Field reference for SIEM integration

The string used to format data may include any of several keys, listed in the table below. Each key appears as follows in the format string:

%<key_name>

Key names are case sensitive.

• To include literal text in the string, simply enter the text. No special formatting is required.
• To include a timestamp, use the format:

  %<:%b %d %H:%M:%S %Z>

  See documentation for the strftime function for information about how to customize the string to suit your needs.

• To insert a line feed, use the format:

  %<\n>