Anomaly Event Message Fields

The following article exclusively pertains to a Graylog Security feature or functionality. Graylog Security is a part of the Graylog centralized log management platform and requires a separate license. Contact the Graylog Sales team for more information on this product.

Hint: The following article has been moved to the official Illuminate documentation. See below for details.

All anomaly event messages generated by Graylog's Anomaly Detection tool have common fields and additional, detector-specific fields, depending on which detector the messages originate from. These anomaly fields are described in the Anomaly Detectors index depending on which detectors are enabled. For a full list of all the common message fields that are populated in all anomaly event messages, see the event message field index in the Illuminate documentation.