Field | Type | Source field name | Extra fields |
---|
eventdate | timestamp
| | |
hostname | str
| | |
region | str
| | |
rawMessage | str
| rawSource | |
timestamp | timestamp
| | |
resourceId | str
| | |
signInEventTypes | str
| | |
operationName | str
| | |
operationVersion | str
| | |
category | str
| | |
tenantId | str
| | |
resultType | str
| | |
resultSignature | str
| | |
resultDescription | str
| | |
durationMs | int4
| | |
callerIpAddress | str
| | |
correlationId | str
| | |
identity | str
| | |
Level | int4
| | |
location | str
| | |
properties | json
| | |
properties_id | str
| | |
properties_createdDateTime | str
| | |
properties_userDisplayName | str
| | |
properties_userPrincipalName | str
| | |
properties_userId | str
| | |
properties_appId | str
| | |
properties_appDisplayName | str
| | |
properties_ipAddress | str
| | |
properties_status_errorCode | int4
| | |
properties_status_failureReason | str
| | |
properties_clientAppUsed | str
| | |
properties_userAgent | str
| | |
properties_deviceDetail_operatingSystem | str
| | |
properties_deviceDetail_browser | str
| | |
properties_deviceDetail_deviceId | str
| | |
properties_deviceDetail_displayName | str
| | |
properties_deviceDetail_isCompliant | bool
| | |
properties_deviceDetail_isManaged | bool
| | |
properties_deviceDetail_trustType | str
| | |
properties_location_city | str
| | |
properties_location_state | str
| | |
properties_location_countryOrRegion | str
| | |
properties_location_geoCoordinates_latitude | float8
| | |
properties_location_geoCoordinates_longitude | float8
| | |
properties_mfaDetail_authMethod | str
| | |
properties_mfaDetail_authDetail | str
| | |
properties_correlationId | str
| | |
properties_conditionalAccessStatus | str
| | |
properties_originalRequestId | str
| | |
properties_isInteractive | bool
| | |
properties_tokenIssuerName | str
| | |
properties_tokenIssuerType | str
| | |
properties_processingTimeInMilliseconds | int4
| | |
properties_riskDetail | str
| | |
properties_riskLevelAggregated | str
| | |
properties_riskLevelDuringSignIn | str
| | |
properties_riskState | str
| | |
properties_resourceDisplayName | str
| | |
properties_resourceId | str
| | |
properties_resourceTenantId | str
| | |
properties_homeTenantId | str
| | |
properties_alternateSignInName | str
| | |
properties_signInIdentifier | str
| | |
properties_signInIdentifierType | int4
| | |
properties_servicePrincipalId | str
| | |
properties_userType | str
| | |
properties_flaggedForReview | bool
| | |
isTenantRestricted | bool
| | |
autonomousSystemNumber | int4
| | |
crossTenantAccessType | str
| | |
servicePrincipalCredentialKeyId | str
| | |
servicePrincipalCredentialThumbprint | str
| | |
uniqueTokenIdentifier | str
| | |
incomingTokenType | str
| | |
authenticationProtocol | str
| | |
resourceServicePrincipalId | str
| | |
authenticationContextClassReferences | str
| | |
sessionLifetimePolicies | str
| | |
privateLinkDetails__policyId | str
| | |
privateLinkDetails__policyName | str
| | |
privateLinkDetails__resourceId | str
| | |
privateLinkDetails__policyTenantId | str
| | |
at_devo_collector_version | int4
| | |
at_entry_offset | str
| | |
at_enqueued_time | timestamp
| | |
hostchain | str
| | ✓ |
tag | str
| | ✓ |