The following list shows the schema used when storing data in AxoStore. You can use these fields when searching on the Storage page.
log_attributes
Additional attributes that describe the specific event occurrence. Every attribute key must be unique.
body
The body of the log record, which can contain strings and structured data composed of arrays and maps of other values.
severity_number
Numerical value of the severity, normalized to values described in Log Data Model.
severity_text
The severity as a string (log level). The original string representation as described at the source. For the numerical to string mapping, see log.severity_number.
meta_raw
Metadata about a specific message record, for example, a log message.
connection
Information about the network connection that transmitted the message.
host_labels
The labels set in the inventory for the host the message originates from. Note that if the host is sending data to an AxoRouter connector that doesn’t perform automatic classification, then changing the product and vendor labels can affect the final metadata in the destination, for example, the sourcetype assigned to the data in Splunk.
host_name
The name of the host the message originates from (based on the inventory).
host_candidate
product
The product name of the appliance, application, or service that generated the message.
axo_host_labels
Labels of the AxoRouter instance that processed the message.
axo_host_name
The name of the AxoRouter instance that processed the message.
service
Name of the service that generated the message. For syslog messages, that’s usually the value of the PROGRAM field.
vendor
The vendor of the appliance, application, or service that generated the message.
resource_attributes
Attributes that describe the resource. Every attribute key must be unique.
scope_attributes
Attributes that describe the log scope. Every attribute key must be unique.
scope_name
Name of the log scope
scope_version
Version of the log scope