1
_time
3
annotations.authorization.k8s.io/decision
5
annotations.authorization.k8s.io/reason
7
apiVersion
9
auditID
11
eventtype
13
host
15
index
17
kind
19
level
21
linecount
23
objectRef.apiGroup
25
objectRef.apiVersion
27
objectRef.namespace
29
objectRef.resource
31
punct
33
requestReceivedTimestamp
35
requestURI
37
responseObject.apiVersion
39
responseObject.code
41
responseObject.details.group
43
responseObject.details.kind
45
responseObject.kind
47
responseObject.message
49
responseObject.reason
51
responseObject.status
53
responseStatus.code
55
responseStatus.details.group
57
responseStatus.details.kind
59
responseStatus.message
61
responseStatus.reason
63
responseStatus.status
65
source
67
sourceIPs{}
69
sourcetype
71
splunk_server
73
stage
75
stageTimestamp
77
tag
79
tag::eventtype
81
timestamp
83
user.groups{}
85
user.uid
87
user.username
89
userAgent
91
verb
93
not set