Supported Azure search field names
Tables of valid Microsoft Azure search field names and types for Microsoft Azure environments.
Azure: Anomalies
Field name | Field type |
anomalyId | String |
accountId | String |
userName | String |
userType | String |
anomalyConfidence | String |
topReason | String |
activityTimingsStart | Date |
activityTimingsEnd | Date |
wasThisHelpful | String |
alertId | String |
Note
Allowed values for anomalyConfidence are High, Medium, or Low. For example anomalyConfidence:High.
Allowed values for wasThisHelpful are Yes, No, or None. For example wasThisHelpful:Yes.
Azure: Hosts
Field name | Field type |
name | String |
resourceGroup | String |
vmId | String |
image | String |
runningState | String |
instanceType | String |
region | String |
startTime | Date |
subnetId | String |
vnetId | String |
osType | String |
isPublic | Boolean |
classicPublicIpAddress | String |
hasContainerNodes | Boolean |
provisioningState | String |
privateIP | String |
primarySecurityGroup | String |
vmScaleSetId | String |
vmScaleSet | String |
tags.<tag-name> | String |
outGoingIp | String |
outGoingPort | String |
_exists_:serverAgent | Not applicable |
not _exists_:serverAgent | Not applicable |
serverAgent.agentId | String |
serverAgent.hostname | String |
serverAgent.health | String |
serverAgent.osName | String |
serverAgent.lastSeenAt | Date |
Note
Allowed values for serverAgent.health
are good
, suspicious
, bad
, or unavailable
. For example serverAgent.health:good
.
Azure: Clusters
Field name | Field type |
name | String |
resourceGroup | String |
instanceId | String |
region | String |
nodeResourceGroup | String |
rbacEnabled | Boolean |
httpEnabled | Boolean |
version | String |
tags.<tag-name> | String |
Azure: Node Groups
Field name | Field type |
resourceGroup | String |
name | String |
instanceId | String |
cluster | String |
count | Numeric |
osDiskSize | Numeric |
osType | String |
vmSize | String |
Azure: Nodes
Field name | Field type |
instanceId | String |
name | String |
namespace | String |
publicIp | String |
vmId | String |
podCIDR | String |
startTime | Date |
tags.<tag-name> | String |
Azure: Pods
Field name | Field type |
instanceId | String |
name | String |
namespace | String |
nodeName | String |
status | String |
startTime | Date |
hostIP | String |
isPublic | Boolean |
isPrivileged | Boolean |
tags.<tag-name> | String |
launchType | String |
Azure: Containers
Field name | Field type |
instanceId | String |
name | String |
image | String |
imagePullPolicy | String |
status | String |
startedTime | Date |
privileged | Boolean |
kubeHost.nodeName | String |
kubeHost.namespace | String |
tags.<tag-name> | String |
isRogueContainer | Boolean |
isSecured | Boolean |
Azure: Services
Field name | Field type |
name | String |
instanceId | String |
namespace | String |
clusterIP | String |
startTime | Date |
loadBalancerIP | String |
type | String |
Azure: Ingress
Field name | Field type |
instanceId | String |
name | String |
namespace | String |
startTime | Date |
tags.<tag-name> | String |
Azure: Network Policy
Field name | Field type |
instanceId | String |
name | String |
namespace | String |
startTime | Date |
tags.<tag-name> | String |
Azure: RBAC Roles
Field name | Field type |
instanceId | String |
roleType | String |
name | String |
namespace | String |
creationTime | Date |
tags.<tag-name> | String |
Azure: Network Security Groups
Field name | Field type |
name | String |
instanceId | String |
region | String |
resourceGroup | String |
isOpenGroup | Boolean |
isUnusedGroup | Boolean |
isOverlappedGroup | Boolean |
tags.<tag-name> | String |
Azure: Virtual Networks
Field name | Field type |
name | String |
instanceId | String |
region | String |
resourceGroup | String |
addressSpaces | String |
dnsServerIPs | String |
isDdosProtectionEnabled | Boolean |
isVmProtectionEnabled | Boolean |
tags.<tag-name> | String |
Azure: Resource Group
Field name | Field type |
name | String |
instanceId | String |
region | String |
tags.<tag-name> | String |
Azure: IoT Hub
Field name | Field type |
iotHubName | String |
instanceId | String |
region | String |
minTlsVersion | String |
enableFileUploadNotifications | Boolean |
tags.<tag-name> | String |
resourceGroup | String |
Azure: Storage Account
Field name | Field type |
name | String |
instanceId | String |
region | String |
resourceGroup | String |
creationTime | Date |
skuType | String |
isPublic | Boolean |
kind | String |
tags.<tag-name> | String |
Azure: SQL Servers
Field name | Field type |
name | String |
instanceId | String |
region | String |
resourceGroup | String |
administratorLogin | String |
isAdLoginEnabled | Boolean |
isPublic | Boolean |
kind | String |
isManagedServiceIdentityEnabled | Boolean |
tags.<tag-name> | String |
Azure: DBs
Field name | Field type |
name | String |
instanceId | String |
region | String |
resourceGroup | String |
type | String |
administratorLogin | String |
storageMB | Numeric |
geoRedundantBackup | String |
sslEnforcement | String |
isPublic | Boolean |
tags.<tag-name> | String |
Azure: Cosmos DBs
Field name | Field type |
name | String |
instanceId | String |
region | String |
resourceGroup | String |
accountOfferType | String |
documentEndpoint | String |
kind | String |
isMultipleWriteLocationsEnabled | Boolean |
isVnetEnabled | Boolean |
isPublic | Boolean |
isAutomaticFailoverEnabled | Boolean |
tags.<tag-name> | String |
Azure: Users
Field name | Field type |
name | String |
instanceId | String |
mail | String |
mainNickname | String |
signInName | String |
isActive | Boolean |
userType | String |
source | String |
tenantId | String |
Azure: Groups
Field name | Field type |
name | String |
instanceId | String |
mail | String |
tenantId | String |
serviceAccess | Boolean |
Azure: Function Apps
Field name | Field type |
name | String |
instanceId | String |
region | String |
resourceGroup | String |
alwaysOn | Boolean |
appServicePlanId | String |
clientCertEnabled | String |
containerSize | Numeric |
defaultHostName | String |
enabled | Boolean |
state | String |
repositorySiteName | String |
httpsOnly | Boolean |
lastModifiedTime | Date |
os | String |
tags.<tag-name> | String |
Azure: Apps Services
Field name | Field type |
name | String |
kind | String |
instanceId | String |
location | String |
resourceGroup | String |
alwaysOn | Boolean |
clientCertEnabled | String |
enabled | Boolean |
state | String |
httpsOnly | Boolean |
lastModifiedTime | Date |
tags.<tag-name> | String |
Azure: Logic Apps
Field name | Field type |
appname | String |
instanceId | String |
region | String |
triggerType | String |
changedTime | Date |
appState | String |
isPublic | Boolean |
Azure: Outbound Traffic
Field name | Field type |
srcAddr | String |
dstAddr | String |
dstPort | Numeric |
protocol | Numeric |
time | Date |
Azure: Inbound Traffic
Field name | Field type |
dstAddr | String |
dstPort | Numeric |
protocol | Numeric |
time | Date |
Azure Activity Log
Field Name | Field Type |
resourceId | String |
operationName | String |
category | String |
resultType | String |
resultDescription | String |
resultSignature | String |
correlationId | String |
time | Date |
location | String |
sourceIPAddress | String |
httpRequest | String |
caller | String |
level | String |
eventProperties.<key> | String |
status | String |
description | String |
production | Boolean |
identity.<key> | String |
riskReason | String |