forked from Azure/Azure-Sentinel
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCribl_Audit_logs.json
24 lines (24 loc) · 1.03 KB
/
Cribl_Audit_logs.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
[{
"dataset": "cribl_logs",
"_raw": "{\"time\":\"2024-07-23T18:34:37.878Z\",\"action\":\"deploy\",\"type\":\"groups\",\"user\":\"Kam Amir\",\"id\":\"AWS_EKS\",\"version\":\"a6f9798-716c91faa107f3afe9f2b958c4f112f3d49c6559\",\"requestId\":\"a80041ec-2798-4aa1-9098-0gd371970bf2\"}",
"source": "s3://internal-main-gifted-curran-71s14n0/cribl_logs/hjhg-2024/af-08/db-01/ag-17/ip-10-254-0-89.ec2.internal-KEJJt3.0.json.gz",
"_time": 1721759677.878,
"time": "2024-07-23T18:34:37.878Z",
"action": "deploy",
"type": "groups",
"user": "Kam Amir",
"id": "AWS_EKS",
"version": "a6f9798-716c91faa107f3afe9f2b958c4f112f3d49c6559",
"requestId": "a80041ec-2798-4aa1-9098-0gd371970bf2",
"cribl_breaker": "json_newline:newline",
"saas_domain": "cribl.cloud",
"tenantId": "unique-name-111111",
"deployment": "main",
"workspace": "main",
"fleet": "prod-leaders",
"instance": "ip-10-255-255-89.ec2.internal",
"service": "stream-leader",
"sourceType": "audit",
"datatype": "cribl_json_raw",
"data_source": "/opt/cribl/log/audit.log"
}]