Document toolboxDocument toolbox

db.mssql

Owned by Former user (Deleted)
Last updated: Oct 03, 2023 by Juan Tomás Alonso Nieto (Deactivated)
1 min read
[ 1 Introduction ] [ 2 Valid tags and data tables  ] [ 3 Table structure ]

Introduction

The tags beginning with db.mssql identify events generated by Microsoft SQL Server.

Valid tags and data tables 

The full tag must have at least three levels. The first two are fixed as db.mssql. The third level identifies the type of events sent. The fourth, fifth, and sixth levels identity the corresponding environment, application, and clone.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

Product / Service

Tags

Data tables

Microsoft SQL Server

db.mssql.audit

db.mssql.audit

b.mssql.error.env.app.clon

db.mssql.error

db.mssql.events.env.app.clon

db.mssql.events

For more information, read more about Devo tags.

Table structure

These are the fields displayed in these tables:

db.mssql.audit

Field

Type

Source field name

Extra fields

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

 

environment

str

venv

 

application

str

vapp

 

clon

str

vclon

 

message

str

 

 

rawMessage

str

rawSource

✓

hostchain

str

 

✓

tag

str

 

✓

 db.mssql.error

Field

Type

Field transformation

Source field name

Extra fields

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

 

environment

str

 

venv

 

application

str

 

vapp

 

clon

str

 

vclon

 

date

timestamp

parsedate(date_str, dateformat("YYYY-MM-DD HH:mm:ss.SS"))

date_str

 

source

str

 

 

 

message

str

 

 

 

database

str

 

 

 

creation_date

str

 

 

 

first_LSN

str

 

 

 

last_LSN

str

 

 

 

number_device

int4

 

 

 

device_information

str

 

 

 

extMessage

str

 

 

 

hostname

str

 

 

 

host_ip

ip4

 

 

 

host_ip_str

str

 

 

 

tag

str

 

 

✓

rawMessage

str

 

 

✓

hostchain

str

 

 

✓

 db.mssql.events

Field

Type

Source field name

Extra fields

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

 

environment

str

venv

 

application

str

vapp

 

clon

str

vclon

 

hostname

str

 

 

user

str

 

 

eventTime

timestamp

 

 

hostname2

str

 

 

keywords

int8

 

 

eventType

str

 

 

severityValue

int4

 

 

severity

str

 

 

eventID

int4

 

 

sourceName

str

 

 

task

int4

 

 

recordNumber

int8

 

 

processID

int4

 

 

threadID

int4

 

 

channel

str

 

 

message

str

 

 

category

str

 

 

eventReceivedTime

timestamp

 

 

sourceModuleName

str

 

 

sourceModuleType

str

 

 

syslogFacilityValue

int4

 

 

syslogSeverityValue

int4

 

 

costCenter

str

 

 

configurationItem

str

 

 

teamEmail

str

 

 

hostchain

str

 

✓

tag

str

 

✓

rawMessage

str

 

Â