Enginsight Standard Fields

Manually populated fields for custom parsers

Global Fields (4)

FieldType
ngs.createdAt
Timestamp when the event was created locally.
pdate
ngs.id
Unique identifier for the log entry.
string
ngs.indexedAt
Timestamp when the log was indexed into the SIEM.
pdate
ngs.source
Origin or source system of the log.
string

Generic Fields (8)

These are common fields that appear across multiple namespaces. They represent attributes that are inherited or reused from a global schema— things like timestamps, unique identifiers, user IDs, or status codes that every namespace needs. By sharing these fields, we ensure consistency and make it easy to run cross-namespace searches and reports.

FieldReference-Specific FieldsType
gen.dest.ip
Destination IP address.
std.destIp
text_general
gen.dest.port
Destination port number.
std.destPort
pint
gen.file.name
File name associated with the event.
std.filename
strings
gen.file.path
Full file path associated with the event.
std.filename
strings
gen.hostname
Normalized hostname of the system generating the log.
std.hostname
text_general
gen.src.ip
Source IP address.
std.srcIp
text_general
gen.src.port
Source port number.
std.srcPort
pint
gen.username
Username associated with the event.
std.username
text_general

Reference-Specific Fields (23)

FieldType
std.destIp
text_general
std.destPort
pint
std.domain
text_general
std.duration
plong
std.eventId
string
std.eventName
text_general
std.extractorIds
strings
std.facility
text_general
std.filename
text_general
std.group
text_general
std.hostname
text_general
std.md5
strings
std.message
text_general
std.priority
text_general
std.program
text_general
std.quantity
plong
std.score
plong
std.sha1
strings
std.sha256
strings
std.srcIp
text_general
std.srcPort
pint
std.timestamp
pdate
std.username
text_general

Sample Log Event

Below is a representative JSON log entry showing key fields as they're emitted by the system. Depending on the context of the event, some fields may be omitted if they're not applicable.