Enginsight Loggernaut (SIEM)
Enginsight Loggernaut is the ingestion and retention service that normalises, parses and stores customer log data.
EnginsightGlobal Fields (4)
| Field | Type |
|---|---|
ngs.id Unique identifier for the log entry. | string |
ngs.createdAt Timestamp when the event was created locally. | pdate |
ngs.indexedAt Timestamp when the log was indexed into the SIEM. | pdate |
ngs.source Origin or source system of the log. | string |
Reference-Specific Fields (22)
| Field | Type |
|---|---|
ngs.loggernaut.Category High-level functional group of the operation such as "query", "ingest", "workflow" or "cache". | string |
ngs.loggernaut.Action Specific action that was executed within the category (e.g., execute, index, purge). | string |
ngs.loggernaut.QTime Time spent processing the search/query in milliseconds. | plong |
ngs.loggernaut.NumFound Number of documents or log records matched by the query. | pint |
ngs.loggernaut.Query Full query string that was executed against the index. | text_general |
ngs.loggernaut.Filter Additional filter expression applied to narrow the query results. | text_general |
ngs.loggernaut.FacetType Type of facet or aggregation requested (e.g., terms, range, date_hist). | string |
ngs.loggernaut.FacetField Field in the index on which the facet/aggregation was calculated. | text_general |
ngs.loggernaut.ITime Time taken to index documents in milliseconds. | plong |
ngs.loggernaut.ETime End-to-end elapsed time of the operation (including queue and network) in milliseconds. | plong |
ngs.loggernaut.Size Total data volume processed or returned, in bytes. | plong |
ngs.loggernaut.NumIndexed Number of documents that were successfully written to the index. | pint |
ngs.loggernaut.WorkflowName Human-readable name of the ingestion or processing workflow. | text_general |
ngs.loggernaut.WTime Duration of the workflow execution in milliseconds. | plong |
ngs.loggernaut.NumQueried Number of documents that were scanned or queried during the operation. | plong |
ngs.loggernaut.AccessKeyId Identifier of the API key or access credential used to perform the request. | string |
ngs.loggernaut.CachedLogs Count of log entries that were served from cache instead of live storage. | plong |
ngs.loggernaut.CachedGroupCombinations Number of cached facet/grouping combinations that were reused. | plong |
ngs.loggernaut.Start Start timestamp of the time range covered by the query or workflow. | pdate |
ngs.loggernaut.End End timestamp of the time range covered by the query or workflow. | pdate |
ngs.loggernaut.WorkflowType Classification of the workflow, e.g., scheduled, ad-hoc or retention. | string |
ngs.loggernaut.WorkflowID Universally unique identifier of the workflow instance that generated the event. | string |
Sample Log Event
Below is a representative JSON log entry showing key fields as they're emitted by the system. Depending on the context of the event, some fields may be omitted if they're not applicable.