Types of Columns
There are two types of columns: system columns and parsed columns.
The system columns are available by default in all data models, and contain event metadata, such as the event body (sys_body), the event time (sys_eventTime) or the device that produced the event (sys_device).
Regular columns are data model specific. They are defined in the data model and their value is parsed from the body of the event.
The following list describes all system columns in the LogLogic LMI event.
| Name | Type | Description |
|---|---|---|
| sys_eventTime | Timestamp | The UTC time of the event in Epoch milliseconds.
The sys_eventTime is the time gathered from the event itself. |
| sys_body | String | The text of the event. |
| sys_deviceType | String | Name of the device type for this event |
| sys_sourceType | Integer | ID of the device type |
| sys_device | String | Name of the device for this event |
| sys_collectIP | InetAddress | The IP from where the event originated. This must support both IPv4 and IPv6. |
| sys_collectorDomain | String | name of the collector domain for this event |
| sys_collectorDomainId | long | ID of the collector domain for this event |
| sys_filename | String | The file name for event collected from a file. |
| sys_eventKey | String | A unique key that identifies the event in the LogLogic storage. |
| sys_collectTime | Long | The time when the event was ingested.
Currently unused. |
| sys_concentratorId | String | Identifier of the
LogLogic LMI appliance.
Currently unused. |
| sys_sourceSubType | String | Sub-classification of the source type.
Currently unused. |
Note: Some system columns are not returned by default in queries that retrieve all columns, such as a
SELECT *, as they are not generally needed in regular queries or they are currently unused. To obtain their values, their name must be explicitly specified in the
SELECT or
COLUMNS statement. Those columns are:
Copyright © Cloud Software Group, Inc. All rights reserved.