1
CategoryString
3
Channel
5
Computer
7
EventCode
9
EventData_Xml
11
EventID
13
EventRecordID
15
Guid
17
Image_File_Name
19
Keywords
21
Level
23
Name
25
Opcode
27
PrivilegeList
29
ProcessID
31
RecordNumber
33
RenderingInfo_Xml
35
SamAccountName
37
SidHistory
39
SourceName
41
SubStatus
43
SubjectDomainName
45
SubjectLogonId
47
SubjectUserName
49
SubjectUserSid
51
SystemTime
53
System_Props_Xml
55
TargetDomainName
57
TargetSid
59
TargetUserName
61
Task
63
TaskCategory
65
ThreadID
67
Version
69
action
71
category
73
date_hour
75
date_mday
77
date_minute
79
date_month
81
date_second
83
date_wday
85
date_year
87
date_zone
89
dvc
91
dvc_nt_host
93
event_id
95
eventtype
97
host
99
id
101
index
103
linecount
105
name
107
parent_process
109
process_name
111
punct
113
result
115
service
117
service_id
119
service_name
121
severity
123
severity_id
125
signature
127
signature_id
129
source
131
sourcetype
133
splunk_server
135
splunk_server_group
137
subject
139
tag
141
tag::action
143
tag::eventtype
145
timeendpos
147
timestartpos
149
user_group_id
151
user_id
153
vendor_product
155
_bkt
157
_cd
159
_eventtype_color
161
_indextime
163
_raw
165
_serial
167
_si
169
_sourcetype
171
_subsecond
173
_time
175
not set