System Fields

System fields are fields that occur with every event ingested by the system. The system fields describe the data and include

• _filename - The name of the originating source file
• _host - The host of the originating data
• _agent - The role of the agent responsible for serving the data.
• _type- The data type assigned to file
• _tag- The data source of the data
• _path- The full path and file name of the data

Time Based System Fields

The timestamp is broken up into the following system fields.

• _dayOfWeek
• _dayOfMonth
• _month
• _hour
• _minute
• _date

These date fields can be used to group searches by time boundaries. For example, this searches for all the unique client ip addresses for each day.

| _type.equals(www) _dayOfMonth.countUnique(clientIp,)