@timestamp

Time the event occurred

Log Event

ingest_timestamp

Time the event was ingested

Metadata

severity

Severity of the event. (note: severities from different types are mapped to the same severity scale)

Log Event

resource

Metadata

resource.hostname

Hostname of the agent host

Metadata

resource.ip

IPv4 address of the agent host

Metadata

resource.container_id

(k8s only) container ID

Metadata

resource.container_name

(k8s only) container name

Metadata

resource.k8s_namespace_name

(k8s only) namespace name

Metadata

resource.k8s_namespace_uid

(k8s only) namespace uuid

Metadata

resource.k8s_pod_name

(k8s only) pod name

Metadata

resource.k8s_pod_uid

(k8s only) pod uid

Metadata

type

high-level description of the type of log (example: mysql.error)

Metadata

log.name

name of the log file on the filesystem (note: does not include the full file path)

Metadata

log.size

size of the log message in bytes

Metadata

message

message field

Log Event

agent.id

unique identifier of the log agent transmitting the event

Metadata

agent.name

friendly name of the the log agent transmitting the event

Metadata

agent.version

version of the log agent transmitting the event

Metadata

data.[]

fields that are successfully parsed out of the log event

Log Event

label.[]

custom labels added manually by the user. Can be specified manually in the pipeline.

Metadata

source.name

name of the Source in observIQ

Metadata

source.type

type of Source in observIQ

Metadata

source.id

unique identifier of Source in observIQ

Metadata