Activity Log Event ScheduledSearch/ScheduledSearch

Event for a scheduled search

Field TypeTypeValueAvailabilityDescription
actionIds    List of action IDs for when an alert or scheduled search trigger has been triggered for an event
actionInvocationIds    List of action invocation IDs for when an alert or scheduled search has been triggered
@id    
@ingesttimestamp    
@rawstring    
@timestamp    
@timestamp.nanos    
@timezone    
category    Category of the event, such as Alert, Request, IngestFeed, Fdr, Query, Action, and ScheduledSearch
dataspace    Repository or view name
externalQueryId    External ID of the running query
#category    
#repo    
#severity    
message    Message of the alert or event
orgId    Organization ID
plannedExecutionTime    Planned execution timestamp
queryFinishedTime    Time in milliseconds when query in scheduled search finished
queryIntervalEndTime    
queryIntervalStartTime    
scheduledSearchId    Scheduled search ID
scheduledSearchName    Scheduled search name
severity    Severity of the event
status    Whether the alert, scheduled search, or scheduled report was successful (value Success) or failed (value Failure). An individual failure may be triggered for multiple reasons, but repeated failures over a period of time may indicate a problem that needs investigation.
subCategory    Subcategory of the event
timestamp    Timestamp in milliseconds of the event
viewId    View ID