Skip to main content

Splunk Event Schema Documentation

LogEntry

Title: LogEntry

Typeobject
RequiredNo
Additional properties[Any type: allowed]

Description: The customer-facing log format for the Equinix Observability Service.

Example:

{
"stream": {
"streamId": "b47f2eaf-d5c6-485c-a081-5d12333aa2e2",
"streamName": "Example Stream"
},
"source": {
"category": "validation",
"type": "validation_request",
"service": "metal",
"organizationId": "a2337a57-4ad0-4708-abc6-c0973055c91e"
},
"schema": "v1",
"timestamp": "2024-04-16T14:58:21.442334Z",
"level": "INFO",
"eventId": "e6de0ec4-027e-4733-aeb4-058c1fc53493",
"event": {
"eventName": "instance_provision_requested",
"status": "unauthorized",
"auth": {
"authType": "user",
"user": {
"userId": "1bec4119-a889-4809-89e9-c4572dc002ec",
"userName": "jdoe@equinix.com"
},
"role": {
"roleName": "collaborator"
}
},
"httpRequest": {
"host": "api.equinix.com",
"method": "PUT",
"path": "/metal/v1/projects/99f8e7f1-fe4a-441a-ade9-687743f080f6",
"scheme": "https",
"statusCode": 200,
"userAgent": "metal-cli/metal equinix-sdk-go/0.30.0",
"sourceIpAddress": "111.111.111.11"
},
"response": {}
}
}
PropertyPatternTypeDeprecatedDefinitionTitle/Description
+ streamNoobjectNo-Stream
+ sourceNoobjectNo-Source
+ schemaNoenum (of string)No-Indicates the schema version of this log entry.
+ timestampNostringNo-The timestamp at which this log entry was produced, in ISO8601 format.
+ levelNostringNo-A human-readable indication of the severity level of this log entry.
+ eventIdNostringNo-Unique identifier for this log event.
+ eventNoobjectNo-Event

1. Property LogEntry > stream

Title: Stream

Typeobject
RequiredYes
Additional properties[Any type: allowed]

Description: Provides metadata about the observability stream that produced this log entry; can be used to differentiate data sources in situations where multiple streams are writing to the same destination.

Example:

{
"streamId": "e55f79d4-0d8a-4460-a566-ff93af4f90e4",
"streamName": "Example Stream"
}
PropertyPatternTypeDeprecatedDefinitionTitle/Description
+ streamIdNostringNo-Unique identifier of the observability stream that produced this log entry.
+ streamNameNostringNo-Name of the observability stream that produced this log entry.

1.1. Property LogEntry > stream > streamId

Typestring
RequiredYes
Formatuuid

Description: Unique identifier of the observability stream that produced this log entry.

1.2. Property LogEntry > stream > streamName

Typestring
RequiredYes

Description: Name of the observability stream that produced this log entry.

Example:

"Example Stream"

2. Property LogEntry > source

Title: Source

Typeobject
RequiredYes
Additional properties[Any type: allowed]

Description: Provides metadata about the source from which this log entry originated.

Example:

{
"category": "audit",
"type": "api_request",
"service": "metal",
"organizationId": "0e714017-6d9c-4dc5-828d-b8a156502496"
}
PropertyPatternTypeDeprecatedDefinitionTitle/Description
+ categoryNoenum (of string)No-Groups logs into high-level application categories.
+ typeNoenum (of string)No-Differentiates types of log events withing a particular category.
+ serviceNoenum (of string)No-Indicates the service that produced this log entry.
+ organizationIdNostringNo-Indicates the customer Organization ID with which this log entry is associated.
- projectIdNostringNo-Indicates the customer Project ID with which this log entry is associated.

2.1. Property LogEntry > source > category

Typeenum (of string)
RequiredYes

Description: Groups logs into high-level application categories.

Must be one of:

  • "audit"
  • "validation"

2.2. Property LogEntry > source > type

Typeenum (of string)
RequiredYes

Description: Differentiates types of log events withing a particular category.

Must be one of:

  • "api_request"
  • "validation_request"

2.3. Property LogEntry > source > service

Typeenum (of string)
RequiredYes

Description: Indicates the service that produced this log entry.

Must be one of:

  • "metal"

2.4. Property LogEntry > source > organizationId

Typestring
RequiredYes
Formatuuid

Description: Indicates the customer Organization ID with which this log entry is associated.

2.5. Property LogEntry > source > projectId

Typestring
RequiredNo
Formatuuid

Description: Indicates the customer Project ID with which this log entry is associated.

3. Property LogEntry > schema

Typeenum (of string)
RequiredYes

Description: Indicates the schema version of this log entry.

Must be one of:

  • "v1"

4. Property LogEntry > timestamp

Typestring
RequiredYes
Formatdate-time

Description: The timestamp at which this log entry was produced, in ISO8601 format.

Example:

"2024-04-16T14:58:21.442334Z"

5. Property LogEntry > level

Typestring
RequiredYes

Description: A human-readable indication of the severity level of this log entry.

Example:

"INFO"

6. Property LogEntry > eventId

Typestring
RequiredYes
Formatuuid

Description: Unique identifier for this log event.

7. Property LogEntry > event

Title: Event

Typeobject
RequiredYes
Additional properties[Any type: allowed]

Description: The application-specific log event payload. In the future the specific format will vary based on the source category and type, but for now we use a single log event schema.

Example:

{
"eventName": "project_updated",
"status": "unauthorized",
"auth": {
"authType": "user",
"user": {
"userId": "1bec4119-a889-4809-89e9-c4572dc002ec",
"userName": "jdoe@equinix.com"
},
"role": {
"roleName": "collaborator"
}
},
"httpRequest": {
"host": "api.equinix.com",
"method": "PUT",
"path": "/metal/v1/projects/99f8e7f1-fe4a-441a-ade9-687743f080f6",
"scheme": "http",
"statusCode": 200,
"userAgent": "metal-cli/metal equinix-sdk-go/0.30.0",
"sourceIpAddress": "111.111.111.11"
},
"resource": {},
"response": {}
}
PropertyPatternTypeDeprecatedDefinitionTitle/Description
+ eventNameNostringNo-An application-provided name for the event. Event names should be fixed by the application
(i.e. should not vary based on request parameters) to enable filtering/querying by the customer, and should carry
meaning to the customer. In the case of API request logs, this would correspond to an operation name.
+ statusNostringNo-An indication of the status associated with the event, e.g. request success/failure.
+ authNoobjectNo-AuthInfo
+ httpRequestNoobjectNo-HttpRequest
- resourceNoobjectNo-The resource associated with the request (for future use)
- requestNoobjectNo-Detailed request parameters (for future use)
- responseNoobjectNo-Detailed response body (for future use)

7.1. Property LogEntry > event > eventName

Typestring
RequiredYes

Description: An application-provided name for the event. Event names should be fixed by the application (i.e. should not vary based on request parameters) to enable filtering/querying by the customer, and should carry meaning to the customer. In the case of API request logs, this would correspond to an operation name.

Examples:

"project_updated"
"instance_provision_requested"

7.2. Property LogEntry > event > status

Typestring
RequiredYes

Description: An indication of the status associated with the event, e.g. request success/failure.

Examples:

"success"
"failed"
"unauthorized"

7.3. Property LogEntry > event > auth

Title: AuthInfo

Typeobject
RequiredYes
Additional properties[Any type: allowed]

Description: Provides authentication and authorization information about the principal associated with the log event. In most cases, this will be the one who made the request.

Example:

{
"authType": "user",
"user": {
"userId": "1bec4119-a889-4809-89e9-c4572dc002ec",
"userName": "jdoe@equinix.com"
},
"role": {
"roleName": "collaborator"
}
}
PropertyPatternTypeDeprecatedDefinitionTitle/Description
+ authTypeNoenum (of string)No-Indicates the type of entity for the principal associated with the request.
+ userNoobjectNo-User
+ roleNoobjectNo-Role

7.3.1. Property LogEntry > event > auth > authType

Typeenum (of string)
RequiredYes

Description: Indicates the type of entity for the principal associated with the request.

Must be one of:

  • "user"

7.3.2. Property LogEntry > event > auth > user

Title: User

Typeobject
RequiredYes
Additional properties[Any type: allowed]

Description: Provides identifying information about the user associated with the log event.

Example:

{
"userId": "1bec4119-a889-4809-89e9-c4572dc002ec",
"userName": "jdoe@equinix.com"
}
PropertyPatternTypeDeprecatedDefinitionTitle/Description
+ userIdNostringNo-Unique user identifier; this is an opaque system-assigned ID that is not expected to be recognizable to people.
+ userNameNostringNo-Provides a more human-friendly display name for the user.
7.3.2.1. Property LogEntry > event > auth > user > userId
Typestring
RequiredYes

Description: Unique user identifier; this is an opaque system-assigned ID that is not expected to be recognizable to people.

Example:

"1bec4119-a889-4809-89e9-c4572dc002ec"
7.3.2.2. Property LogEntry > event > auth > user > userName
Typestring
RequiredYes

Description: Provides a more human-friendly display name for the user.

Example:

"jdoe@equinix.com"

7.3.3. Property LogEntry > event > auth > role

Title: Role

Typeobject
RequiredYes
Additional properties[Any type: allowed]

Description: Provides information about the role associated with the log event, which determines what permissions are allowed. If the principal has access to multiple roles, this indicates the one they assumed when making the request.

Example:

{
"roleName": "collaborator"
}
PropertyPatternTypeDeprecatedDefinitionTitle/Description
+ roleNameNostringNo-The human-friendly display name for the role.
7.3.3.1. Property LogEntry > event > auth > role > roleName
Typestring
RequiredYes

Description: The human-friendly display name for the role.

Example:

"collaborator"

7.4. Property LogEntry > event > httpRequest

Title: HttpRequest

Typeobject
RequiredYes
Additional properties[Any type: allowed]

Description: Provides details about the HTTP request associated with the log event, if there is one (for now, there will always be one).

Example:

{
"host": "api.equinix.com",
"method": "PUT",
"path": "/metal/v1/projects/99f8e7f1-fe4a-441a-ade9-687743f080f6",
"scheme": "http",
"statusCode": 200,
"userAgent": "metal-cli/metal equinix-sdk-go/0.30.0",
"sourceIpAddress": "111.111.111.11"
}
PropertyPatternTypeDeprecatedDefinitionTitle/Description
+ hostNostringNo-The hostname to which the original HTTP request was made.
+ methodNostringNo-The HTTP request method.
+ pathNostringNo-The path portion of the original HTTP request URL.
+ schemeNoenum (of string)No-The HTTP request scheme
+ statusCodeNointegerNo-The HTTP status code that resulted from the processing of the request.
+ userAgentNostringNo-The user-agent that issued the request, as reported by the HTTP client.
+ sourceIpAddressNostringNo-The IP address from which the HTTP request was sent.

7.4.1. Property LogEntry > event > httpRequest > host

Typestring
RequiredYes

Description: The hostname to which the original HTTP request was made.

Example:

"api.equinix.com"

7.4.2. Property LogEntry > event > httpRequest > method

Typestring
RequiredYes

Description: The HTTP request method.

Example:

"PUT"

7.4.3. Property LogEntry > event > httpRequest > path

Typestring
RequiredYes

Description: The path portion of the original HTTP request URL.

Example:

"/metal/v1/projects/99f8e7f1-fe4a-441a-ade9-687743f080f6"

7.4.4. Property LogEntry > event > httpRequest > scheme

Typeenum (of string)
RequiredYes

Description: The HTTP request scheme

Must be one of:

  • "http"
  • "https"

7.4.5. Property LogEntry > event > httpRequest > statusCode

Typeinteger
RequiredYes

Description: The HTTP status code that resulted from the processing of the request.

Example:

200

7.4.6. Property LogEntry > event > httpRequest > userAgent

Typestring
RequiredYes

Description: The user-agent that issued the request, as reported by the HTTP client.

Example:

"metal-cli/metal equinix-sdk-go/0.30.0"

7.4.7. Property LogEntry > event > httpRequest > sourceIpAddress

Typestring
RequiredYes

Description: The IP address from which the HTTP request was sent.

Example:

"111.111.111.11"

7.5. Property LogEntry > event > resource

Typeobject
RequiredNo
Additional properties[Any type: allowed]

Description: The resource associated with the request (for future use)

Example:

{}

7.6. Property LogEntry > event > request

Typeobject
RequiredNo
Additional properties[Any type: allowed]

Description: Detailed request parameters (for future use)

Example:

{}

7.7. Property LogEntry > event > response

Typeobject
RequiredNo
Additional properties[Any type: allowed]

Description: Detailed response body (for future use)

Example:

{}

Generated using json-schema-for-humans on 2024-07-19 at 16:25:20 -0500