Supported GCP search field names
Tables of valid search field names and types for Google Cloud Platform (GCP) environments.
GCP: Host
Field name | Field type |
name | String |
vmId | String |
startTime | Date |
description | String |
type | String |
status | String |
zone | String |
privateIP | String |
publicIP | String |
canIpForward | Boolean |
cpuPlatform | String |
kind | String |
isPublic | Boolean |
hasContainerNodes | Boolean |
tags.<tag-name> | String |
outGoingIp | String |
outGoingPort | String |
platformOS | String |
GCP: Clusters
Field name | Field type |
name | String |
description | String |
loggingService | String |
monitoringService | String |
network | String |
clusterIpv4Cidr | String |
subnetwork | String |
location | String |
zone | String |
endpoint | String |
currentMasterVersion | String |
createTime | Date |
status | String |
statusMessage | String |
servicesIpv4Cidr | String |
isMasterAuthorizedNetworksEnabled | Boolean |
isLegacyABACEnabled | Boolean |
isbasicAuthEnabled | Boolean |
encryptionKeyResource | String |
rbacSecurityGroup | String |
GCP: Node Groups
Field name | Field type |
name | String |
cluster | String |
status | String |
isAutoRepairEnabled | Boolean |
isAutoUpgradeEnabled | Boolean |
machineType | String |
imageType | String |
serviceAccount | String |
GCP: Nodes
Field name | Field type |
instanceId | String |
name | String |
namespace | String |
publicIp | String |
vmId | String |
podCIDR | String |
startTime | Date |
tags.<tag-name> | String |
GCP: Pods
Field name | Field type |
instanceId | String |
name | String |
namespace | String |
nodeName | String |
status | String |
startTime | Date |
hostIP | String |
isPublic | Boolean |
isPrivileged | Boolean |
tags.<tag-name> | String |
launchType | String |
GCP: Containers
Field name | Field type |
instanceId | String |
name | String |
image | String |
imagePullPolicy | String |
status | String |
startedTime | Date |
privileged | Boolean |
kubeHost.nodeName | String |
kubeHost.namespace | String |
tags.<tag-name> | String |
isRogueContainer | Boolean |
isSecured | Boolean |
GCP: Services
Field name | Field type |
name | String |
instanceId | String |
namespace | String |
clusterIP | String |
startTime | Date |
loadBalancerIP | String |
type | String |
tags.<tag-name> | String |
GCP: Ingress
Field name | Field type |
instanceId | String |
name | String |
namespace | String |
startTime | Date |
tags.<tag-name> | String |
GCP: Network Policy
Field name | Field type |
instanceId | String |
name | String |
namespace | String |
startTime | Date |
tags.<tag-name> | String |
GCP: RBAC Roles
Field name | Field type |
instanceId | String |
roleType | String |
name | String |
namespace | String |
creationTime | Date |
tags.<tag-name> | String |
GCP: Firewall
Field name | Field type |
instanceId | String |
network | String |
name | String |
priority | Numeric |
isDisabled | Boolean |
isOpen | Boolean |
isUnused | Boolean |
direction | String |
GCP: VPCs
Field name | Field type |
instanceId | String |
startTime | Date |
name | String |
IPv4Range | String |
routingMode | String |
autoCreateSubnetworks | Boolean |
GCP: Buckets
Field name | Field type |
instanceId | String |
startTime | Date |
name | String |
encryption | String |
owner | String |
location | String |
versioning | Boolean |
isPublic | Boolean |
storageClass | String |
tags.<tag-name> | String |
GCP: SQLs
Field name | Field type |
instanceId | String |
startTime | Date |
name | String |
state | String |
backendType | String |
databaseVersion | String |
region | String |
primaryIP | String |
masterInstanceName | String |
serviceAccount | String |
diskType | String |
SSLEnabled | Boolean |
isPublic | Boolean |
privateNetwork | String |
tags.<tag-name> | String |
connectionName | String |
backupEnabled | Boolean |
GCP: Users
Field name | Field type |
instanceId | String |
name | String |
primaryEmail | String |
isAdmin | Boolean |
isDelegatedAdmin | Boolean |
lastLoginTime | Date |
creationTime | Date |
isEnrolledIn2Sv | Boolean |
GCP: Groups
Field name | Field type |
instanceId | String |
name | String |
email | String |
GCP: Role Bindings
Field name | Field type |
role | String |
GCP: Outbound Traffic
Field name | Field type |
srcAddr | String |
dstAddr | String |
dstPort | Numeric |
protocol | Numeric |
time | Date |
GCP: Inbound Traffic
Field name | Field type |
dstAddr | String |
dstPort | Numeric |
protocol | Numeric |
time | Date |
GCP Activity Log
Field name | Field type |
timestamp | Date |
severity | String |
resourceId | String |
logName | String |
operationType | String |
serviceType | String |
riskReason | String |
protoPayload.<key> | String |
resource.<key> | String |
operation.<key> | String |