changes.mady.by.user Juan Tomás Alonso Nieto
Saved on Jun 05, 2023
Saved on Jul 18, 2024
cloud.azure.hostpools
cloud.azure.hostpools.agenthealthstatus
cloud.azure.hostpools.checkpoint
cloud.azure.hostpools.connection
cloud.azure.hostpools.error
Field
Type
Source field name
Extra fields
eventdate
timestamp
hostname
str
region
type
vtype
host_Ring
Level
ActivityId
time
resourceId
operationName
category
properties_SessionHostName
properties_SessionHostResourceId
properties_AgentVersion
properties_OsVersion
properties_SxSStackVersion
properties_LastHeartBeat
properties_EndpointState
properties_UpgradeState
properties_UpgradeErrorMsg
properties_LastUpgradeTimeStamp
properties_SessionHostHealthCheckResult
properties_ActiveSessions
properties_InactiveSessions
properties_State
properties_ClientOS
properties_ClientVersion
properties_ClientType
properties_PlatformName
properties_PlatformVersion
properties_PredecessorConnectionId
properties_ResourceType
properties_ResourceAlias
properties_SessionHostAzureVmId
properties_SessionHostIPAddress
ip4
properties_SessionHostAgentVersion
properties_SessionHostOSDescription
properties_SessionHostOSVersion
properties_SessionHostSxSStackVersion
properties_SessionHostSessionId
properties_AadTenantId
properties_GatewayRegion
properties_UdpUse
properties_Name
properties_Source
properties_Parameters
properties_ActivityType
properties_Code
properties_CodeSymbolic
properties_Message
properties_ServiceError
properties_Route
properties_ObjectsFetched
properties_ObjectsCreated
properties_ObjectsUpdated
properties_ObjectsDeleted
resultType
durationMs
int4
callerIpAddress
correlationId
identity_UserName
hostchain
✓
tag
rawMessage
cloud.azure.hostpools.management
cloud.azure.keyvault.administrative
cloud.azure.keyvault.audit
cloud.azure.keyvault.azure_monitor
cloud.azure.keyvault.policy
Field transformation
roleLocation
parsedate(time, dateformat("YYYY-MM-DD[T]HH:mm:ss.SSSSSSS[Z]", "UTC"))
resultSignature
identity__authorization__scope
identity__authorization__action
identity__authorization__evidence__role
identity__authorization__evidence__roleAssignmentScope
identity__authorization__evidence__roleAssignmentId
identity__authorization__evidence__roleDefinitionId
identity__authorization__evidence__principalId
identity__authorization__evidence__principalType
identity__claims
json
identity__claims__aud
identity__claims__iss
identity__claims__iat
identity__claims__nbf
identity__claims__exp
identity__claims__aio
identity__claims__appid
identity__claims__appidacr
identity__claims__groups
identity__claims__rh
identity__claims__uti
identity__claims__ver
identity__claims__xms_mirid
identity__claims__xms_tcdt
level
properties__statusCode
properties__serviceRequestId
properties__eventCategory
properties__entity
properties__message
properties__hierarchy
tenantId
at_devo_collector_version
at_entry_offset
at_enqueued_time
identity__claim
identity__claim__appid
properties__id
properties__clientInfo
properties__httpStatusCode
properties__requestUri
properties__isAccessPolicyMatch
bool
properties__subnetId
properties__isAddressAuthorized
properties__addrAuthType
operationVersion
average
total
timeGrain
metricName
count
maximum
minimum
properties__isComplianceCheck
properties__resourceLocation
properties__ancestors
properties__policies
properties__createdResources
properties__updatedResources
properties__deplymentProvisioningState
properties__deploymentId
cloud.azure.keyvault.policy_evaluation_details
cloud.azure.managedclusters
cloud.azure.managedclusters.cloud_controller_manager
cloud.azure.managedclusters.csi_azuredisk_controller
cloud.azure.managedclusters.csi_azurefile_controller
identity
properties
properties__objectName
properties__objectType
properties__isComplianceCheck__bool
properties__evaluationDetails
properties__evaluationDetails__assignmentId
join(properties__evaluationDetails__assignmentId__arr, ",")
properties__evaluationDetails__assignmentId__arr
properties__evaluationDetails__assignmentDisplayName
join(properties__evaluationDetails__assignmentDisplayName__arr, ",")
properties__evaluationDetails__assignmentDisplayName__arr
properties__evaluationDetails__definitionId
join(properties__evaluationDetails__definitionId__arr, ",")
properties__evaluationDetails__definitionId__arr
properties__evaluationDetails__definitionDisplayName
join(properties__evaluationDetails__definitionDisplayName__arr, ",")
properties__evaluationDetails__definitionDisplayName__arr
properties__evaluationDetails__outcome
join(properties__evaluationDetails__outcome__arr, ",")
properties__evaluationDetails__outcome__arr
properties__evaluationDetails__expressionEvaluationDetails
join(properties__evaluationDetails__expressionEvaluationDetails__arr, ",")
properties__evaluationDetails__expressionEvaluationDetails__arr
attrs
operation_name
resource_id
cloud.azure.managedclusters.csi_snapshot_controller
cloud.azure.metrics.metricsBlobLog
cloud.azure.metrics.metricsCapacityBlob
cloud.azure.metrics.metricsLog
cloud.azure.metrics.metricsTableLog
version
reqStartTime
opType
reqStatus
httpStatusCode
endLatency
int8
serverLatency
authType
reqAccountName
ownerAccountName
serviceType
reqUrl
reqObjectKey
reqIdHeader
opCount
reqIp
reqIpPort
reqVerHeader
reqHeaderSize
reqPacketSize
resHeaderSize
resPacketSize
reqContentLength
reqMD5
serverMD5
etagId
lastModified
conditionsUsed
userAgent
referrer
cliReqId
partitionKey
rowKey
capacity
containerCount
objectCount