File
File ingestion represents plain-text log files imported from disk or network shares-ideal for custom applications or legacy devices.
EnginsightGlobal Fields (4)
| Field | Type |
|---|---|
ngs.id Unique identifier for the log entry. | string |
ngs.createdAt Timestamp when the event was created locally. | pdate |
ngs.indexedAt Timestamp when the log was indexed into the SIEM. | pdate |
ngs.source Origin or source system of the log. | string |
Reference-Specific Fields (4)
| Field | Type |
|---|---|
file.path Absolute or relative filesystem path of the ingested log file (e.g., "/var/log/app/debug.log"). | string |
file.message Raw line or record content extracted from the file; represents the actual log message. | text_general |
file.localTimestamp Timestamp parsed from the log line that denotes when the original event took place. | pdate |
file.hostname Hostname contained in (or inferred from) the log entry, useful when files from multiple hosts are aggregated. | text_general |
Sample Log Event
Below is a representative JSON log entry showing key fields as they're emitted by the system. Depending on the context of the event, some fields may be omitted if they're not applicable.