type
string
timestamp
timestamp
elb
string
clientIp
string
clientPort
bigint
targetIp
string
targetPort
bigint
requestProcessingTime
double
targetProcessingTime
double
responseProcessingTime
double
elbStatusCode
bigint
targetStatusCode
bigint
receivedBytes
bigint
sentBytes
bigint
requestHttpMethod
string
requestUrl
string
requestHttpVersion
string
userAgent
string
sslCipher
string
timestamp
timestamp
serverHost
string
username
string
host
string
connectionId
bigint
queryId
bigint
operation
string
database
string
object
string
retCode
bigint
p_log_type
string
p_row_id
string
p_event_time
timestamp
p_parse_time
timestamp
p_source_id
string
p_source_label
string
p_any_ip_addresses
[string]
p_any_domain_names
[string]
p_any_sha1_hashes
[string]
additionalEventData
string
apiVersion
string
awsRegion
string
errorCode
string
errorMessage
string
eventID
string
eventName
string
eventSource
string
eventTime
timestamp
eventType
string
eventVersion
string
managementEvent
boolean
readOnly
boolean
recipientAccountId
string
requestID
string
requestParameters
string
resources
[{ "arn":string, "accountId":string, "type":string }]
responseElements
string
serviceEventDetails
string
awsAccountId
string
digestStartTime
timestamp
digestEndTime
timestamp
digestS3Bucket
string
digestS3Object
string
newestEventTime
timestamp
oldestEventTime
timestamp
previousDigestS3Bucket
string
previousDigestS3Object
string
previousDigestHashValue
string
previousDigestHashAlgorithm
string
previousDigestSignature
string
digestPublicKeyFingerprint
string
digestSignatureAlgorithm
string
logFiles
[{ "s3Bucket":string, "s3Object":string, "hashValue":string, "hashAlgorithm":string, "newestEventTime":timestamp, "oldestEventTime":timestamp }]
p_event_time
timestamp
p_parse_time
timestamp
p_log_type
string
p_row_id
string
eventVersion
string
eventTime
timestamp
awsRegion
string
eventId
string
eventType
string
recipientAccountId
string
sharedEventId
string
insightDetails
{ "state":string, "eventSource":string, "eventName":string, "insightType":string, "insightContext":{ "statistics":{ "baseline":{ "average":double }, "insight":{ "average":double }, "insightDuration":float } } }
eventCategory
string
p_event_time
timestamp
p_parse_time
timestamp
p_log_type
string
p_row_id
string
p_source_id
string
p_source_label
string
p_any_ip_addresses
[string]
p_any_domain_names
[string]
p_any_md5_hashes
[string]
p_any_sha1_hashes
[string]
id
string
account
string
source
string
resources
[string]
region
string
detail-type
string
version
string
time
timestamp
detail
string
p_log_type
string
p_row_id
string
p_event_time
timestamp
p_parse_time
timestamp
p_source_id
string
p_source_label
string
p_any_ip_addresses
[string]
p_any_domain_names
[string]
p_any_sha1_hashes
[string]
p_any_md5_hashes
[string]
schemaVersion
string
accountId
string
region
string
partition
string
id
string
arn
string
type
string
resource
string
severity
float
createdAt
timestamp
updatedAt
timestamp
title
string
description
string
service
{ "additionalInfo":string, "action":string, "serviceName":string, "detectorId":string, "resourceRole":string, "eventFirstSeen":timestamp, "eventLastSeen":timestamp, "archived":boolean, "count":bigint }
p_log_type
string
p_row_id
string
p_event_time
timestamp
p_parse_time
timestamp
p_source_id
string
bucketowner
string
bucket
string
time
timestamp
remoteip
string
requester
string
requestid
string
operation
string
key
string
requesturi
string
httpstatus
bigint
errorcode
string
bytessent
bigint
objectsize
bigint
totaltime
bigint
turnaroundtime
bigint
referrer
string
useragent
string
versionid
string
hostid
string
version
string
account_id
string
region
string
vpc_id
string
query_timestamp
timestamp
query_name
string
query_type
string
query_class
string
rcode
string
answers
[{ "Rdata":string, "Type":string, "Class":string }]
srcaddr
string
srcport
string
transport
string
srcids
{ "instance":string, "resolver-endpoint":string }
p_event_time
timestamp
p_parse_time
timestamp
p_log_type
string
p_row_id
string
p_source_id
string
version
bigint
account
string
interfaceId
string
srcAddr
string
dstAddr
string
srcPort
bigint
dstPort
bigint
protocol
bigint
packets
bigint
bytes
bigint
start
timestamp
end
timestamp
action
string
status
string
vpcId
string
subNetId
string
instanceId
string
tcpFlags
bigint
trafficType
string
action
string
formatVersion
smallint
httpRequest
{ "args":string, "clientIp":string, "country":string, "headers":[{ "name":string, "value":string }], "httpMethod":string, "httpVersion":string, "requestId":string, "uri":string }
httpSourceId
string
httpSourceName
string
nonTerminatingMatchingRules
[{ "ruleId":string, "action":string, "ruleMatchDetails":[{ "conditionType":string, "location":string, "matchedData":[string] }] }]
rateBasedRuleList
[{ "limitKey":string, "limitValue":string, "maxRateAllowed":bigint, "rateBasedRuleId":string, "rateBasedRuleName":string }]
ruleGroupList
[{ "excludedRules":[{ "exclusionType":string, "ruleId":string }], "nonTerminatingMatchingRules":[{ "ruleId":string, "action":string, "ruleMatchDetails":[{ "conditionType":string, "location":string, "matchedData":[string] }] }], "ruleGroupId":string, "terminatingRule":{ "ruleId":string, "action":string, "ruleMatchDetails":[{ "conditionType":string, "location":string, "matchedData":[string] }] } }]
terminatingRuleId
string
terminatingRuleMatchDetails
[{ "conditionType":string, "location":string, "matchedData":[string] }]
terminatingRuleType
string
timestamp
timestamp
webaclId
string
p_event_time
timestamp
p_parse_time
timestamp
p_log_type
string
p_row_id
string
p_source_id
string
p_source_label
string