Skip to content

Supported GCP search field names

Tables of valid search field names and types for Google Cloud Platform (GCP) environments.

GCP: Host

Field name	Field type
name	String
vmId	String
startTime	Date
description	String
type	String
status	String
zone	String
privateIP	String
publicIP	String
canIpForward	Boolean
cpuPlatform	String
kind	String
isPublic	Boolean
hasContainerNodes	Boolean
tags.<tag-name>	String
outGoingIp	String
outGoingPort	String
platformOS	String

GCP: Clusters

Field name	Field type
name	String
description	String
loggingService	String
monitoringService	String
network	String
clusterIpv4Cidr	String
subnetwork	String
location	String
zone	String
endpoint	String
currentMasterVersion	String
createTime	Date
status	String
statusMessage	String
servicesIpv4Cidr	String
isMasterAuthorizedNetworksEnabled	Boolean
isLegacyABACEnabled	Boolean
isbasicAuthEnabled	Boolean
encryptionKeyResource	String
rbacSecurityGroup	String

GCP: Node Groups

Field name	Field type
name	String
cluster	String
status	String
isAutoRepairEnabled	Boolean
isAutoUpgradeEnabled	Boolean
machineType	String
imageType	String
serviceAccount	String

GCP: Nodes

Field name	Field type
instanceId	String
name	String
namespace	String
publicIp	String
vmId	String
podCIDR	String
startTime	Date
tags.<tag-name>	String

GCP: Pods

Field name	Field type
instanceId	String
name	String
namespace	String
nodeName	String
status	String
startTime	Date
hostIP	String
isPublic	Boolean
isPrivileged	Boolean
tags.<tag-name>	String
launchType	String

GCP: Containers

Field name	Field type
instanceId	String
name	String
image	String
imagePullPolicy	String
status	String
startedTime	Date
privileged	Boolean
kubeHost.nodeName	String
kubeHost.namespace	String
tags.<tag-name>	String
isRogueContainer	Boolean
isSecured	Boolean

GCP: Services

Field name	Field type
name	String
instanceId	String
namespace	String
clusterIP	String
startTime	Date
loadBalancerIP	String
type	String
tags.<tag-name>	String

GCP: Ingress

Field name	Field type
instanceId	String
name	String
namespace	String
startTime	Date
tags.<tag-name>	String

GCP: Network Policy

Field name	Field type
instanceId	String
name	String
namespace	String
startTime	Date
tags.<tag-name>	String

GCP: RBAC Roles

Field name	Field type
instanceId	String
roleType	String
name	String
namespace	String
creationTime	Date
tags.<tag-name>	String

GCP: Firewall

Field name	Field type
instanceId	String
network	String
name	String
priority	Numeric
isDisabled	Boolean
isOpen	Boolean
isUnused	Boolean
direction	String

GCP: VPCs

Field name	Field type
instanceId	String
startTime	Date
name	String
IPv4Range	String
routingMode	String
autoCreateSubnetworks	Boolean

GCP: Buckets

Field name	Field type
instanceId	String
startTime	Date
name	String
encryption	String
owner	String
location	String
versioning	Boolean
isPublic	Boolean
storageClass	String
tags.<tag-name>	String

GCP: SQLs

Field name	Field type
instanceId	String
startTime	Date
name	String
state	String
backendType	String
databaseVersion	String
region	String
primaryIP	String
masterInstanceName	String
serviceAccount	String
diskType	String
SSLEnabled	Boolean
isPublic	Boolean
privateNetwork	String
tags.<tag-name>	String
connectionName	String
backupEnabled	Boolean

GCP: Users

Field name	Field type
instanceId	String
name	String
primaryEmail	String
isAdmin	Boolean
isDelegatedAdmin	Boolean
lastLoginTime	Date
creationTime	Date
isEnrolledIn2Sv	Boolean

GCP: Groups

Field name	Field type
instanceId	String
name	String
email	String

GCP: Role Bindings

Field name	Field type
role	String

GCP: Outbound Traffic

Field name	Field type
srcAddr	String
dstAddr	String
dstPort	Numeric
protocol	Numeric
time	Date

GCP: Inbound Traffic

Field name	Field type
dstAddr	String
dstPort	Numeric
protocol	Numeric
time	Date

GCP Activity Log

Field name	Field type
timestamp	Date
severity	String
resourceId	String
logName	String
operationType	String
serviceType	String
riskReason	String
protoPayload.<key>	String
resource.<key>	String
operation.<key>	String