| Field Name | Example Values | Field Type | Notes |
|---|---|---|---|
associated_category
|
keyword | TBD: Not sure if this is useful | |
associated_hash
|
6f9efb466e043b9f3635827ce446e13c | keyword | All associated md5, sha1, sha256, sha512, imp hashes from a log message |
associated_host
|
10.1.2.3,corpdc01,corpdc01.corpdomain.local | keyword | FUTURE: copy of any identifying host information - IP, Hostname, etc. from a log message, not implmented yet. |
associated_ip
|
10.1.2.3,fe80:5cc3:11:4::2c | ip | Associated IP addresses for a log message |
associated_mac
|
a0:b4:44:01:a9:d1 | keyword | Associated MAC addresses for a log message, colon-delimited and lower case |
associated_session_id
|
0xa72c | keyword | Associated session IDs for a log message |
associated_user_id
|
999,S-1-5-18 | keyword | This will be a field that maps to all user ID values (uids, SIDs, etc.) that are associated with a user context. This can/may eventually be populated from the user framework. |
associated_user_name
|
administrator,administrator@corp.local | keyword (normalized:loweronly) |
Any associated/alternate user ID or email, can be a set of multiple values. |
The following content is part of the Graylog Illuminate 6.3 documentation. If you are using another version of Illuminate, please switch to your version. For versions prior to 4.0, please see the legacy documentation.
