Global Fields (4)
| Field | Type |
|---|---|
ngs.createdAt Timestamp when the event was created locally. | pdate |
ngs.id Unique identifier for the log entry. | string |
ngs.indexedAt Timestamp when the log was indexed into the SIEM. | pdate |
ngs.source Origin or source system of the log. | string |
Generic Fields (7)
These are common fields that appear across multiple namespaces. They represent attributes that are inherited or reused from a global schema— things like timestamps, unique identifiers, user IDs, or status codes that every namespace needs. By sharing these fields, we ensure consistency and make it easy to run cross-namespace searches and reports.
| Field | Reference-Specific Fields | Type |
|---|---|---|
gen.dest.ip Destination IP address. | barracudaMailhub.destIp | text_general |
gen.dest.port Destination port number. | barracudaMailhub.destPort | pint |
gen.mail.receiver Email address of the message recipient. | barracudaMailhub.recipient | strings |
gen.mail.sender Email address of the message sender. | barracudaMailhub.sender | strings |
gen.mail.size Size of the email in bytes. | barracudaMailhub.size | plong |
gen.src.ip Source IP address. | barracudaMailhub.srcIp | text_general |
gen.mail.subject Subject line of the email. | barracudaMailhub.subject | strings |
Reference-Specific Fields (22)
| Field | Type |
|---|---|
barracudaMailhub.action Textual description of the mailhub action (e.g., DELIVER, BOUNCE, QUARANTINE) | text_general |
barracudaMailhub.actionId Numeric code representing the specific action taken by the mailhub | pint |
barracudaMailhub.destDomainname Fully qualified domain name of the mail's destination server | text_general |
barracudaMailhub.destIp IP address of the mail's destination server | text_general |
barracudaMailhub.destPort TCP port number used to connect to the destination mail server | pint |
barracudaMailhub.encoded Boolean flag indicating whether the message was base64 or quoted-printable encoded | boolean |
barracudaMailhub.end Timestamp when the mail transaction completed or was handed off | pdate |
barracudaMailhub.id Unique identifier for the mailhub log entry | string |
barracudaMailhub.name Human-readable identifier for this mail processing instance or host | string |
barracudaMailhub.queueId Identifier of the mail message in the processing queue | string |
barracudaMailhub.reason Primary textual reason for blocking, deferring, or delivering the mail | text_general |
barracudaMailhub.reasonExtra Additional textual details explaining why the mail was blocked, deferred, or accepted | text_general |
barracudaMailhub.reasonId Numeric code corresponding to the primary reason for the action | pint |
barracudaMailhub.recipient Email address of the intended recipient | text_general |
barracudaMailhub.sendMsg Raw SMTP command or response logged during the send process | text_general |
barracudaMailhub.sender Envelope sender address of the email | text_general |
barracudaMailhub.size Size of the message in bytes | plong |
barracudaMailhub.spamScore Numeric spam-detection score assigned to the message | pfloat |
barracudaMailhub.srcDomainname Fully qualified domain name of the client that sent the email | text_general |
barracudaMailhub.srcIp IP address of the client that submitted the email | text_general |
barracudaMailhub.start Timestamp when the mail transaction began or was received | pdate |
barracudaMailhub.subject Subject line of the email message | text_general |
Sample Log Event
Below is a representative JSON log entry showing key fields as they're emitted by the system. Depending on the context of the event, some fields may be omitted if they're not applicable.