...
Event Property | Description | Example |
---|---|---|
duplicateof | list of Event IDs that this one is a duplicate of | |
nodes | lists nodes that caused this synthetic event | |
eventids | list of Event IDs that were involved in causing this synthetic event | |
delayedaction | Unix time, until then the event is held back from processing for actions and policies | 1385079231 |
action_checked | Has the event been processed wrt. actions and policies? | 0 or 1 |
<scriptname>.output | If an event triggered a script action that is set to save, then the script output is stored in this property. | |
synthetic | whether this event was created by a correlation policy action, or because a watchdog expired | 0 or 1 |
watchdog | whether this is a watchdog expiration event | 0 or 1 |