1
_time
3
action
5
app
7
awsRegion
9
aws_account_id
11
change_type
13
command
15
date_hour
17
date_mday
19
date_minute
21
date_month
23
date_second
25
date_wday
27
date_year
29
date_zone
31
dest
33
dvc
35
errorCode
37
eventCategory
39
eventID
41
eventName
43
eventSource
45
eventTime
47
eventType
49
eventVersion
51
eventtype
53
host
55
index
57
linecount
59
managementEvent
61
msg
63
object_category
65
product
67
punct
69
readOnly
71
recipientAccountId
73
region
75
requestID
77
requestParameters.policyArn
79
requestParameters.policyDocument
81
requestParameters.setAsDefault
83
responseElements.policyVersion.createDate
85
responseElements.policyVersion.isDefaultVersion
87
responseElements.policyVersion.versionId
89
signature
91
source
93
sourceIPAddress
95
sourcetype
97
splunk_server
99
src
101
src_ip
103
start_time
105
status
107
tag
109
tag::eventtype
111
timeendpos
113
timestartpos
115
user
117
userAgent
119
userIdentity.accessKeyId
121
userIdentity.accountId
123
userIdentity.arn
125
userIdentity.principalId
127
userIdentity.type
129
userIdentity.userName
131
userName
133
user_access_key
135
user_agent
137
user_arn
139
user_group_id
141
user_id
143
user_name
145
user_type
147
vendor
149
vendor_account
151
vendor_product
153
vendor_region
155
not set