| Field Name | Example Values | Field Type | Notes |
|---|---|---|---|
file_company
|
Microsoft | keyword | Company name associated with a file taken from the file metadata |
file_compile_time
|
date | Compiled date/time that a binary file was compiled | |
file_contents
|
keyword | Contents of a file | |
file_description
|
WMI | keyword | Description of file |
file_is_executable
|
true, false | boolean | Flag indicating if file is executable |
file_is_signed
|
1 | boolean | Flag indicating if file has been digitally signed |
file_name
|
file.zip, file.exe, file | keyword | File name, not including path |
file_path
|
C:\\temp\\file.exe | keyword | Full path and file name |
file_product
|
keyword | Product name the file was shipped with | |
file_product_version
|
keyword | Product version the file was shipped with | |
file_signature_status
|
valid | keyword | Status of file signature |
file_signed_by
|
Microsoft Windows | keyword | Title of file signer |
file_size
|
23894713 | long | File size in bytes |
file_type
|
gzip compressed data, application/pdf | keyword | Description of file contents |
file_version
|
10.0.14393.4169 (rs1_release.210107-1130) | keyword | Version of file |
The following content is part of the Graylog Illuminate 6.3 documentation. If you are using another version of Illuminate, please switch to your version. For versions prior to 4.0, please see the legacy documentation.
