Event Source Object

The event source object describes the collection context of the event. Events that originate from a monitored logging facility contain an event source object.
Name Attribute Requirement Type Description
Facility facility Recommended String The subsystem or application that is providing the event data.
Facility Detail facility_detail Recommended String Additional detail about the source facility. For example, details could include a the name of a particular application instance (such as a database name) or a path to a monitored log file.
Facility ID facility_uid Optional String The unique identifier of the facility.
Type type_id Recommended Integer The type of the source from which the event was derived.
1SystemThe information was collected from the operating system event log such as Syslog on Unix/Linux and the System event file on Windows.
2ApplicationThe information was collected from an application log
3SecurityThe event was logged from a security subsystem.
4Other
5ETWThe event was logged from the Event Tracing for Windows(ETW) facility.