| Facility |
facility |
Recommended |
String |
The subsystem or application that is providing the event data. |
| Facility Detail |
facility_detail |
Recommended |
String |
Additional detail about the source facility. For example, details could include a the name of a particular application instance (such as a database name) or a path to a monitored log file. |
| Facility ID |
facility_uid |
Optional |
String |
The unique identifier of the facility. |
| Type |
type_id |
Recommended |
Integer |
The type of the source from which the event was derived.
| 1 | System | The information was collected from the operating system event log such as Syslog on Unix/Linux and the System event file on Windows. | |
| 2 | Application | The information was collected from an application log | |
| 3 | Security | The event was logged from a security subsystem. | |
| 4 | Other | | |
| 5 | ETW | The event was logged from the Event Tracing for Windows(ETW) facility. | |
|