PNG  IHDR;IDATxܻn0K )(pA 7LeG{ §㻢|ذaÆ 6lذaÆ 6lذaÆ 6lom$^yذag5bÆ 6lذaÆ 6lذa{ 6lذaÆ `}HFkm,mӪôô! x|'ܢ˟;E:9&ᶒ}{v]n&6 h_tڠ͵-ҫZ;Z$.Pkž)!o>}leQfJTu іچ\X=8Rن4`Vwl>nG^is"ms$ui?wbs[m6K4O.4%/bC%t Mז -lG6mrz2s%9s@-k9=)kB5\+͂Zsٲ Rn~GRC wIcIn7jJhۛNCS|j08yiHKֶۛkɈ+;SzL/F*\Ԕ#"5m2[S=gnaPeғL lذaÆ 6l^ḵaÆ 6lذaÆ 6lذa; _ذaÆ 6lذaÆ 6lذaÆ RIENDB` im_msvistalog raw_event string FALSE A string containing the EventTime, Hostname, Severity, EventID, and Message from the event. Message string FALSE FALSE The message from the event. EventTime datetime TRUE The EvtSystemTimeCreated field. Hostname string TRUE TRUE The EvtSystemComputer field. SourceName string TRUE The event source which produced the event, from the EvtSystemProviderName field. EventID integer TRUE The event ID (specific to the event source) from the EvtSystemEventID field. Task integer FALSE The task number from the EvtSystemTask field. Category string TRUE The category name resolved from Task. Keywords integer FALSE The value of the Keywords field from EvtSystemKeywords. Channel string TRUE TRUE The Channel of the event source (for example, `Security` or `Application`). AccountName string TRUE TRUE The username associated with the event. AccountType string TRUE TRUE The type of the account. Possible values are: `User`, `Group`, `Domain`, `Alias`, `Well Known Group`, `Deleted Account`, `Invalid`, `Unknown`, and `Computer`. Domain string TRUE TRUE The domain name of the user. UserID string FALSE TRUE The Security Identifier (SID) which resolves to <<im_msvistalog_field_AccountName,$AccounteName>>, stored in EvtSystemUserID. SeverityValue integer TRUE The normalized severity number of the event, mapped as follows. [cols="2", options="header,autowidth"] |=== |Event Log Severity |Normalized Severity |0/Audit Success |2/INFO |0/Audit Failure |4/ERROR |1/Critical |5/CRITICAL |2/Error |4/ERROR |3/Warning |3/WARNING |4/Information |2/INFO |5/Verbose |1/DEBUG |=== Severity string TRUE The normalized severity name of the event. See <<im_msvistalog_field_SeverityValue,$SeverityValue>>. EventType string TRUE TRUE The type of the event, which is a string describing the severity. This is translated to its string representation from EvtSystemLevel. Possible values are: `CRITICAL`, `ERROR`, `AUDIT_FAILURE`, `AUDIT_SUCCESS`, `INFO`, `WARNING`, and `VERBOSE`. ProviderGuid string FALSE TRUE The globally unique identifier of the event's provider as stored in EvtSystemProviderGuid. This corresponds to the name of the provider in the <<im_msvistalog_field_SourceName,$SourceName>> field. Version integer FALSE The Version number of the event as in EvtSystemVersion. OpcodeValue integer FALSE The Opcode number of the event as in EvtSystemOpcode. Opcode string TRUE The Opcode string resolved from OpcodeValue. ActivityID string FALSE TRUE A globally unique identifier for the current activity, as stored in EvtSystemActivityID. RelatedActivityID string FALSE TRUE The RelatedActivityID as stored in EvtSystemRelatedActivityID. ProcessID integer FALSE The process identifier of the event producer as in EvtSystemProcessID. ThreadID integer FALSE The thread identifier of the event producer as in EvtSystemThreadID. RecordNumber integer FALSE The number of the event record.