Field Reference

Events Table Fields

Field Description Example

sourceip

Source IP address

10.238.10.50

destinationip

Destination IP

10.238.40.1

sourceport

Source port

54321

destinationport

Destination port

443

username

Username from log

jsmith

logsourceid

Log source ID

65

qid

QRadar event ID

5000001

eventcount

Aggregated count

1

magnitude

Severity (1-10)

7

starttime

Timestamp (epoch ms)

1704825600000

payload

Raw log data

(text)

category

Category ID

8302

Flows Table Fields

Field Description

sourceip

Source IP

destinationip

Destination IP

sourceport

Source port

destinationport

Destination port

sourcebytes

Bytes from source

destinationbytes

Bytes from destination

flowbytes

Total bytes

flowcount

Aggregated flow count

protocolid

6=TCP, 17=UDP

applicationname

Layer 7 app name (flows only!)

Related

AQL Functions