Windows OS event format generated by Logstash
The basic format of the Windows Event Log generated by Logstash is described here as a reference for users.
The Windows OS Events Insight® pack has been built using the IBM® Operations Analytics Log Analysis DSV toolkit. Events are formatted by Logstash into a csv format with the following columns.
Number | Column Name | Description |
---|---|---|
1 | EventLog |
Describes the subsystem of event, for example Application or Security |
2 | Timetsamp |
Time of event |
3 | Level |
Information, Warning, Error etc |
4 | User |
If a user name is associated with the event |
5 | EventSource |
Source of event |
6 | EventID |
Event ID |
7 | Description |
Text description of event |
8 | Hostname |
Hostname of the Windows machine |
9 | EventRecordNumber |
Unique event ID |
10 | Category |
Numeric category |