{ "modelName": "Microsoft_Exchange", "displayName": "Microsoft Exchange", "description": "This is a data model for Microsoft Exchange.", "objectSummary": { "Event-Based": 21, "Transaction-Based": 0, "Search-Based": 13 }, "objects": [ { "objectName": "Microsoft_Exchange_Health", "displayName": "Microsoft_Exchange_Health", "parentName": "BaseEvent", "fields": [ { "fieldName": "componentId", "owner": "Microsoft_Exchange_Health", "type": "string", "required": true, "multivalue": false, "hidden": false, "editable": true, "displayName": "ComponentId", "comment": "", "fieldSearch": "componentId=*" }, { "fieldName": "componentInstance", "owner": "Microsoft_Exchange_Health", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "ComponentInstance", "comment": "", "fieldSearch": "" }, { "fieldName": "componentValue", "owner": "Microsoft_Exchange_Health", "type": "number", "required": true, "multivalue": false, "hidden": false, "editable": true, "displayName": "ComponentValue", "comment": "", "fieldSearch": "componentValue=*" }, { "fieldName": "tag", "owner": "Microsoft_Exchange_Health", "type": "string", "required": true, "multivalue": false, "hidden": false, "editable": true, "displayName": "Tag", "comment": "", "fieldSearch": "tag=*" }, { "fieldName": "Host", "owner": "Microsoft_Exchange_Health", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "Host", "comment": "", "fieldSearch": "" }, { "fieldName": "_time", "owner": "BaseEvent", "type": "timestamp", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "_time", "comment": "", "fieldSearch": "" }, { "fieldName": "host", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "host", "comment": "", "fieldSearch": "" }, { "fieldName": "source", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "source", "comment": "", "fieldSearch": "" }, { "fieldName": "sourcetype", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sourcetype", "comment": "", "fieldSearch": "" } ], "calculations": [ { "outputFields": [ { "fieldName": "serviceTag", "owner": "Microsoft_Exchange_Health", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "ServiceTag", "comment": "", "fieldSearch": "" } ], "calculationID": "rzvd7ji4yqggmn29", "owner": "Microsoft_Exchange_Health", "editable": true, "comment": "", "calculationType": "Eval", "expression": "mvfilter(NOT match(tag, \"ms_ex_health_events\") AND match(tag, \"ms_ex_health_\"))" } ], "constraints": [ { "search": "`msperfmon-windows-index` tag = ms_ex_health ms_exchange_host=\"true\"", "owner": "Microsoft_Exchange_Health" } ], "lineage": "Microsoft_Exchange_Health" }, { "objectName": "Mailboxes", "displayName": "Mailboxes", "parentName": "Microsoft_Exchange_Health", "fields": [ { "fieldName": "componentId", "owner": "Microsoft_Exchange_Health", "type": "string", "required": true, "multivalue": false, "hidden": false, "editable": true, "displayName": "ComponentId", "comment": "", "fieldSearch": "componentId=*" }, { "fieldName": "componentInstance", "owner": "Microsoft_Exchange_Health", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "ComponentInstance", "comment": "", "fieldSearch": "" }, { "fieldName": "componentValue", "owner": "Microsoft_Exchange_Health", "type": "number", "required": true, "multivalue": false, "hidden": false, "editable": true, "displayName": "ComponentValue", "comment": "", "fieldSearch": "componentValue=*" }, { "fieldName": "tag", "owner": "Microsoft_Exchange_Health", "type": "string", "required": true, "multivalue": false, "hidden": false, "editable": true, "displayName": "Tag", "comment": "", "fieldSearch": "tag=*" }, { "fieldName": "Host", "owner": "Microsoft_Exchange_Health", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "Host", "comment": "", "fieldSearch": "" }, { "fieldName": "_time", "owner": "BaseEvent", "type": "timestamp", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "_time", "comment": "", "fieldSearch": "" }, { "fieldName": "host", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "host", "comment": "", "fieldSearch": "" }, { "fieldName": "source", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "source", "comment": "", "fieldSearch": "" }, { "fieldName": "sourcetype", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sourcetype", "comment": "", "fieldSearch": "" } ], "calculations": [], "constraints": [ { "search": "tag=ms_ex_health_mailboxes", "owner": "Microsoft_Exchange_Health.Mailboxes" } ], "lineage": "Microsoft_Exchange_Health.Mailboxes" }, { "objectName": "Outlook_RPC", "displayName": "Outlook RPC", "parentName": "Microsoft_Exchange_Health", "fields": [ { "fieldName": "componentId", "owner": "Microsoft_Exchange_Health", "type": "string", "required": true, "multivalue": false, "hidden": false, "editable": true, "displayName": "ComponentId", "comment": "", "fieldSearch": "componentId=*" }, { "fieldName": "componentInstance", "owner": "Microsoft_Exchange_Health", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "ComponentInstance", "comment": "", "fieldSearch": "" }, { "fieldName": "componentValue", "owner": "Microsoft_Exchange_Health", "type": "number", "required": true, "multivalue": false, "hidden": false, "editable": true, "displayName": "ComponentValue", "comment": "", "fieldSearch": "componentValue=*" }, { "fieldName": "tag", "owner": "Microsoft_Exchange_Health", "type": "string", "required": true, "multivalue": false, "hidden": false, "editable": true, "displayName": "Tag", "comment": "", "fieldSearch": "tag=*" }, { "fieldName": "Host", "owner": "Microsoft_Exchange_Health", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "Host", "comment": "", "fieldSearch": "" }, { "fieldName": "_time", "owner": "BaseEvent", "type": "timestamp", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "_time", "comment": "", "fieldSearch": "" }, { "fieldName": "host", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "host", "comment": "", "fieldSearch": "" }, { "fieldName": "source", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "source", "comment": "", "fieldSearch": "" }, { "fieldName": "sourcetype", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sourcetype", "comment": "", "fieldSearch": "" } ], "calculations": [], "constraints": [ { "search": "tag = ms_ex_health_outlook_rpc", "owner": "Microsoft_Exchange_Health.Outlook_RPC" } ], "lineage": "Microsoft_Exchange_Health.Outlook_RPC" }, { "objectName": "Outlook_Web_Access", "displayName": "Outlook Web Access", "parentName": "Microsoft_Exchange_Health", "fields": [ { "fieldName": "componentId", "owner": "Microsoft_Exchange_Health", "type": "string", "required": true, "multivalue": false, "hidden": false, "editable": true, "displayName": "ComponentId", "comment": "", "fieldSearch": "componentId=*" }, { "fieldName": "componentInstance", "owner": "Microsoft_Exchange_Health", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "ComponentInstance", "comment": "", "fieldSearch": "" }, { "fieldName": "componentValue", "owner": "Microsoft_Exchange_Health", "type": "number", "required": true, "multivalue": false, "hidden": false, "editable": true, "displayName": "ComponentValue", "comment": "", "fieldSearch": "componentValue=*" }, { "fieldName": "tag", "owner": "Microsoft_Exchange_Health", "type": "string", "required": true, "multivalue": false, "hidden": false, "editable": true, "displayName": "Tag", "comment": "", "fieldSearch": "tag=*" }, { "fieldName": "Host", "owner": "Microsoft_Exchange_Health", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "Host", "comment": "", "fieldSearch": "" }, { "fieldName": "_time", "owner": "BaseEvent", "type": "timestamp", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "_time", "comment": "", "fieldSearch": "" }, { "fieldName": "host", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "host", "comment": "", "fieldSearch": "" }, { "fieldName": "source", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "source", "comment": "", "fieldSearch": "" }, { "fieldName": "sourcetype", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sourcetype", "comment": "", "fieldSearch": "" } ], "calculations": [], "constraints": [ { "search": "tag = ms_ex_health_owa", "owner": "Microsoft_Exchange_Health.Outlook_Web_Access" } ], "lineage": "Microsoft_Exchange_Health.Outlook_Web_Access" }, { "objectName": "Active_Sync", "displayName": "Active Sync", "parentName": "Microsoft_Exchange_Health", "fields": [ { "fieldName": "componentId", "owner": "Microsoft_Exchange_Health", "type": "string", "required": true, "multivalue": false, "hidden": false, "editable": true, "displayName": "ComponentId", "comment": "", "fieldSearch": "componentId=*" }, { "fieldName": "componentInstance", "owner": "Microsoft_Exchange_Health", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "ComponentInstance", "comment": "", "fieldSearch": "" }, { "fieldName": "componentValue", "owner": "Microsoft_Exchange_Health", "type": "number", "required": true, "multivalue": false, "hidden": false, "editable": true, "displayName": "ComponentValue", "comment": "", "fieldSearch": "componentValue=*" }, { "fieldName": "tag", "owner": "Microsoft_Exchange_Health", "type": "string", "required": true, "multivalue": false, "hidden": false, "editable": true, "displayName": "Tag", "comment": "", "fieldSearch": "tag=*" }, { "fieldName": "Host", "owner": "Microsoft_Exchange_Health", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "Host", "comment": "", "fieldSearch": "" }, { "fieldName": "_time", "owner": "BaseEvent", "type": "timestamp", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "_time", "comment": "", "fieldSearch": "" }, { "fieldName": "host", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "host", "comment": "", "fieldSearch": "" }, { "fieldName": "source", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "source", "comment": "", "fieldSearch": "" }, { "fieldName": "sourcetype", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sourcetype", "comment": "", "fieldSearch": "" } ], "calculations": [], "constraints": [ { "search": "tag = ms_ex_health_active_sync", "owner": "Microsoft_Exchange_Health.Active_Sync" } ], "lineage": "Microsoft_Exchange_Health.Active_Sync" }, { "objectName": "Outlook_Anywhere", "displayName": "Outlook Anywhere", "parentName": "Microsoft_Exchange_Health", "fields": [ { "fieldName": "componentId", "owner": "Microsoft_Exchange_Health", "type": "string", "required": true, "multivalue": false, "hidden": false, "editable": true, "displayName": "ComponentId", "comment": "", "fieldSearch": "componentId=*" }, { "fieldName": "componentInstance", "owner": "Microsoft_Exchange_Health", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "ComponentInstance", "comment": "", "fieldSearch": "" }, { "fieldName": "componentValue", "owner": "Microsoft_Exchange_Health", "type": "number", "required": true, "multivalue": false, "hidden": false, "editable": true, "displayName": "ComponentValue", "comment": "", "fieldSearch": "componentValue=*" }, { "fieldName": "tag", "owner": "Microsoft_Exchange_Health", "type": "string", "required": true, "multivalue": false, "hidden": false, "editable": true, "displayName": "Tag", "comment": "", "fieldSearch": "tag=*" }, { "fieldName": "Host", "owner": "Microsoft_Exchange_Health", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "Host", "comment": "", "fieldSearch": "" }, { "fieldName": "_time", "owner": "BaseEvent", "type": "timestamp", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "_time", "comment": "", "fieldSearch": "" }, { "fieldName": "host", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "host", "comment": "", "fieldSearch": "" }, { "fieldName": "source", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "source", "comment": "", "fieldSearch": "" }, { "fieldName": "sourcetype", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sourcetype", "comment": "", "fieldSearch": "" } ], "calculations": [], "constraints": [ { "search": "tag = ms_ex_health_outlook_anywhere", "owner": "Microsoft_Exchange_Health.Outlook_Anywhere" } ], "lineage": "Microsoft_Exchange_Health.Outlook_Anywhere" }, { "objectName": "Legacy_Clients", "displayName": "Legacy Clients", "parentName": "Microsoft_Exchange_Health", "fields": [ { "fieldName": "componentId", "owner": "Microsoft_Exchange_Health", "type": "string", "required": true, "multivalue": false, "hidden": false, "editable": true, "displayName": "ComponentId", "comment": "", "fieldSearch": "componentId=*" }, { "fieldName": "componentInstance", "owner": "Microsoft_Exchange_Health", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "ComponentInstance", "comment": "", "fieldSearch": "" }, { "fieldName": "componentValue", "owner": "Microsoft_Exchange_Health", "type": "number", "required": true, "multivalue": false, "hidden": false, "editable": true, "displayName": "ComponentValue", "comment": "", "fieldSearch": "componentValue=*" }, { "fieldName": "tag", "owner": "Microsoft_Exchange_Health", "type": "string", "required": true, "multivalue": false, "hidden": false, "editable": true, "displayName": "Tag", "comment": "", "fieldSearch": "tag=*" }, { "fieldName": "Host", "owner": "Microsoft_Exchange_Health", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "Host", "comment": "", "fieldSearch": "" }, { "fieldName": "_time", "owner": "BaseEvent", "type": "timestamp", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "_time", "comment": "", "fieldSearch": "" }, { "fieldName": "host", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "host", "comment": "", "fieldSearch": "" }, { "fieldName": "source", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "source", "comment": "", "fieldSearch": "" }, { "fieldName": "sourcetype", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sourcetype", "comment": "", "fieldSearch": "" } ], "calculations": [], "constraints": [ { "search": "tag = ms_ex_health_legacy_clients", "owner": "Microsoft_Exchange_Health.Legacy_Clients" } ], "lineage": "Microsoft_Exchange_Health.Legacy_Clients" }, { "objectName": "Auto_Discover", "displayName": "Auto Discover", "parentName": "Microsoft_Exchange_Health", "fields": [ { "fieldName": "componentId", "owner": "Microsoft_Exchange_Health", "type": "string", "required": true, "multivalue": false, "hidden": false, "editable": true, "displayName": "ComponentId", "comment": "", "fieldSearch": "componentId=*" }, { "fieldName": "componentInstance", "owner": "Microsoft_Exchange_Health", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "ComponentInstance", "comment": "", "fieldSearch": "" }, { "fieldName": "componentValue", "owner": "Microsoft_Exchange_Health", "type": "number", "required": true, "multivalue": false, "hidden": false, "editable": true, "displayName": "ComponentValue", "comment": "", "fieldSearch": "componentValue=*" }, { "fieldName": "tag", "owner": "Microsoft_Exchange_Health", "type": "string", "required": true, "multivalue": false, "hidden": false, "editable": true, "displayName": "Tag", "comment": "", "fieldSearch": "tag=*" }, { "fieldName": "Host", "owner": "Microsoft_Exchange_Health", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "Host", "comment": "", "fieldSearch": "" }, { "fieldName": "_time", "owner": "BaseEvent", "type": "timestamp", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "_time", "comment": "", "fieldSearch": "" }, { "fieldName": "host", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "host", "comment": "", "fieldSearch": "" }, { "fieldName": "source", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "source", "comment": "", "fieldSearch": "" }, { "fieldName": "sourcetype", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sourcetype", "comment": "", "fieldSearch": "" } ], "calculations": [], "constraints": [ { "search": "tag = ms_ex_health_auto_discover", "owner": "Microsoft_Exchange_Health.Auto_Discover" } ], "lineage": "Microsoft_Exchange_Health.Auto_Discover" }, { "objectName": "Exchange_Management", "displayName": "Exchange Management", "parentName": "Microsoft_Exchange_Health", "fields": [ { "fieldName": "componentId", "owner": "Microsoft_Exchange_Health", "type": "string", "required": true, "multivalue": false, "hidden": false, "editable": true, "displayName": "ComponentId", "comment": "", "fieldSearch": "componentId=*" }, { "fieldName": "componentInstance", "owner": "Microsoft_Exchange_Health", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "ComponentInstance", "comment": "", "fieldSearch": "" }, { "fieldName": "componentValue", "owner": "Microsoft_Exchange_Health", "type": "number", "required": true, "multivalue": false, "hidden": false, "editable": true, "displayName": "ComponentValue", "comment": "", "fieldSearch": "componentValue=*" }, { "fieldName": "tag", "owner": "Microsoft_Exchange_Health", "type": "string", "required": true, "multivalue": false, "hidden": false, "editable": true, "displayName": "Tag", "comment": "", "fieldSearch": "tag=*" }, { "fieldName": "Host", "owner": "Microsoft_Exchange_Health", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "Host", "comment": "", "fieldSearch": "" }, { "fieldName": "_time", "owner": "BaseEvent", "type": "timestamp", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "_time", "comment": "", "fieldSearch": "" }, { "fieldName": "host", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "host", "comment": "", "fieldSearch": "" }, { "fieldName": "source", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "source", "comment": "", "fieldSearch": "" }, { "fieldName": "sourcetype", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sourcetype", "comment": "", "fieldSearch": "" } ], "calculations": [], "constraints": [ { "search": "tag = ms_ex_health_management", "owner": "Microsoft_Exchange_Health.Exchange_Management" } ], "lineage": "Microsoft_Exchange_Health.Exchange_Management" }, { "objectName": "Transport_Handling", "displayName": "Transport Handling", "parentName": "Microsoft_Exchange_Health", "fields": [ { "fieldName": "componentId", "owner": "Microsoft_Exchange_Health", "type": "string", "required": true, "multivalue": false, "hidden": false, "editable": true, "displayName": "ComponentId", "comment": "", "fieldSearch": "componentId=*" }, { "fieldName": "componentInstance", "owner": "Microsoft_Exchange_Health", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "ComponentInstance", "comment": "", "fieldSearch": "" }, { "fieldName": "componentValue", "owner": "Microsoft_Exchange_Health", "type": "number", "required": true, "multivalue": false, "hidden": false, "editable": true, "displayName": "ComponentValue", "comment": "", "fieldSearch": "componentValue=*" }, { "fieldName": "tag", "owner": "Microsoft_Exchange_Health", "type": "string", "required": true, "multivalue": false, "hidden": false, "editable": true, "displayName": "Tag", "comment": "", "fieldSearch": "tag=*" }, { "fieldName": "Host", "owner": "Microsoft_Exchange_Health", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "Host", "comment": "", "fieldSearch": "" }, { "fieldName": "_time", "owner": "BaseEvent", "type": "timestamp", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "_time", "comment": "", "fieldSearch": "" }, { "fieldName": "host", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "host", "comment": "", "fieldSearch": "" }, { "fieldName": "source", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "source", "comment": "", "fieldSearch": "" }, { "fieldName": "sourcetype", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sourcetype", "comment": "", "fieldSearch": "" } ], "calculations": [], "constraints": [ { "search": "tag = ms_ex_health_transport_handling", "owner": "Microsoft_Exchange_Health.Transport_Handling" } ], "lineage": "Microsoft_Exchange_Health.Transport_Handling" }, { "objectName": "Outbound_SMTP", "displayName": "Outbound SMTP", "parentName": "Microsoft_Exchange_Health", "fields": [ { "fieldName": "componentId", "owner": "Microsoft_Exchange_Health", "type": "string", "required": true, "multivalue": false, "hidden": false, "editable": true, "displayName": "ComponentId", "comment": "", "fieldSearch": "componentId=*" }, { "fieldName": "componentInstance", "owner": "Microsoft_Exchange_Health", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "ComponentInstance", "comment": "", "fieldSearch": "" }, { "fieldName": "componentValue", "owner": "Microsoft_Exchange_Health", "type": "number", "required": true, "multivalue": false, "hidden": false, "editable": true, "displayName": "ComponentValue", "comment": "", "fieldSearch": "componentValue=*" }, { "fieldName": "tag", "owner": "Microsoft_Exchange_Health", "type": "string", "required": true, "multivalue": false, "hidden": false, "editable": true, "displayName": "Tag", "comment": "", "fieldSearch": "tag=*" }, { "fieldName": "Host", "owner": "Microsoft_Exchange_Health", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "Host", "comment": "", "fieldSearch": "" }, { "fieldName": "_time", "owner": "BaseEvent", "type": "timestamp", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "_time", "comment": "", "fieldSearch": "" }, { "fieldName": "host", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "host", "comment": "", "fieldSearch": "" }, { "fieldName": "source", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "source", "comment": "", "fieldSearch": "" }, { "fieldName": "sourcetype", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sourcetype", "comment": "", "fieldSearch": "" } ], "calculations": [], "constraints": [ { "search": "tag = ms_ex_health_outbound_smtp", "owner": "Microsoft_Exchange_Health.Outbound_SMTP" } ], "lineage": "Microsoft_Exchange_Health.Outbound_SMTP" }, { "objectName": "Inbound_SMTP", "displayName": "Inbound SMTP", "parentName": "Microsoft_Exchange_Health", "fields": [ { "fieldName": "componentId", "owner": "Microsoft_Exchange_Health", "type": "string", "required": true, "multivalue": false, "hidden": false, "editable": true, "displayName": "ComponentId", "comment": "", "fieldSearch": "componentId=*" }, { "fieldName": "componentInstance", "owner": "Microsoft_Exchange_Health", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "ComponentInstance", "comment": "", "fieldSearch": "" }, { "fieldName": "componentValue", "owner": "Microsoft_Exchange_Health", "type": "number", "required": true, "multivalue": false, "hidden": false, "editable": true, "displayName": "ComponentValue", "comment": "", "fieldSearch": "componentValue=*" }, { "fieldName": "tag", "owner": "Microsoft_Exchange_Health", "type": "string", "required": true, "multivalue": false, "hidden": false, "editable": true, "displayName": "Tag", "comment": "", "fieldSearch": "tag=*" }, { "fieldName": "Host", "owner": "Microsoft_Exchange_Health", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "Host", "comment": "", "fieldSearch": "" }, { "fieldName": "_time", "owner": "BaseEvent", "type": "timestamp", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "_time", "comment": "", "fieldSearch": "" }, { "fieldName": "host", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "host", "comment": "", "fieldSearch": "" }, { "fieldName": "source", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "source", "comment": "", "fieldSearch": "" }, { "fieldName": "sourcetype", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sourcetype", "comment": "", "fieldSearch": "" } ], "calculations": [], "constraints": [ { "search": "tag = ms_ex_health_inbound_smtp", "owner": "Microsoft_Exchange_Health.Inbound_SMTP" } ], "lineage": "Microsoft_Exchange_Health.Inbound_SMTP" }, { "objectName": "Exchange_Messaging", "displayName": "Exchange Messaging", "parentName": "BaseEvent", "fields": [ { "fieldName": "RecordNumber", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "RecordNumber", "comment": "", "fieldSearch": "" }, { "fieldName": "SourceName", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "SourceName", "comment": "", "fieldSearch": "" }, { "fieldName": "app", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "app", "comment": "", "fieldSearch": "" }, { "fieldName": "client_hostname", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "client_hostname", "comment": "", "fieldSearch": "" }, { "fieldName": "connector_id", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "connector_id", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_ip", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "date_time", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "date_time", "comment": "", "fieldSearch": "" }, { "fieldName": "event_id", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "event_id", "comment": "", "fieldSearch": "" }, { "fieldName": "eventtype", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "eventtype", "comment": "", "fieldSearch": "" }, { "fieldName": "index", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "index", "comment": "", "fieldSearch": "" }, { "fieldName": "internal_message_id", "owner": "Exchange_Messaging", "type": "number", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "internal_message_id", "comment": "", "fieldSearch": "" }, { "fieldName": "message_id", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "message_id", "comment": "", "fieldSearch": "" }, { "fieldName": "message_info", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "message_info", "comment": "", "fieldSearch": "" }, { "fieldName": "message_subject", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "message_subject", "comment": "", "fieldSearch": "" }, { "fieldName": "product", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "product", "comment": "", "fieldSearch": "" }, { "fieldName": "recipient", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipient", "comment": "", "fieldSearch": "" }, { "fieldName": "recipient_count", "owner": "Exchange_Messaging", "type": "number", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipient_count", "comment": "", "fieldSearch": "" }, { "fieldName": "recipient_domain", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipient_domain", "comment": "", "fieldSearch": "" }, { "fieldName": "recipient_status", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipient_status", "comment": "", "fieldSearch": "" }, { "fieldName": "recipient_username", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipient_username", "comment": "", "fieldSearch": "" }, { "fieldName": "recipients", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipients", "comment": "", "fieldSearch": "" }, { "fieldName": "reference", "owner": "Exchange_Messaging", "type": "number", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "reference", "comment": "", "fieldSearch": "" }, { "fieldName": "related_recipient_address", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "related_recipient_address", "comment": "", "fieldSearch": "" }, { "fieldName": "return_path", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "return_path", "comment": "", "fieldSearch": "" }, { "fieldName": "sender", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sender", "comment": "", "fieldSearch": "" }, { "fieldName": "sender_domain", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sender_domain", "comment": "", "fieldSearch": "" }, { "fieldName": "sender_username", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sender_username", "comment": "", "fieldSearch": "" }, { "fieldName": "server_hostname", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "server_hostname", "comment": "", "fieldSearch": "" }, { "fieldName": "source_context", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "source_context", "comment": "", "fieldSearch": "" }, { "fieldName": "source_id", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "source_id", "comment": "", "fieldSearch": "" }, { "fieldName": "splunk_server", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "splunk_server", "comment": "", "fieldSearch": "" }, { "fieldName": "ss_ip", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "ss_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "tag", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "tag", "comment": "", "fieldSearch": "" }, { "fieldName": "tag::eventtype", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "tag::eventtype", "comment": "", "fieldSearch": "" }, { "fieldName": "total_bytes", "owner": "Exchange_Messaging", "type": "number", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "total_bytes", "comment": "", "fieldSearch": "" }, { "fieldName": "vendor", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "vendor", "comment": "", "fieldSearch": "" }, { "fieldName": "_time", "owner": "BaseEvent", "type": "timestamp", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "_time", "comment": "", "fieldSearch": "" }, { "fieldName": "host", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "host", "comment": "", "fieldSearch": "" }, { "fieldName": "source", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "source", "comment": "", "fieldSearch": "" }, { "fieldName": "sourcetype", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sourcetype", "comment": "", "fieldSearch": "" } ], "calculations": [ { "outputFields": [ { "fieldName": "is_internal_message", "owner": "Exchange_Messaging", "type": "boolean", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "Is Internal Message", "comment": "", "fieldSearch": "" } ], "calculationID": "u3z1xjlvp071fw29", "owner": "Exchange_Messaging", "editable": true, "comment": "", "calculationType": "Eval", "expression": "if (sender_domain == recipient_domain, 1, 0)" }, { "outputFields": [ { "fieldName": "mvrecipients", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "Recipients (MV)", "comment": "", "fieldSearch": "" } ], "calculationID": "3u154s7nj0chxgvi", "owner": "Exchange_Messaging", "editable": true, "comment": "", "calculationType": "Eval", "expression": "split(recipients, \";\")" }, { "outputFields": [ { "fieldName": "recipients_count", "owner": "Exchange_Messaging", "type": "number", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "Count of Recipients", "comment": "", "fieldSearch": "" } ], "calculationID": "grre2dkerx8q6w29", "owner": "Exchange_Messaging", "editable": true, "comment": "", "calculationType": "Eval", "expression": "mvcount(mvrecipients)" } ], "constraints": [ { "search": "eventtype=msexchange-msgtrack (event_id=DELIVER OR event_id=SEND)", "owner": "Exchange_Messaging" } ], "lineage": "Exchange_Messaging" }, { "objectName": "Received_Messages", "displayName": "Received Messages", "parentName": "Exchange_Messaging", "fields": [ { "fieldName": "RecordNumber", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "RecordNumber", "comment": "", "fieldSearch": "" }, { "fieldName": "SourceName", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "SourceName", "comment": "", "fieldSearch": "" }, { "fieldName": "app", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "app", "comment": "", "fieldSearch": "" }, { "fieldName": "client_hostname", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "client_hostname", "comment": "", "fieldSearch": "" }, { "fieldName": "connector_id", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "connector_id", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_ip", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "date_time", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "date_time", "comment": "", "fieldSearch": "" }, { "fieldName": "event_id", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "event_id", "comment": "", "fieldSearch": "" }, { "fieldName": "eventtype", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "eventtype", "comment": "", "fieldSearch": "" }, { "fieldName": "index", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "index", "comment": "", "fieldSearch": "" }, { "fieldName": "internal_message_id", "owner": "Exchange_Messaging", "type": "number", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "internal_message_id", "comment": "", "fieldSearch": "" }, { "fieldName": "message_id", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "message_id", "comment": "", "fieldSearch": "" }, { "fieldName": "message_info", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "message_info", "comment": "", "fieldSearch": "" }, { "fieldName": "message_subject", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "message_subject", "comment": "", "fieldSearch": "" }, { "fieldName": "product", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "product", "comment": "", "fieldSearch": "" }, { "fieldName": "recipient", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipient", "comment": "", "fieldSearch": "" }, { "fieldName": "recipient_count", "owner": "Exchange_Messaging", "type": "number", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipient_count", "comment": "", "fieldSearch": "" }, { "fieldName": "recipient_domain", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipient_domain", "comment": "", "fieldSearch": "" }, { "fieldName": "recipient_status", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipient_status", "comment": "", "fieldSearch": "" }, { "fieldName": "recipient_username", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipient_username", "comment": "", "fieldSearch": "" }, { "fieldName": "recipients", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipients", "comment": "", "fieldSearch": "" }, { "fieldName": "reference", "owner": "Exchange_Messaging", "type": "number", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "reference", "comment": "", "fieldSearch": "" }, { "fieldName": "related_recipient_address", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "related_recipient_address", "comment": "", "fieldSearch": "" }, { "fieldName": "return_path", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "return_path", "comment": "", "fieldSearch": "" }, { "fieldName": "sender", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sender", "comment": "", "fieldSearch": "" }, { "fieldName": "sender_domain", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sender_domain", "comment": "", "fieldSearch": "" }, { "fieldName": "sender_username", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sender_username", "comment": "", "fieldSearch": "" }, { "fieldName": "server_hostname", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "server_hostname", "comment": "", "fieldSearch": "" }, { "fieldName": "source_context", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "source_context", "comment": "", "fieldSearch": "" }, { "fieldName": "source_id", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "source_id", "comment": "", "fieldSearch": "" }, { "fieldName": "splunk_server", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "splunk_server", "comment": "", "fieldSearch": "" }, { "fieldName": "ss_ip", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "ss_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "tag", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "tag", "comment": "", "fieldSearch": "" }, { "fieldName": "tag::eventtype", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "tag::eventtype", "comment": "", "fieldSearch": "" }, { "fieldName": "total_bytes", "owner": "Exchange_Messaging", "type": "number", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "total_bytes", "comment": "", "fieldSearch": "" }, { "fieldName": "vendor", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "vendor", "comment": "", "fieldSearch": "" }, { "fieldName": "_time", "owner": "BaseEvent", "type": "timestamp", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "_time", "comment": "", "fieldSearch": "" }, { "fieldName": "host", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "host", "comment": "", "fieldSearch": "" }, { "fieldName": "source", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "source", "comment": "", "fieldSearch": "" }, { "fieldName": "sourcetype", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sourcetype", "comment": "", "fieldSearch": "" } ], "calculations": [], "constraints": [ { "search": "event_id=DELIVER", "owner": "Exchange_Messaging.Received_Messages" } ], "lineage": "Exchange_Messaging.Received_Messages" }, { "objectName": "Sent_Messages", "displayName": "Sent Messages", "parentName": "Exchange_Messaging", "fields": [ { "fieldName": "RecordNumber", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "RecordNumber", "comment": "", "fieldSearch": "" }, { "fieldName": "SourceName", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "SourceName", "comment": "", "fieldSearch": "" }, { "fieldName": "app", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "app", "comment": "", "fieldSearch": "" }, { "fieldName": "client_hostname", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "client_hostname", "comment": "", "fieldSearch": "" }, { "fieldName": "connector_id", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "connector_id", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_ip", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "date_time", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "date_time", "comment": "", "fieldSearch": "" }, { "fieldName": "event_id", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "event_id", "comment": "", "fieldSearch": "" }, { "fieldName": "eventtype", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "eventtype", "comment": "", "fieldSearch": "" }, { "fieldName": "index", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "index", "comment": "", "fieldSearch": "" }, { "fieldName": "internal_message_id", "owner": "Exchange_Messaging", "type": "number", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "internal_message_id", "comment": "", "fieldSearch": "" }, { "fieldName": "message_id", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "message_id", "comment": "", "fieldSearch": "" }, { "fieldName": "message_info", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "message_info", "comment": "", "fieldSearch": "" }, { "fieldName": "message_subject", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "message_subject", "comment": "", "fieldSearch": "" }, { "fieldName": "product", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "product", "comment": "", "fieldSearch": "" }, { "fieldName": "recipient", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipient", "comment": "", "fieldSearch": "" }, { "fieldName": "recipient_count", "owner": "Exchange_Messaging", "type": "number", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipient_count", "comment": "", "fieldSearch": "" }, { "fieldName": "recipient_domain", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipient_domain", "comment": "", "fieldSearch": "" }, { "fieldName": "recipient_status", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipient_status", "comment": "", "fieldSearch": "" }, { "fieldName": "recipient_username", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipient_username", "comment": "", "fieldSearch": "" }, { "fieldName": "recipients", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipients", "comment": "", "fieldSearch": "" }, { "fieldName": "reference", "owner": "Exchange_Messaging", "type": "number", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "reference", "comment": "", "fieldSearch": "" }, { "fieldName": "related_recipient_address", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "related_recipient_address", "comment": "", "fieldSearch": "" }, { "fieldName": "return_path", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "return_path", "comment": "", "fieldSearch": "" }, { "fieldName": "sender", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sender", "comment": "", "fieldSearch": "" }, { "fieldName": "sender_domain", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sender_domain", "comment": "", "fieldSearch": "" }, { "fieldName": "sender_username", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sender_username", "comment": "", "fieldSearch": "" }, { "fieldName": "server_hostname", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "server_hostname", "comment": "", "fieldSearch": "" }, { "fieldName": "source_context", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "source_context", "comment": "", "fieldSearch": "" }, { "fieldName": "source_id", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "source_id", "comment": "", "fieldSearch": "" }, { "fieldName": "splunk_server", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "splunk_server", "comment": "", "fieldSearch": "" }, { "fieldName": "ss_ip", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "ss_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "tag", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "tag", "comment": "", "fieldSearch": "" }, { "fieldName": "tag::eventtype", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "tag::eventtype", "comment": "", "fieldSearch": "" }, { "fieldName": "total_bytes", "owner": "Exchange_Messaging", "type": "number", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "total_bytes", "comment": "", "fieldSearch": "" }, { "fieldName": "vendor", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "vendor", "comment": "", "fieldSearch": "" }, { "fieldName": "_time", "owner": "BaseEvent", "type": "timestamp", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "_time", "comment": "", "fieldSearch": "" }, { "fieldName": "host", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "host", "comment": "", "fieldSearch": "" }, { "fieldName": "source", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "source", "comment": "", "fieldSearch": "" }, { "fieldName": "sourcetype", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sourcetype", "comment": "", "fieldSearch": "" } ], "calculations": [], "constraints": [ { "search": "event_id=SEND", "owner": "Exchange_Messaging.Sent_Messages" } ], "lineage": "Exchange_Messaging.Sent_Messages" }, { "objectName": "Internal_Messages", "displayName": "Internal Messages", "parentName": "Exchange_Messaging", "fields": [ { "fieldName": "RecordNumber", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "RecordNumber", "comment": "", "fieldSearch": "" }, { "fieldName": "SourceName", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "SourceName", "comment": "", "fieldSearch": "" }, { "fieldName": "app", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "app", "comment": "", "fieldSearch": "" }, { "fieldName": "client_hostname", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "client_hostname", "comment": "", "fieldSearch": "" }, { "fieldName": "connector_id", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "connector_id", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_ip", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "date_time", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "date_time", "comment": "", "fieldSearch": "" }, { "fieldName": "event_id", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "event_id", "comment": "", "fieldSearch": "" }, { "fieldName": "eventtype", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "eventtype", "comment": "", "fieldSearch": "" }, { "fieldName": "index", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "index", "comment": "", "fieldSearch": "" }, { "fieldName": "internal_message_id", "owner": "Exchange_Messaging", "type": "number", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "internal_message_id", "comment": "", "fieldSearch": "" }, { "fieldName": "message_id", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "message_id", "comment": "", "fieldSearch": "" }, { "fieldName": "message_info", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "message_info", "comment": "", "fieldSearch": "" }, { "fieldName": "message_subject", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "message_subject", "comment": "", "fieldSearch": "" }, { "fieldName": "product", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "product", "comment": "", "fieldSearch": "" }, { "fieldName": "recipient", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipient", "comment": "", "fieldSearch": "" }, { "fieldName": "recipient_count", "owner": "Exchange_Messaging", "type": "number", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipient_count", "comment": "", "fieldSearch": "" }, { "fieldName": "recipient_domain", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipient_domain", "comment": "", "fieldSearch": "" }, { "fieldName": "recipient_status", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipient_status", "comment": "", "fieldSearch": "" }, { "fieldName": "recipient_username", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipient_username", "comment": "", "fieldSearch": "" }, { "fieldName": "recipients", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipients", "comment": "", "fieldSearch": "" }, { "fieldName": "reference", "owner": "Exchange_Messaging", "type": "number", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "reference", "comment": "", "fieldSearch": "" }, { "fieldName": "related_recipient_address", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "related_recipient_address", "comment": "", "fieldSearch": "" }, { "fieldName": "return_path", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "return_path", "comment": "", "fieldSearch": "" }, { "fieldName": "sender", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sender", "comment": "", "fieldSearch": "" }, { "fieldName": "sender_domain", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sender_domain", "comment": "", "fieldSearch": "" }, { "fieldName": "sender_username", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sender_username", "comment": "", "fieldSearch": "" }, { "fieldName": "server_hostname", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "server_hostname", "comment": "", "fieldSearch": "" }, { "fieldName": "source_context", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "source_context", "comment": "", "fieldSearch": "" }, { "fieldName": "source_id", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "source_id", "comment": "", "fieldSearch": "" }, { "fieldName": "splunk_server", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "splunk_server", "comment": "", "fieldSearch": "" }, { "fieldName": "ss_ip", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "ss_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "tag", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "tag", "comment": "", "fieldSearch": "" }, { "fieldName": "tag::eventtype", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "tag::eventtype", "comment": "", "fieldSearch": "" }, { "fieldName": "total_bytes", "owner": "Exchange_Messaging", "type": "number", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "total_bytes", "comment": "", "fieldSearch": "" }, { "fieldName": "vendor", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "vendor", "comment": "", "fieldSearch": "" }, { "fieldName": "_time", "owner": "BaseEvent", "type": "timestamp", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "_time", "comment": "", "fieldSearch": "" }, { "fieldName": "host", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "host", "comment": "", "fieldSearch": "" }, { "fieldName": "source", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "source", "comment": "", "fieldSearch": "" }, { "fieldName": "sourcetype", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sourcetype", "comment": "", "fieldSearch": "" } ], "calculations": [], "constraints": [ { "search": "is_internal_message = 1", "owner": "Exchange_Messaging.Internal_Messages" } ], "lineage": "Exchange_Messaging.Internal_Messages" }, { "objectName": "External_Messages", "displayName": "External Messages", "parentName": "Exchange_Messaging", "fields": [ { "fieldName": "RecordNumber", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "RecordNumber", "comment": "", "fieldSearch": "" }, { "fieldName": "SourceName", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "SourceName", "comment": "", "fieldSearch": "" }, { "fieldName": "app", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "app", "comment": "", "fieldSearch": "" }, { "fieldName": "client_hostname", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "client_hostname", "comment": "", "fieldSearch": "" }, { "fieldName": "connector_id", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "connector_id", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_ip", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "date_time", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "date_time", "comment": "", "fieldSearch": "" }, { "fieldName": "event_id", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "event_id", "comment": "", "fieldSearch": "" }, { "fieldName": "eventtype", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "eventtype", "comment": "", "fieldSearch": "" }, { "fieldName": "index", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "index", "comment": "", "fieldSearch": "" }, { "fieldName": "internal_message_id", "owner": "Exchange_Messaging", "type": "number", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "internal_message_id", "comment": "", "fieldSearch": "" }, { "fieldName": "message_id", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "message_id", "comment": "", "fieldSearch": "" }, { "fieldName": "message_info", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "message_info", "comment": "", "fieldSearch": "" }, { "fieldName": "message_subject", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "message_subject", "comment": "", "fieldSearch": "" }, { "fieldName": "product", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "product", "comment": "", "fieldSearch": "" }, { "fieldName": "recipient", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipient", "comment": "", "fieldSearch": "" }, { "fieldName": "recipient_count", "owner": "Exchange_Messaging", "type": "number", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipient_count", "comment": "", "fieldSearch": "" }, { "fieldName": "recipient_domain", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipient_domain", "comment": "", "fieldSearch": "" }, { "fieldName": "recipient_status", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipient_status", "comment": "", "fieldSearch": "" }, { "fieldName": "recipient_username", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipient_username", "comment": "", "fieldSearch": "" }, { "fieldName": "recipients", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipients", "comment": "", "fieldSearch": "" }, { "fieldName": "reference", "owner": "Exchange_Messaging", "type": "number", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "reference", "comment": "", "fieldSearch": "" }, { "fieldName": "related_recipient_address", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "related_recipient_address", "comment": "", "fieldSearch": "" }, { "fieldName": "return_path", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "return_path", "comment": "", "fieldSearch": "" }, { "fieldName": "sender", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sender", "comment": "", "fieldSearch": "" }, { "fieldName": "sender_domain", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sender_domain", "comment": "", "fieldSearch": "" }, { "fieldName": "sender_username", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sender_username", "comment": "", "fieldSearch": "" }, { "fieldName": "server_hostname", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "server_hostname", "comment": "", "fieldSearch": "" }, { "fieldName": "source_context", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "source_context", "comment": "", "fieldSearch": "" }, { "fieldName": "source_id", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "source_id", "comment": "", "fieldSearch": "" }, { "fieldName": "splunk_server", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "splunk_server", "comment": "", "fieldSearch": "" }, { "fieldName": "ss_ip", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "ss_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "tag", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "tag", "comment": "", "fieldSearch": "" }, { "fieldName": "tag::eventtype", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "tag::eventtype", "comment": "", "fieldSearch": "" }, { "fieldName": "total_bytes", "owner": "Exchange_Messaging", "type": "number", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "total_bytes", "comment": "", "fieldSearch": "" }, { "fieldName": "vendor", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "vendor", "comment": "", "fieldSearch": "" }, { "fieldName": "_time", "owner": "BaseEvent", "type": "timestamp", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "_time", "comment": "", "fieldSearch": "" }, { "fieldName": "host", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "host", "comment": "", "fieldSearch": "" }, { "fieldName": "source", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "source", "comment": "", "fieldSearch": "" }, { "fieldName": "sourcetype", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sourcetype", "comment": "", "fieldSearch": "" } ], "calculations": [], "constraints": [ { "search": "is_internal_message = 0", "owner": "Exchange_Messaging.External_Messages" } ], "lineage": "Exchange_Messaging.External_Messages" }, { "objectName": "Internal_Received_Messages", "displayName": "Internal Received Messages", "parentName": "Internal_Messages", "fields": [ { "fieldName": "RecordNumber", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "RecordNumber", "comment": "", "fieldSearch": "" }, { "fieldName": "SourceName", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "SourceName", "comment": "", "fieldSearch": "" }, { "fieldName": "app", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "app", "comment": "", "fieldSearch": "" }, { "fieldName": "client_hostname", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "client_hostname", "comment": "", "fieldSearch": "" }, { "fieldName": "connector_id", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "connector_id", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_ip", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "date_time", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "date_time", "comment": "", "fieldSearch": "" }, { "fieldName": "event_id", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "event_id", "comment": "", "fieldSearch": "" }, { "fieldName": "eventtype", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "eventtype", "comment": "", "fieldSearch": "" }, { "fieldName": "index", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "index", "comment": "", "fieldSearch": "" }, { "fieldName": "internal_message_id", "owner": "Exchange_Messaging", "type": "number", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "internal_message_id", "comment": "", "fieldSearch": "" }, { "fieldName": "message_id", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "message_id", "comment": "", "fieldSearch": "" }, { "fieldName": "message_info", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "message_info", "comment": "", "fieldSearch": "" }, { "fieldName": "message_subject", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "message_subject", "comment": "", "fieldSearch": "" }, { "fieldName": "product", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "product", "comment": "", "fieldSearch": "" }, { "fieldName": "recipient", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipient", "comment": "", "fieldSearch": "" }, { "fieldName": "recipient_count", "owner": "Exchange_Messaging", "type": "number", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipient_count", "comment": "", "fieldSearch": "" }, { "fieldName": "recipient_domain", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipient_domain", "comment": "", "fieldSearch": "" }, { "fieldName": "recipient_status", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipient_status", "comment": "", "fieldSearch": "" }, { "fieldName": "recipient_username", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipient_username", "comment": "", "fieldSearch": "" }, { "fieldName": "recipients", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipients", "comment": "", "fieldSearch": "" }, { "fieldName": "reference", "owner": "Exchange_Messaging", "type": "number", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "reference", "comment": "", "fieldSearch": "" }, { "fieldName": "related_recipient_address", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "related_recipient_address", "comment": "", "fieldSearch": "" }, { "fieldName": "return_path", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "return_path", "comment": "", "fieldSearch": "" }, { "fieldName": "sender", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sender", "comment": "", "fieldSearch": "" }, { "fieldName": "sender_domain", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sender_domain", "comment": "", "fieldSearch": "" }, { "fieldName": "sender_username", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sender_username", "comment": "", "fieldSearch": "" }, { "fieldName": "server_hostname", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "server_hostname", "comment": "", "fieldSearch": "" }, { "fieldName": "source_context", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "source_context", "comment": "", "fieldSearch": "" }, { "fieldName": "source_id", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "source_id", "comment": "", "fieldSearch": "" }, { "fieldName": "splunk_server", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "splunk_server", "comment": "", "fieldSearch": "" }, { "fieldName": "ss_ip", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "ss_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "tag", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "tag", "comment": "", "fieldSearch": "" }, { "fieldName": "tag::eventtype", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "tag::eventtype", "comment": "", "fieldSearch": "" }, { "fieldName": "total_bytes", "owner": "Exchange_Messaging", "type": "number", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "total_bytes", "comment": "", "fieldSearch": "" }, { "fieldName": "vendor", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "vendor", "comment": "", "fieldSearch": "" }, { "fieldName": "_time", "owner": "BaseEvent", "type": "timestamp", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "_time", "comment": "", "fieldSearch": "" }, { "fieldName": "host", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "host", "comment": "", "fieldSearch": "" }, { "fieldName": "source", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "source", "comment": "", "fieldSearch": "" }, { "fieldName": "sourcetype", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sourcetype", "comment": "", "fieldSearch": "" } ], "calculations": [], "constraints": [ { "search": "event_id=DELIVER", "owner": "Exchange_Messaging.Internal_Messages.Internal_Received_Messages" } ], "lineage": "Exchange_Messaging.Internal_Messages.Internal_Received_Messages" }, { "objectName": "Internal_Sent_Messages", "displayName": "Internal Sent Messages", "parentName": "Internal_Messages", "fields": [ { "fieldName": "RecordNumber", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "RecordNumber", "comment": "", "fieldSearch": "" }, { "fieldName": "SourceName", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "SourceName", "comment": "", "fieldSearch": "" }, { "fieldName": "app", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "app", "comment": "", "fieldSearch": "" }, { "fieldName": "client_hostname", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "client_hostname", "comment": "", "fieldSearch": "" }, { "fieldName": "connector_id", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "connector_id", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_ip", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "date_time", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "date_time", "comment": "", "fieldSearch": "" }, { "fieldName": "event_id", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "event_id", "comment": "", "fieldSearch": "" }, { "fieldName": "eventtype", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "eventtype", "comment": "", "fieldSearch": "" }, { "fieldName": "index", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "index", "comment": "", "fieldSearch": "" }, { "fieldName": "internal_message_id", "owner": "Exchange_Messaging", "type": "number", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "internal_message_id", "comment": "", "fieldSearch": "" }, { "fieldName": "message_id", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "message_id", "comment": "", "fieldSearch": "" }, { "fieldName": "message_info", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "message_info", "comment": "", "fieldSearch": "" }, { "fieldName": "message_subject", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "message_subject", "comment": "", "fieldSearch": "" }, { "fieldName": "product", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "product", "comment": "", "fieldSearch": "" }, { "fieldName": "recipient", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipient", "comment": "", "fieldSearch": "" }, { "fieldName": "recipient_count", "owner": "Exchange_Messaging", "type": "number", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipient_count", "comment": "", "fieldSearch": "" }, { "fieldName": "recipient_domain", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipient_domain", "comment": "", "fieldSearch": "" }, { "fieldName": "recipient_status", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipient_status", "comment": "", "fieldSearch": "" }, { "fieldName": "recipient_username", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipient_username", "comment": "", "fieldSearch": "" }, { "fieldName": "recipients", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipients", "comment": "", "fieldSearch": "" }, { "fieldName": "reference", "owner": "Exchange_Messaging", "type": "number", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "reference", "comment": "", "fieldSearch": "" }, { "fieldName": "related_recipient_address", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "related_recipient_address", "comment": "", "fieldSearch": "" }, { "fieldName": "return_path", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "return_path", "comment": "", "fieldSearch": "" }, { "fieldName": "sender", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sender", "comment": "", "fieldSearch": "" }, { "fieldName": "sender_domain", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sender_domain", "comment": "", "fieldSearch": "" }, { "fieldName": "sender_username", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sender_username", "comment": "", "fieldSearch": "" }, { "fieldName": "server_hostname", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "server_hostname", "comment": "", "fieldSearch": "" }, { "fieldName": "source_context", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "source_context", "comment": "", "fieldSearch": "" }, { "fieldName": "source_id", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "source_id", "comment": "", "fieldSearch": "" }, { "fieldName": "splunk_server", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "splunk_server", "comment": "", "fieldSearch": "" }, { "fieldName": "ss_ip", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "ss_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "tag", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "tag", "comment": "", "fieldSearch": "" }, { "fieldName": "tag::eventtype", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "tag::eventtype", "comment": "", "fieldSearch": "" }, { "fieldName": "total_bytes", "owner": "Exchange_Messaging", "type": "number", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "total_bytes", "comment": "", "fieldSearch": "" }, { "fieldName": "vendor", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "vendor", "comment": "", "fieldSearch": "" }, { "fieldName": "_time", "owner": "BaseEvent", "type": "timestamp", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "_time", "comment": "", "fieldSearch": "" }, { "fieldName": "host", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "host", "comment": "", "fieldSearch": "" }, { "fieldName": "source", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "source", "comment": "", "fieldSearch": "" }, { "fieldName": "sourcetype", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sourcetype", "comment": "", "fieldSearch": "" } ], "calculations": [], "constraints": [ { "search": "event_id=SEND", "owner": "Exchange_Messaging.Internal_Messages.Internal_Sent_Messages" } ], "lineage": "Exchange_Messaging.Internal_Messages.Internal_Sent_Messages" }, { "objectName": "External_Received_Messages", "displayName": "External Received Messages", "parentName": "External_Messages", "fields": [ { "fieldName": "RecordNumber", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "RecordNumber", "comment": "", "fieldSearch": "" }, { "fieldName": "SourceName", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "SourceName", "comment": "", "fieldSearch": "" }, { "fieldName": "app", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "app", "comment": "", "fieldSearch": "" }, { "fieldName": "client_hostname", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "client_hostname", "comment": "", "fieldSearch": "" }, { "fieldName": "connector_id", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "connector_id", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_ip", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "date_time", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "date_time", "comment": "", "fieldSearch": "" }, { "fieldName": "event_id", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "event_id", "comment": "", "fieldSearch": "" }, { "fieldName": "eventtype", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "eventtype", "comment": "", "fieldSearch": "" }, { "fieldName": "index", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "index", "comment": "", "fieldSearch": "" }, { "fieldName": "internal_message_id", "owner": "Exchange_Messaging", "type": "number", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "internal_message_id", "comment": "", "fieldSearch": "" }, { "fieldName": "message_id", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "message_id", "comment": "", "fieldSearch": "" }, { "fieldName": "message_info", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "message_info", "comment": "", "fieldSearch": "" }, { "fieldName": "message_subject", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "message_subject", "comment": "", "fieldSearch": "" }, { "fieldName": "product", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "product", "comment": "", "fieldSearch": "" }, { "fieldName": "recipient", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipient", "comment": "", "fieldSearch": "" }, { "fieldName": "recipient_count", "owner": "Exchange_Messaging", "type": "number", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipient_count", "comment": "", "fieldSearch": "" }, { "fieldName": "recipient_domain", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipient_domain", "comment": "", "fieldSearch": "" }, { "fieldName": "recipient_status", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipient_status", "comment": "", "fieldSearch": "" }, { "fieldName": "recipient_username", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipient_username", "comment": "", "fieldSearch": "" }, { "fieldName": "recipients", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipients", "comment": "", "fieldSearch": "" }, { "fieldName": "reference", "owner": "Exchange_Messaging", "type": "number", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "reference", "comment": "", "fieldSearch": "" }, { "fieldName": "related_recipient_address", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "related_recipient_address", "comment": "", "fieldSearch": "" }, { "fieldName": "return_path", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "return_path", "comment": "", "fieldSearch": "" }, { "fieldName": "sender", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sender", "comment": "", "fieldSearch": "" }, { "fieldName": "sender_domain", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sender_domain", "comment": "", "fieldSearch": "" }, { "fieldName": "sender_username", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sender_username", "comment": "", "fieldSearch": "" }, { "fieldName": "server_hostname", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "server_hostname", "comment": "", "fieldSearch": "" }, { "fieldName": "source_context", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "source_context", "comment": "", "fieldSearch": "" }, { "fieldName": "source_id", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "source_id", "comment": "", "fieldSearch": "" }, { "fieldName": "splunk_server", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "splunk_server", "comment": "", "fieldSearch": "" }, { "fieldName": "ss_ip", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "ss_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "tag", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "tag", "comment": "", "fieldSearch": "" }, { "fieldName": "tag::eventtype", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "tag::eventtype", "comment": "", "fieldSearch": "" }, { "fieldName": "total_bytes", "owner": "Exchange_Messaging", "type": "number", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "total_bytes", "comment": "", "fieldSearch": "" }, { "fieldName": "vendor", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "vendor", "comment": "", "fieldSearch": "" }, { "fieldName": "_time", "owner": "BaseEvent", "type": "timestamp", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "_time", "comment": "", "fieldSearch": "" }, { "fieldName": "host", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "host", "comment": "", "fieldSearch": "" }, { "fieldName": "source", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "source", "comment": "", "fieldSearch": "" }, { "fieldName": "sourcetype", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sourcetype", "comment": "", "fieldSearch": "" } ], "calculations": [], "constraints": [ { "search": "event_id=DELIVER", "owner": "Exchange_Messaging.External_Messages.External_Received_Messages" } ], "lineage": "Exchange_Messaging.External_Messages.External_Received_Messages" }, { "objectName": "External_Sent_Messages", "displayName": "External Sent Messages", "parentName": "External_Messages", "fields": [ { "fieldName": "RecordNumber", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "RecordNumber", "comment": "", "fieldSearch": "" }, { "fieldName": "SourceName", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "SourceName", "comment": "", "fieldSearch": "" }, { "fieldName": "app", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "app", "comment": "", "fieldSearch": "" }, { "fieldName": "client_hostname", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "client_hostname", "comment": "", "fieldSearch": "" }, { "fieldName": "connector_id", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "connector_id", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_ip", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "date_time", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "date_time", "comment": "", "fieldSearch": "" }, { "fieldName": "event_id", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "event_id", "comment": "", "fieldSearch": "" }, { "fieldName": "eventtype", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "eventtype", "comment": "", "fieldSearch": "" }, { "fieldName": "index", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "index", "comment": "", "fieldSearch": "" }, { "fieldName": "internal_message_id", "owner": "Exchange_Messaging", "type": "number", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "internal_message_id", "comment": "", "fieldSearch": "" }, { "fieldName": "message_id", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "message_id", "comment": "", "fieldSearch": "" }, { "fieldName": "message_info", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "message_info", "comment": "", "fieldSearch": "" }, { "fieldName": "message_subject", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "message_subject", "comment": "", "fieldSearch": "" }, { "fieldName": "product", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "product", "comment": "", "fieldSearch": "" }, { "fieldName": "recipient", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipient", "comment": "", "fieldSearch": "" }, { "fieldName": "recipient_count", "owner": "Exchange_Messaging", "type": "number", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipient_count", "comment": "", "fieldSearch": "" }, { "fieldName": "recipient_domain", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipient_domain", "comment": "", "fieldSearch": "" }, { "fieldName": "recipient_status", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipient_status", "comment": "", "fieldSearch": "" }, { "fieldName": "recipient_username", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipient_username", "comment": "", "fieldSearch": "" }, { "fieldName": "recipients", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "recipients", "comment": "", "fieldSearch": "" }, { "fieldName": "reference", "owner": "Exchange_Messaging", "type": "number", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "reference", "comment": "", "fieldSearch": "" }, { "fieldName": "related_recipient_address", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "related_recipient_address", "comment": "", "fieldSearch": "" }, { "fieldName": "return_path", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "return_path", "comment": "", "fieldSearch": "" }, { "fieldName": "sender", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sender", "comment": "", "fieldSearch": "" }, { "fieldName": "sender_domain", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sender_domain", "comment": "", "fieldSearch": "" }, { "fieldName": "sender_username", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sender_username", "comment": "", "fieldSearch": "" }, { "fieldName": "server_hostname", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "server_hostname", "comment": "", "fieldSearch": "" }, { "fieldName": "source_context", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "source_context", "comment": "", "fieldSearch": "" }, { "fieldName": "source_id", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "source_id", "comment": "", "fieldSearch": "" }, { "fieldName": "splunk_server", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "splunk_server", "comment": "", "fieldSearch": "" }, { "fieldName": "ss_ip", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "ss_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "tag", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "tag", "comment": "", "fieldSearch": "" }, { "fieldName": "tag::eventtype", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "tag::eventtype", "comment": "", "fieldSearch": "" }, { "fieldName": "total_bytes", "owner": "Exchange_Messaging", "type": "number", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "total_bytes", "comment": "", "fieldSearch": "" }, { "fieldName": "vendor", "owner": "Exchange_Messaging", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "vendor", "comment": "", "fieldSearch": "" }, { "fieldName": "_time", "owner": "BaseEvent", "type": "timestamp", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "_time", "comment": "", "fieldSearch": "" }, { "fieldName": "host", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "host", "comment": "", "fieldSearch": "" }, { "fieldName": "source", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "source", "comment": "", "fieldSearch": "" }, { "fieldName": "sourcetype", "owner": "BaseEvent", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sourcetype", "comment": "", "fieldSearch": "" } ], "calculations": [], "constraints": [ { "search": "event_id=SEND", "owner": "Exchange_Messaging.External_Messages.External_Sent_Messages" } ], "lineage": "Exchange_Messaging.External_Messages.External_Sent_Messages" }, { "objectName": "All_Logons", "displayName": "All Logons", "parentName": "BaseSearch", "fields": [ { "fieldName": "_time", "owner": "All_Logons", "type": "timestamp", "required": true, "multivalue": false, "hidden": false, "editable": true, "displayName": "_time", "comment": "", "fieldSearch": "_time=*" }, { "fieldName": "host", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "host", "comment": "", "fieldSearch": "" }, { "fieldName": "source", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "source", "comment": "", "fieldSearch": "" }, { "fieldName": "sourcetype", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sourcetype", "comment": "", "fieldSearch": "" }, { "fieldName": "src_ip", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "src_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "src_nt_domain", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "src_nt_domain", "comment": "", "fieldSearch": "" }, { "fieldName": "src_nt_host", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "src_nt_host", "comment": "", "fieldSearch": "" }, { "fieldName": "src_user", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "src_user", "comment": "", "fieldSearch": "" }, { "fieldName": "dest_nt_domain", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "dest_nt_domain", "comment": "", "fieldSearch": "" }, { "fieldName": "dest_nt_host", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "dest_nt_host", "comment": "", "fieldSearch": "" }, { "fieldName": "c_ip", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "c_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_method", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_method", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_uri_query", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_uri_query", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_uri_stem", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_uri_stem", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_user_agent", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_user_agent", "comment": "", "fieldSearch": "" }, { "fieldName": "date", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "date", "comment": "", "fieldSearch": "" }, { "fieldName": "s_ip", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "s_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "Account_Domain", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "Account_Domain", "comment": "", "fieldSearch": "" }, { "fieldName": "Account_Name", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "Account_Name", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_username", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_username", "comment": "", "fieldSearch": "" } ], "calculations": [ { "outputFields": [ { "fieldName": "logontype", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "logontype", "comment": "", "fieldSearch": "" } ], "calculationID": "rblfm1e6850fi529", "owner": "All_Logons", "editable": true, "comment": "", "calculationType": "Eval", "expression": "case(like(eventtype, \"client-%-usage\"), \"exchange\", like(eventtype, \"msad-%-user-logons\"), \"user\", like(eventtype, \"msad-%-computer-logons\"), \"computer\")" }, { "outputFields": [ { "fieldName": "status", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "status", "comment": "", "fieldSearch": "" } ], "calculationID": "ez4qr47wyuy2e29", "owner": "All_Logons", "editable": true, "comment": "", "calculationType": "Eval", "expression": "case (like(eventtype, \"msad-successful-%-logons\"), \"success\", like(eventtype, \"msad-failed-%-logons\"), \"failure\", like(eventtype, \"client-%-usage\"), \"unknown\")" } ], "constraints": [], "lineage": "All_Logons", "baseSearch": "eventtype=\"msad-*-computer-logons\" OR eventtype=\"msad-*-user-logons\" OR eventtype=\"client-*-usage\" | eval cs_username=coalesce(Security_ID, cs_username) | transaction fields=cs_username maxspan=2s maxpause=1s maxevents=2" }, { "objectName": "Computer_Logons", "displayName": "Computer Logons", "parentName": "All_Logons", "fields": [ { "fieldName": "_time", "owner": "All_Logons", "type": "timestamp", "required": true, "multivalue": false, "hidden": false, "editable": true, "displayName": "_time", "comment": "", "fieldSearch": "_time=*" }, { "fieldName": "host", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "host", "comment": "", "fieldSearch": "" }, { "fieldName": "source", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "source", "comment": "", "fieldSearch": "" }, { "fieldName": "sourcetype", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sourcetype", "comment": "", "fieldSearch": "" }, { "fieldName": "src_ip", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "src_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "src_nt_domain", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "src_nt_domain", "comment": "", "fieldSearch": "" }, { "fieldName": "src_nt_host", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "src_nt_host", "comment": "", "fieldSearch": "" }, { "fieldName": "src_user", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "src_user", "comment": "", "fieldSearch": "" }, { "fieldName": "dest_nt_domain", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "dest_nt_domain", "comment": "", "fieldSearch": "" }, { "fieldName": "dest_nt_host", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "dest_nt_host", "comment": "", "fieldSearch": "" }, { "fieldName": "c_ip", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": true, "editable": true, "displayName": "c_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_method", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": true, "editable": true, "displayName": "cs_method", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_uri_query", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": true, "editable": true, "displayName": "cs_uri_query", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_uri_stem", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": true, "editable": true, "displayName": "cs_uri_stem", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_user_agent", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": true, "editable": true, "displayName": "cs_user_agent", "comment": "", "fieldSearch": "" }, { "fieldName": "date", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "date", "comment": "", "fieldSearch": "" }, { "fieldName": "s_ip", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": true, "editable": true, "displayName": "s_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "Account_Domain", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "Account_Domain", "comment": "", "fieldSearch": "" }, { "fieldName": "Account_Name", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "Account_Name", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_username", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_username", "comment": "", "fieldSearch": "" } ], "calculations": [], "constraints": [ { "search": "logontype=\"computer\"", "owner": "All_Logons.Computer_Logons" } ], "lineage": "All_Logons.Computer_Logons", "baseSearch": "" }, { "objectName": "User_Logons", "displayName": "User Logons", "parentName": "All_Logons", "fields": [ { "fieldName": "_time", "owner": "All_Logons", "type": "timestamp", "required": true, "multivalue": false, "hidden": false, "editable": true, "displayName": "_time", "comment": "", "fieldSearch": "_time=*" }, { "fieldName": "host", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "host", "comment": "", "fieldSearch": "" }, { "fieldName": "source", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "source", "comment": "", "fieldSearch": "" }, { "fieldName": "sourcetype", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sourcetype", "comment": "", "fieldSearch": "" }, { "fieldName": "src_ip", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "src_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "src_nt_domain", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "src_nt_domain", "comment": "", "fieldSearch": "" }, { "fieldName": "src_nt_host", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "src_nt_host", "comment": "", "fieldSearch": "" }, { "fieldName": "src_user", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "src_user", "comment": "", "fieldSearch": "" }, { "fieldName": "dest_nt_domain", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "dest_nt_domain", "comment": "", "fieldSearch": "" }, { "fieldName": "dest_nt_host", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "dest_nt_host", "comment": "", "fieldSearch": "" }, { "fieldName": "c_ip", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "c_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_method", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_method", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_uri_query", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_uri_query", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_uri_stem", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_uri_stem", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_user_agent", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_user_agent", "comment": "", "fieldSearch": "" }, { "fieldName": "date", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "date", "comment": "", "fieldSearch": "" }, { "fieldName": "s_ip", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "s_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "Account_Domain", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "Account_Domain", "comment": "", "fieldSearch": "" }, { "fieldName": "Account_Name", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "Account_Name", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_username", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_username", "comment": "", "fieldSearch": "" } ], "calculations": [], "constraints": [ { "search": "logontype=\"user\" OR logontype=\"exchange\"", "owner": "All_Logons.User_Logons" } ], "lineage": "All_Logons.User_Logons", "baseSearch": "" }, { "objectName": "Desktop_Logons", "displayName": "Desktop Logons", "parentName": "User_Logons", "fields": [ { "fieldName": "_time", "owner": "All_Logons", "type": "timestamp", "required": true, "multivalue": false, "hidden": false, "editable": true, "displayName": "_time", "comment": "", "fieldSearch": "_time=*" }, { "fieldName": "host", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "host", "comment": "", "fieldSearch": "" }, { "fieldName": "source", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "source", "comment": "", "fieldSearch": "" }, { "fieldName": "sourcetype", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sourcetype", "comment": "", "fieldSearch": "" }, { "fieldName": "src_ip", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "src_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "src_nt_domain", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "src_nt_domain", "comment": "", "fieldSearch": "" }, { "fieldName": "src_nt_host", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "src_nt_host", "comment": "", "fieldSearch": "" }, { "fieldName": "src_user", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "src_user", "comment": "", "fieldSearch": "" }, { "fieldName": "dest_nt_domain", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "dest_nt_domain", "comment": "", "fieldSearch": "" }, { "fieldName": "dest_nt_host", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "dest_nt_host", "comment": "", "fieldSearch": "" }, { "fieldName": "c_ip", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": true, "editable": true, "displayName": "c_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_method", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": true, "editable": true, "displayName": "cs_method", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_uri_query", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": true, "editable": true, "displayName": "cs_uri_query", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_uri_stem", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": true, "editable": true, "displayName": "cs_uri_stem", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_user_agent", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": true, "editable": true, "displayName": "cs_user_agent", "comment": "", "fieldSearch": "" }, { "fieldName": "date", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "date", "comment": "", "fieldSearch": "" }, { "fieldName": "s_ip", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": true, "editable": true, "displayName": "s_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "Account_Domain", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "Account_Domain", "comment": "", "fieldSearch": "" }, { "fieldName": "Account_Name", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "Account_Name", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_username", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_username", "comment": "", "fieldSearch": "" } ], "calculations": [], "constraints": [ { "search": "logontype=\"user\"", "owner": "All_Logons.User_Logons.Desktop_Logons" } ], "lineage": "All_Logons.User_Logons.Desktop_Logons", "baseSearch": "" }, { "objectName": "Exchange_Logons", "displayName": "Exchange Logons", "parentName": "User_Logons", "fields": [ { "fieldName": "_time", "owner": "All_Logons", "type": "timestamp", "required": true, "multivalue": false, "hidden": false, "editable": true, "displayName": "_time", "comment": "", "fieldSearch": "_time=*" }, { "fieldName": "host", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "host", "comment": "", "fieldSearch": "" }, { "fieldName": "source", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "source", "comment": "", "fieldSearch": "" }, { "fieldName": "sourcetype", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sourcetype", "comment": "", "fieldSearch": "" }, { "fieldName": "src_ip", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "src_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "src_nt_domain", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "src_nt_domain", "comment": "", "fieldSearch": "" }, { "fieldName": "src_nt_host", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "src_nt_host", "comment": "", "fieldSearch": "" }, { "fieldName": "src_user", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "src_user", "comment": "", "fieldSearch": "" }, { "fieldName": "dest_nt_domain", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "dest_nt_domain", "comment": "", "fieldSearch": "" }, { "fieldName": "dest_nt_host", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "dest_nt_host", "comment": "", "fieldSearch": "" }, { "fieldName": "c_ip", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "c_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_method", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_method", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_uri_query", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_uri_query", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_uri_stem", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_uri_stem", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_user_agent", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_user_agent", "comment": "", "fieldSearch": "" }, { "fieldName": "date", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "date", "comment": "", "fieldSearch": "" }, { "fieldName": "s_ip", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "s_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "Account_Domain", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "Account_Domain", "comment": "", "fieldSearch": "" }, { "fieldName": "Account_Name", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "Account_Name", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_username", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_username", "comment": "", "fieldSearch": "" } ], "calculations": [], "constraints": [ { "search": "logontype=\"exchange\"", "owner": "All_Logons.User_Logons.Exchange_Logons" } ], "lineage": "All_Logons.User_Logons.Exchange_Logons", "baseSearch": "" }, { "objectName": "Logon_via_Outlook_Anywhere", "displayName": "Logon via Outlook Anywhere", "parentName": "Exchange_Logons", "fields": [ { "fieldName": "_time", "owner": "All_Logons", "type": "timestamp", "required": true, "multivalue": false, "hidden": false, "editable": true, "displayName": "_time", "comment": "", "fieldSearch": "_time=*" }, { "fieldName": "host", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "host", "comment": "", "fieldSearch": "" }, { "fieldName": "source", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "source", "comment": "", "fieldSearch": "" }, { "fieldName": "sourcetype", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sourcetype", "comment": "", "fieldSearch": "" }, { "fieldName": "src_ip", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "src_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "src_nt_domain", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "src_nt_domain", "comment": "", "fieldSearch": "" }, { "fieldName": "src_nt_host", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "src_nt_host", "comment": "", "fieldSearch": "" }, { "fieldName": "src_user", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "src_user", "comment": "", "fieldSearch": "" }, { "fieldName": "dest_nt_domain", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "dest_nt_domain", "comment": "", "fieldSearch": "" }, { "fieldName": "dest_nt_host", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "dest_nt_host", "comment": "", "fieldSearch": "" }, { "fieldName": "c_ip", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "c_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_method", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_method", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_uri_query", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_uri_query", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_uri_stem", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_uri_stem", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_user_agent", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_user_agent", "comment": "", "fieldSearch": "" }, { "fieldName": "date", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "date", "comment": "", "fieldSearch": "" }, { "fieldName": "s_ip", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "s_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "Account_Domain", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "Account_Domain", "comment": "", "fieldSearch": "" }, { "fieldName": "Account_Name", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "Account_Name", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_username", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_username", "comment": "", "fieldSearch": "" } ], "calculations": [], "constraints": [ { "search": "eventtype=\"client-outlookanywhere-usage\"", "owner": "All_Logons.User_Logons.Exchange_Logons.Logon_via_Outlook_Anywhere" } ], "lineage": "All_Logons.User_Logons.Exchange_Logons.Logon_via_Outlook_Anywhere", "baseSearch": "" }, { "objectName": "Logon_via_Outlook_Web_Access", "displayName": "Logon via Outlook Web Access", "parentName": "Exchange_Logons", "fields": [ { "fieldName": "_time", "owner": "All_Logons", "type": "timestamp", "required": true, "multivalue": false, "hidden": false, "editable": true, "displayName": "_time", "comment": "", "fieldSearch": "_time=*" }, { "fieldName": "host", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "host", "comment": "", "fieldSearch": "" }, { "fieldName": "source", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "source", "comment": "", "fieldSearch": "" }, { "fieldName": "sourcetype", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sourcetype", "comment": "", "fieldSearch": "" }, { "fieldName": "src_ip", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "src_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "src_nt_domain", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "src_nt_domain", "comment": "", "fieldSearch": "" }, { "fieldName": "src_nt_host", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "src_nt_host", "comment": "", "fieldSearch": "" }, { "fieldName": "src_user", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "src_user", "comment": "", "fieldSearch": "" }, { "fieldName": "dest_nt_domain", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "dest_nt_domain", "comment": "", "fieldSearch": "" }, { "fieldName": "dest_nt_host", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "dest_nt_host", "comment": "", "fieldSearch": "" }, { "fieldName": "c_ip", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "c_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_method", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_method", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_uri_query", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_uri_query", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_uri_stem", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_uri_stem", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_user_agent", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_user_agent", "comment": "", "fieldSearch": "" }, { "fieldName": "date", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "date", "comment": "", "fieldSearch": "" }, { "fieldName": "s_ip", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "s_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "Account_Domain", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "Account_Domain", "comment": "", "fieldSearch": "" }, { "fieldName": "Account_Name", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "Account_Name", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_username", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_username", "comment": "", "fieldSearch": "" } ], "calculations": [], "constraints": [ { "search": "eventtype=\"client-owa-usage\"", "owner": "All_Logons.User_Logons.Exchange_Logons.Logon_via_Outlook_Web_Access" } ], "lineage": "All_Logons.User_Logons.Exchange_Logons.Logon_via_Outlook_Web_Access", "baseSearch": "" }, { "objectName": "Logon_via_Exchange_Web_Services", "displayName": "Logon via Exchange Web Services", "parentName": "Exchange_Logons", "fields": [ { "fieldName": "_time", "owner": "All_Logons", "type": "timestamp", "required": true, "multivalue": false, "hidden": false, "editable": true, "displayName": "_time", "comment": "", "fieldSearch": "_time=*" }, { "fieldName": "host", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "host", "comment": "", "fieldSearch": "" }, { "fieldName": "source", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "source", "comment": "", "fieldSearch": "" }, { "fieldName": "sourcetype", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sourcetype", "comment": "", "fieldSearch": "" }, { "fieldName": "src_ip", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "src_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "src_nt_domain", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "src_nt_domain", "comment": "", "fieldSearch": "" }, { "fieldName": "src_nt_host", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "src_nt_host", "comment": "", "fieldSearch": "" }, { "fieldName": "src_user", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "src_user", "comment": "", "fieldSearch": "" }, { "fieldName": "dest_nt_domain", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "dest_nt_domain", "comment": "", "fieldSearch": "" }, { "fieldName": "dest_nt_host", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "dest_nt_host", "comment": "", "fieldSearch": "" }, { "fieldName": "c_ip", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "c_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_method", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_method", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_uri_query", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_uri_query", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_uri_stem", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_uri_stem", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_user_agent", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_user_agent", "comment": "", "fieldSearch": "" }, { "fieldName": "date", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "date", "comment": "", "fieldSearch": "" }, { "fieldName": "s_ip", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "s_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "Account_Domain", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "Account_Domain", "comment": "", "fieldSearch": "" }, { "fieldName": "Account_Name", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "Account_Name", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_username", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_username", "comment": "", "fieldSearch": "" } ], "calculations": [], "constraints": [ { "search": "eventtype=\"client-ews-usage\"", "owner": "All_Logons.User_Logons.Exchange_Logons.Logon_via_Exchange_Web_Services" } ], "lineage": "All_Logons.User_Logons.Exchange_Logons.Logon_via_Exchange_Web_Services", "baseSearch": "" }, { "objectName": "Logon_via_Activesync", "displayName": "Logon via Activesync", "parentName": "Exchange_Logons", "fields": [ { "fieldName": "_time", "owner": "All_Logons", "type": "timestamp", "required": true, "multivalue": false, "hidden": false, "editable": true, "displayName": "_time", "comment": "", "fieldSearch": "_time=*" }, { "fieldName": "host", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "host", "comment": "", "fieldSearch": "" }, { "fieldName": "source", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "source", "comment": "", "fieldSearch": "" }, { "fieldName": "sourcetype", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sourcetype", "comment": "", "fieldSearch": "" }, { "fieldName": "src_ip", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "src_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "src_nt_domain", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "src_nt_domain", "comment": "", "fieldSearch": "" }, { "fieldName": "src_nt_host", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "src_nt_host", "comment": "", "fieldSearch": "" }, { "fieldName": "src_user", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "src_user", "comment": "", "fieldSearch": "" }, { "fieldName": "dest_nt_domain", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "dest_nt_domain", "comment": "", "fieldSearch": "" }, { "fieldName": "dest_nt_host", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "dest_nt_host", "comment": "", "fieldSearch": "" }, { "fieldName": "c_ip", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "c_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_method", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_method", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_uri_query", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_uri_query", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_uri_stem", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_uri_stem", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_user_agent", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_user_agent", "comment": "", "fieldSearch": "" }, { "fieldName": "date", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "date", "comment": "", "fieldSearch": "" }, { "fieldName": "s_ip", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "s_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "Account_Domain", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "Account_Domain", "comment": "", "fieldSearch": "" }, { "fieldName": "Account_Name", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "Account_Name", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_username", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_username", "comment": "", "fieldSearch": "" } ], "calculations": [], "constraints": [ { "search": "eventtype=\"client-activesync-usage\"", "owner": "All_Logons.User_Logons.Exchange_Logons.Logon_via_Activesync" } ], "lineage": "All_Logons.User_Logons.Exchange_Logons.Logon_via_Activesync", "baseSearch": "" }, { "objectName": "Legacy_Client_Logons", "displayName": "Legacy Client Logons", "parentName": "All_Logons", "fields": [ { "fieldName": "_time", "owner": "All_Logons", "type": "timestamp", "required": true, "multivalue": false, "hidden": false, "editable": true, "displayName": "_time", "comment": "", "fieldSearch": "_time=*" }, { "fieldName": "host", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "host", "comment": "", "fieldSearch": "" }, { "fieldName": "source", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "source", "comment": "", "fieldSearch": "" }, { "fieldName": "sourcetype", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sourcetype", "comment": "", "fieldSearch": "" }, { "fieldName": "src_ip", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "src_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "src_nt_domain", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "src_nt_domain", "comment": "", "fieldSearch": "" }, { "fieldName": "src_nt_host", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "src_nt_host", "comment": "", "fieldSearch": "" }, { "fieldName": "src_user", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "src_user", "comment": "", "fieldSearch": "" }, { "fieldName": "dest_nt_domain", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "dest_nt_domain", "comment": "", "fieldSearch": "" }, { "fieldName": "dest_nt_host", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "dest_nt_host", "comment": "", "fieldSearch": "" }, { "fieldName": "c_ip", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "c_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_method", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_method", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_uri_query", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_uri_query", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_uri_stem", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_uri_stem", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_user_agent", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_user_agent", "comment": "", "fieldSearch": "" }, { "fieldName": "date", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "date", "comment": "", "fieldSearch": "" }, { "fieldName": "s_ip", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "s_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "Account_Domain", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "Account_Domain", "comment": "", "fieldSearch": "" }, { "fieldName": "Account_Name", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "Account_Name", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_username", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_username", "comment": "", "fieldSearch": "" } ], "calculations": [], "constraints": [ { "search": "eventtype=client-popimap-usage", "owner": "All_Logons.Legacy_Client_Logons" } ], "lineage": "All_Logons.Legacy_Client_Logons", "baseSearch": "" }, { "objectName": "POP3_Logons", "displayName": "POP3 Logons", "parentName": "Legacy_Client_Logons", "fields": [ { "fieldName": "_time", "owner": "All_Logons", "type": "timestamp", "required": true, "multivalue": false, "hidden": false, "editable": true, "displayName": "_time", "comment": "", "fieldSearch": "_time=*" }, { "fieldName": "host", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "host", "comment": "", "fieldSearch": "" }, { "fieldName": "source", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "source", "comment": "", "fieldSearch": "" }, { "fieldName": "sourcetype", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sourcetype", "comment": "", "fieldSearch": "" }, { "fieldName": "src_ip", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "src_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "src_nt_domain", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "src_nt_domain", "comment": "", "fieldSearch": "" }, { "fieldName": "src_nt_host", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "src_nt_host", "comment": "", "fieldSearch": "" }, { "fieldName": "src_user", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "src_user", "comment": "", "fieldSearch": "" }, { "fieldName": "dest_nt_domain", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "dest_nt_domain", "comment": "", "fieldSearch": "" }, { "fieldName": "dest_nt_host", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "dest_nt_host", "comment": "", "fieldSearch": "" }, { "fieldName": "c_ip", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "c_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_method", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_method", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_uri_query", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_uri_query", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_uri_stem", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_uri_stem", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_user_agent", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_user_agent", "comment": "", "fieldSearch": "" }, { "fieldName": "date", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "date", "comment": "", "fieldSearch": "" }, { "fieldName": "s_ip", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "s_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "Account_Domain", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "Account_Domain", "comment": "", "fieldSearch": "" }, { "fieldName": "Account_Name", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "Account_Name", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_username", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_username", "comment": "", "fieldSearch": "" } ], "calculations": [], "constraints": [ { "search": "ProtocolServiceName=\"POP3\"", "owner": "All_Logons.Legacy_Client_Logons.POP3_Logons" } ], "lineage": "All_Logons.Legacy_Client_Logons.POP3_Logons", "baseSearch": "" }, { "objectName": "IMAP4_Logons", "displayName": "IMAP4 Logons", "parentName": "Legacy_Client_Logons", "fields": [ { "fieldName": "_time", "owner": "All_Logons", "type": "timestamp", "required": true, "multivalue": false, "hidden": false, "editable": true, "displayName": "_time", "comment": "", "fieldSearch": "_time=*" }, { "fieldName": "host", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "host", "comment": "", "fieldSearch": "" }, { "fieldName": "source", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "source", "comment": "", "fieldSearch": "" }, { "fieldName": "sourcetype", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sourcetype", "comment": "", "fieldSearch": "" }, { "fieldName": "src_ip", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "src_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "src_nt_domain", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "src_nt_domain", "comment": "", "fieldSearch": "" }, { "fieldName": "src_nt_host", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "src_nt_host", "comment": "", "fieldSearch": "" }, { "fieldName": "src_user", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "src_user", "comment": "", "fieldSearch": "" }, { "fieldName": "dest_nt_domain", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "dest_nt_domain", "comment": "", "fieldSearch": "" }, { "fieldName": "dest_nt_host", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "dest_nt_host", "comment": "", "fieldSearch": "" }, { "fieldName": "c_ip", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "c_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_method", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_method", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_uri_query", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_uri_query", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_uri_stem", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_uri_stem", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_user_agent", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_user_agent", "comment": "", "fieldSearch": "" }, { "fieldName": "date", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "date", "comment": "", "fieldSearch": "" }, { "fieldName": "s_ip", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "s_ip", "comment": "", "fieldSearch": "" }, { "fieldName": "Account_Domain", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "Account_Domain", "comment": "", "fieldSearch": "" }, { "fieldName": "Account_Name", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "Account_Name", "comment": "", "fieldSearch": "" }, { "fieldName": "cs_username", "owner": "All_Logons", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "cs_username", "comment": "", "fieldSearch": "" } ], "calculations": [], "constraints": [ { "search": "ProtocolServiceName=\"IMAP4\"", "owner": "All_Logons.Legacy_Client_Logons.IMAP4_Logons" } ], "lineage": "All_Logons.Legacy_Client_Logons.IMAP4_Logons", "baseSearch": "" }, { "objectName": "Microsoft_Exchange_Health_Events", "displayName": "Microsoft Exchange Health Events", "parentName": "BaseSearch", "fields": [ { "fieldName": "_time", "owner": "Microsoft_Exchange_Health_Events", "type": "timestamp", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "_time", "comment": "", "fieldSearch": "" }, { "fieldName": "host", "owner": "Microsoft_Exchange_Health_Events", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "host", "comment": "", "fieldSearch": "" }, { "fieldName": "source", "owner": "Microsoft_Exchange_Health_Events", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "source", "comment": "", "fieldSearch": "" }, { "fieldName": "sourcetype", "owner": "Microsoft_Exchange_Health_Events", "type": "string", "required": false, "multivalue": false, "hidden": false, "editable": true, "displayName": "sourcetype", "comment": "", "fieldSearch": "" } ], "calculations": [], "constraints": [], "lineage": "Microsoft_Exchange_Health_Events", "baseSearch": "tag=ms_ex_health_events" } ], "objectNameList": [ "Microsoft_Exchange_Health", "Mailboxes", "Outlook_RPC", "Outlook_Web_Access", "Active_Sync", "Outlook_Anywhere", "Legacy_Clients", "Auto_Discover", "Exchange_Management", "Transport_Handling", "Outbound_SMTP", "Inbound_SMTP", "Exchange_Messaging", "Received_Messages", "Sent_Messages", "Internal_Messages", "External_Messages", "Internal_Received_Messages", "Internal_Sent_Messages", "External_Received_Messages", "External_Sent_Messages", "All_Logons", "Computer_Logons", "User_Logons", "Desktop_Logons", "Exchange_Logons", "Logon_via_Outlook_Anywhere", "Logon_via_Outlook_Web_Access", "Logon_via_Exchange_Web_Services", "Logon_via_Activesync", "Legacy_Client_Logons", "POP3_Logons", "IMAP4_Logons", "Microsoft_Exchange_Health_Events" ] }