Anomaly Event Message Fields
The following article exclusively pertains to a Graylog Security feature or functionality. Graylog Security is a part of the Graylog centralized log management platform and requires a separate license. Contact the Graylog Sales team for more information on this product.
All anomaly event messages generated by Graylog's Anomaly Detection tool have common fields and additional, detector-specific fields, depending on which detector the messages originate from. These anomaly fields are described in the Anomaly Detectors index depending on which detectors are enabled. For a full list of all the common message fields that are populated in all anomaly event messages, see the event message field index in the Illuminate documentation.