence__roleAssignmentId

str

identity__authorization__evidence__roleDefinitionId

str

identity__authorization__evidence__principalId

str

identity__authorization__evidence__principalType

str

identity__claims

json

identity__claims__aud

str

identity__claims__iss

str

identity__claims__iat

str

identity__claims__nbf

str

identity__claims__exp

str

identity__claims__aio

str

identity__claims__appid

str

identity__claims__appidacr

str

identity__claims__groups

str

identity__claims__rh

str

identity__claims__uti

str

identity__claims__ver

str

identity__claims__xms_tcdt

str

level

str

properties__isComplianceCheck

str

properties__resourceLocation

str

properties__ancestors

str

properties__policies

json

properties__eventCategory

str

properties__entity

str

properties__message

str

properties__hierarchy

str

tenantId

str

at_devo_collector_version

int4

at_entry_offset

str

at_enqueued_time

timestamp

hostchain

str

tag

str

rawMessage

str

Rw tab
title147-152

Anchor
tag127
tag127
cloud.azure.vmscalesets.resourcehealth

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

hostname

str

 

 

region

str

 

 

timestamp

timestamp

Code Block
parsedate(time, dateformat("YYYY-MM-DD[T]HH:mm:ss.SSSSSSS[Z]", "UTC"))

time

resourceId

str

 

 

correlationId

str

 

 

operationName

str

 

 

level

str

 

 

resultType

str

 

 

category

str

 

 

properties__eventCategory

str

 

 

properties__eventProperties__title

str

 

 

properties__eventProperties__details

str

 

 

properties__eventProperties__currentHealthStatus

str

 

 

properties__eventProperties__previousHealthStatus

str

 

 

properties__eventProperties__type

str

 

 

properties__eventProperties__cause

str

 

 

at_devo_collector_version

int4

 

 

at_entry_offset

str

 

 

at_enqueued_time

timestamp

 

 

hostchain

str

 

 

tag

str

 

 

rawMessage

str

 

 

Anchor
tag128
tag128
cloud.azure.vngateways.ikediagnos

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

hostname

str

 

 

region

str

 

 

resourceid

str

 

 

category

str

 

 

operationName

str

 

 

timestamp

timestamp

Code Block
parsedate(time, dateformat("YYYY-MM-DD[T]HH:mm:ss.SSSSSSS[Z]", "UTC"))

time

level

str

 

 

properties__message

str

 

 

properties__instance

str

 

 

clientOperationId

str

 

 

correlationRequestId

str

 

 

at_devo_collector_version

int4

 

 

at_entry_offset

str

 

 

at_enqueued_time

timestamp

 

 

hostchain

str

 

 

tag

str

 

 

rawMessage

str

 

 

Anchor
tag129
tag129
cloud.azure.wad.waddirectories

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

region

str

 

role

str

 

roleInstance

str

 

partitionKey

str

 

rowKey

str

 

timestamp

str

 

absolutePath

str

 

container

str

 

deploymentId

str

 

eventTickCount

int8

 

relativePath

str

 

rootDir

str

 

hostchain

str

 

tag

str

 

rawMessage

str

rawSource

Anchor
tag130
tag130
cloud.azure.wad.wadperformancecounters

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

region

str

 

role

str

 

roleInstance

str

 

partitionKey

str

 

rowKey

str

 

timestamp

str

 

eventTickCount

int8

 

deploymentId

str

 

counterName

str

 

counterValue

float8

 

hostchain

str

 

tag

str

 

rawMessage

str

rawSource

Anchor
tag131
tag131
cloud.azure.wad.wadwindowseventlogs

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

region

str

 

role

str

 

roleInstance

str

 

partitionKey

str

 

rowKey

str

 

timestamp

str

 

channel

str

 

deploymentId

str

 

eventId

int4

 

eventTickCount

int8

 

level

int4

 

pid

int4

 

providerGuid

str

 

providerName

str

 

description

str

 

tid

int4

 

rawXml

str

 

hostchain

str

 

tag

str

 

rawMessage

str

rawSource

Anchor
tag132
tag132
cloud.azure.workflows.workflow_runtime

Field

Type

Extra fields

eventdate

timestamp

 

hostname

str

 

region

str

 

time

str

 

workflow_id

str

 

resource_id

str

 

category

str

 

level2

str

 

operation_name

str

 

properties__dollar_schema

timestamp

 

properties__start_time

str

 

properties__end_time

str

 

properties__status

str

 

properties__execution_cluster_type

str

 

properties__resource__subscription_id

str

 

properties__resource__resource_group_name

str

 

properties__resource__workflow_id

str

 

properties__resource__workflow_name

str

 

properties__resource__run_id

str

 

properties__resource__location

str

 

properties__resource__action_name

str

 

properties__correlation__action_tracking_id

str

 

properties__correlation__client_tracking_id

str

 

location

str

 

at_devo_collector_version

int4

 

at_entry_offset

str

 

at_enqueued_time

timestamp

 

hostchain

str

tag

str

rawMessage

str