Splunk Event Schema Documentation
LogEntry
Title: LogEntry
| Type | object |
| Required | No |
| Additional properties | [Any type: allowed] |
Description: The customer-facing log format for the Equinix Observability Service.
Example:
{
"stream": {
"streamId": "b47f2eaf-d5c6-485c-a081-5d12333aa2e2",
"streamName": "Example Stream"
},
"source": {
"category": "validation",
"type": "validation_request",
"service": "metal",
"organizationId": "a2337a57-4ad0-4708-abc6-c0973055c91e"
},
"schema": "v1",
"timestamp": "2024-04-16T14:58:21.442334Z",
"level": "INFO",
"eventId": "e6de0ec4-027e-4733-aeb4-058c1fc53493",
"event": {
"eventName": "instance_provision_requested",
"status": "unauthorized",
"auth": {
"authType": "user",
"user": {
"userId": "1bec4119-a889-4809-89e9-c4572dc002ec",
"userName": "jdoe@equinix.com"
},
"role": {
"roleName": "collaborator"
}
},
"httpRequest": {
"host": "api.equinix.com",
"method": "PUT",
"path": "/metal/v1/projects/99f8e7f1-fe4a-441a-ade9-687743f080f6",
"scheme": "https",
"statusCode": 200,
"userAgent": "metal-cli/metal equinix-sdk-go/0.30.0",
"sourceIpAddress": "111.111.111.11"
},
"response": {}
}
}
| Property | Pattern | Type | Deprecated | Definition | Title/Description |
|---|---|---|---|---|---|
| + stream | No | object | No | - | Stream |
| + source | No | object | No | - | Source |
| + schema | No | enum (of string) | No | - | Indicates the schema version of this log entry. |
| + timestamp | No | string | No | - | The timestamp at which this log entry was produced, in ISO8601 format. |
| + level | No | string | No | - | A human-readable indication of the severity level of this log entry. |
| + eventId | No | string | No | - | Unique identifier for this log event. |
| + event | No | object | No | - | Event |
1. Property LogEntry > stream
Title: Stream
| Type | object |
| Required | Yes |
| Additional properties | [Any type: allowed] |
Description: Provides metadata about the observability stream that produced this log entry; can be used to differentiate data sources in situations where multiple streams are writing to the same destination.
Example:
{
"streamId": "e55f79d4-0d8a-4460-a566-ff93af4f90e4",
"streamName": "Example Stream"
}
| Property | Pattern | Type | Deprecated | Definition | Title/Description |
|---|---|---|---|---|---|
| + streamId | No | string | No | - | Unique identifier of the observability stream that produced this log entry. |
| + streamName | No | string | No | - | Name of the observability stream that produced this log entry. |
1.1. Property LogEntry > stream > streamId
| Type | string |
| Required | Yes |
| Format | uuid |
Description: Unique identifier of the observability stream that produced this log entry.
1.2. Property LogEntry > stream > streamName
| Type | string |
| Required | Yes |
Description: Name of the observability stream that produced this log entry.
Example:
"Example Stream"
2. Property LogEntry > source
Title: Source
| Type | object |
| Required | Yes |
| Additional properties | [Any type: allowed] |
Description: Provides metadata about the source from which this log entry originated.
Example:
{
"category": "audit",
"type": "api_request",
"service": "metal",
"organizationId": "0e714017-6d9c-4dc5-828d-b8a156502496"
}
| Property | Pattern | Type | Deprecated | Definition | Title/Description |
|---|---|---|---|---|---|
| + category | No | enum (of string) | No | - | Groups logs into high-level application categories. |
| + type | No | enum (of string) | No | - | Differentiates types of log events withing a particular category. |
| + service | No | enum (of string) | No | - | Indicates the service that produced this log entry. |
| + organizationId | No | string | No | - | Indicates the customer Organization ID with which this log entry is associated. |
| - projectId | No | string | No | - | Indicates the customer Project ID with which this log entry is associated. |
2.1. Property LogEntry > source > category
| Type | enum (of string) |
| Required | Yes |
Description: Groups logs into high-level application categories.
Must be one of:
- "audit"
- "validation"
2.2. Property LogEntry > source > type
| Type | enum (of string) |
| Required | Yes |
Description: Differentiates types of log events withing a particular category.
Must be one of:
- "api_request"
- "validation_request"
2.3. Property LogEntry > source > service
| Type | enum (of string) |
| Required | Yes |
Description: Indicates the service that produced this log entry.
Must be one of:
- "metal"
2.4. Property LogEntry > source > organizationId
| Type | string |
| Required | Yes |
| Format | uuid |
Description: Indicates the customer Organization ID with which this log entry is associated.
2.5. Property LogEntry > source > projectId
| Type | string |
| Required | No |
| Format | uuid |
Description: Indicates the customer Project ID with which this log entry is associated.
3. Property LogEntry > schema
| Type | enum (of string) |
| Required | Yes |
Description: Indicates the schema version of this log entry.
Must be one of:
- "v1"
4. Property LogEntry > timestamp
| Type | string |
| Required | Yes |
| Format | date-time |
Description: The timestamp at which this log entry was produced, in ISO8601 format.
Example:
"2024-04-16T14:58:21.442334Z"
5. Property LogEntry > level
| Type | string |
| Required | Yes |
Description: A human-readable indication of the severity level of this log entry.
Example:
"INFO"
6. Property LogEntry > eventId
| Type | string |
| Required | Yes |
| Format | uuid |
Description: Unique identifier for this log event.
7. Property LogEntry > event
Title: Event
| Type | object |
| Required | Yes |
| Additional properties | [Any type: allowed] |
Description: The application-specific log event payload. In the future the specific format will vary based on the source category and type, but for now we use a single log event schema.
Example:
{
"eventName": "project_updated",
"status": "unauthorized",
"auth": {
"authType": "user",
"user": {
"userId": "1bec4119-a889-4809-89e9-c4572dc002ec",
"userName": "jdoe@equinix.com"
},
"role": {
"roleName": "collaborator"
}
},
"httpRequest": {
"host": "api.equinix.com",
"method": "PUT",
"path": "/metal/v1/projects/99f8e7f1-fe4a-441a-ade9-687743f080f6",
"scheme": "http",
"statusCode": 200,
"userAgent": "metal-cli/metal equinix-sdk-go/0.30.0",
"sourceIpAddress": "111.111.111.11"
},
"resource": {},
"response": {}
}
| Property | Pattern | Type | Deprecated | Definition | Title/Description |
|---|---|---|---|---|---|
| + eventName | No | string | No | - | An application-provided name for the event. Event names should be fixed by the application (i.e. should not vary based on request parameters) to enable filtering/querying by the customer, and should carry meaning to the customer. In the case of API request logs, this would correspond to an operation name. |
| + status | No | string | No | - | An indication of the status associated with the event, e.g. request success/failure. |
| + auth | No | object | No | - | AuthInfo |
| + httpRequest | No | object | No | - | HttpRequest |
| - resource | No | object | No | - | The resource associated with the request (for future use) |
| - request | No | object | No | - | Detailed request parameters (for future use) |
| - response | No | object | No | - | Detailed response body (for future use) |
7.1. Property LogEntry > event > eventName
| Type | string |
| Required | Yes |
Description: An application-provided name for the event. Event names should be fixed by the application (i.e. should not vary based on request parameters) to enable filtering/querying by the customer, and should carry meaning to the customer. In the case of API request logs, this would correspond to an operation name.
Examples:
"project_updated"
"instance_provision_requested"
7.2. Property LogEntry > event > status
| Type | string |
| Required | Yes |
Description: An indication of the status associated with the event, e.g. request success/failure.
Examples:
"success"
"failed"
"unauthorized"
7.3. Property LogEntry > event > auth
Title: AuthInfo
| Type | object |
| Required | Yes |
| Additional properties | [Any type: allowed] |
Description: Provides authentication and authorization information about the principal associated with the log event. In most cases, this will be the one who made the request.
Example:
{
"authType": "user",
"user": {
"userId": "1bec4119-a889-4809-89e9-c4572dc002ec",
"userName": "jdoe@equinix.com"
},
"role": {
"roleName": "collaborator"
}
}
| Property | Pattern | Type | Deprecated | Definition | Title/Description |
|---|---|---|---|---|---|
| + authType | No | enum (of string) | No | - | Indicates the type of entity for the principal associated with the request. |
| + user | No | object | No | - | User |
| + role | No | object | No | - | Role |
7.3.1. Property LogEntry > event > auth > authType
| Type | enum (of string) |
| Required | Yes |
Description: Indicates the type of entity for the principal associated with the request.
Must be one of:
- "user"
7.3.2. Property LogEntry > event > auth > user
Title: User
| Type | object |
| Required | Yes |
| Additional properties | [Any type: allowed] |
Description: Provides identifying information about the user associated with the log event.
Example:
{
"userId": "1bec4119-a889-4809-89e9-c4572dc002ec",
"userName": "jdoe@equinix.com"
}
| Property | Pattern | Type | Deprecated | Definition | Title/Description |
|---|---|---|---|---|---|
| + userId | No | string | No | - | Unique user identifier; this is an opaque system-assigned ID that is not expected to be recognizable to people. |
| + userName | No | string | No | - | Provides a more human-friendly display name for the user. |
7.3.2.1. Property LogEntry > event > auth > user > userId
| Type | string |
| Required | Yes |
Description: Unique user identifier; this is an opaque system-assigned ID that is not expected to be recognizable to people.
Example:
"1bec4119-a889-4809-89e9-c4572dc002ec"
7.3.2.2. Property LogEntry > event > auth > user > userName
| Type | string |
| Required | Yes |
Description: Provides a more human-friendly display name for the user.
Example:
"jdoe@equinix.com"
7.3.3. Property LogEntry > event > auth > role
Title: Role
| Type | object |
| Required | Yes |
| Additional properties | [Any type: allowed] |
Description: Provides information about the role associated with the log event, which determines what permissions are allowed. If the principal has access to multiple roles, this indicates the one they assumed when making the request.
Example:
{
"roleName": "collaborator"
}
| Property | Pattern | Type | Deprecated | Definition | Title/Description |
|---|---|---|---|---|---|
| + roleName | No | string | No | - | The human-friendly display name for the role. |
7.3.3.1. Property LogEntry > event > auth > role > roleName
| Type | string |
| Required | Yes |
Description: The human-friendly display name for the role.
Example:
"collaborator"
7.4. Property LogEntry > event > httpRequest
Title: HttpRequest
| Type | object |
| Required | Yes |
| Additional properties | [Any type: allowed] |
Description: Provides details about the HTTP request associated with the log event, if there is one (for now, there will always be one).
Example:
{
"host": "api.equinix.com",
"method": "PUT",
"path": "/metal/v1/projects/99f8e7f1-fe4a-441a-ade9-687743f080f6",
"scheme": "http",
"statusCode": 200,
"userAgent": "metal-cli/metal equinix-sdk-go/0.30.0",
"sourceIpAddress": "111.111.111.11"
}
| Property | Pattern | Type | Deprecated | Definition | Title/Description |
|---|---|---|---|---|---|
| + host | No | string | No | - | The hostname to which the original HTTP request was made. |
| + method | No | string | No | - | The HTTP request method. |
| + path | No | string | No | - | The path portion of the original HTTP request URL. |
| + scheme | No | enum (of string) | No | - | The HTTP request scheme |
| + statusCode | No | integer | No | - | The HTTP status code that resulted from the processing of the request. |
| + userAgent | No | string | No | - | The user-agent that issued the request, as reported by the HTTP client. |
| + sourceIpAddress | No | string | No | - | The IP address from which the HTTP request was sent. |
7.4.1. Property LogEntry > event > httpRequest > host
| Type | string |
| Required | Yes |
Description: The hostname to which the original HTTP request was made.
Example:
"api.equinix.com"
7.4.2. Property LogEntry > event > httpRequest > method
| Type | string |
| Required | Yes |
Description: The HTTP request method.
Example:
"PUT"
7.4.3. Property LogEntry > event > httpRequest > path
| Type | string |
| Required | Yes |
Description: The path portion of the original HTTP request URL.
Example:
"/metal/v1/projects/99f8e7f1-fe4a-441a-ade9-687743f080f6"
7.4.4. Property LogEntry > event > httpRequest > scheme
| Type | enum (of string) |
| Required | Yes |
Description: The HTTP request scheme
Must be one of:
- "http"
- "https"
7.4.5. Property LogEntry > event > httpRequest > statusCode
| Type | integer |
| Required | Yes |
Description: The HTTP status code that resulted from the processing of the request.
Example:
200
7.4.6. Property LogEntry > event > httpRequest > userAgent
| Type | string |
| Required | Yes |
Description: The user-agent that issued the request, as reported by the HTTP client.
Example:
"metal-cli/metal equinix-sdk-go/0.30.0"
7.4.7. Property LogEntry > event > httpRequest > sourceIpAddress
| Type | string |
| Required | Yes |
Description: The IP address from which the HTTP request was sent.
Example:
"111.111.111.11"
7.5. Property LogEntry > event > resource
| Type | object |
| Required | No |
| Additional properties | [Any type: allowed] |
Description: The resource associated with the request (for future use)
Example:
{}
7.6. Property LogEntry > event > request
| Type | object |
| Required | No |
| Additional properties | [Any type: allowed] |
Description: Detailed request parameters (for future use)
Example:
{}
7.7. Property LogEntry > event > response
| Type | object |
| Required | No |
| Additional properties | [Any type: allowed] |
Description: Detailed response body (for future use)
Example:
{}
Generated using json-schema-for-humans on 2024-07-19 at 16:25:20 -0500