Log Stream Query Logs
Last modified on August 26, 2024
This feature is part of the Enterprise bundle. If it is not enabled for your organization, please contact StrongDM at the StrongDM Help Center.
Field | Type | Description | Example |
---|---|---|---|
actorAccountID | String | Unique identifier of the account that performed the query | "a-0abcdabcdab00000" |
actorEmail | String | Email of the account that performed the query, at the time the query was executed | "alice.glick@example.com" |
actorExternalID | String | External ID of the account that performed the query, at the time the query was executed | "e-bca5454" |
actorFirstName | String | Given name of the account that performed the query, at the time the query was executed | "Alice" |
actorLastName | String | Family name of the account that performed the query, at the time the query was executed | "Glick" |
actorTags | Object | Tags of the account accessed, at the time the query was executed | { "tag1": "val1", "tag2": "val2" } |
authenticationId | String | Authentication of the account associated with this query | "auth-0000000000000001" |
authz | Object | Authorization metadata associated with this query | { "formatVersion": "v1.0.0", "entities": {}, "context": {}, "requests": [], "requirements": { "error": "", "requirements": {}, "decision": "allow" } |
clientCommand | String | Command executed on the client for a Kubernetes session. | "kubectl describe pods" |
clientIP | String | IP address the query was performed from, as detected at the StrongDM control plane | "1.11.222.333" |
command | String | Command executed over an SSH or Kubernetes session | "echo hi" |
container | String | Target container of a Kubernetes operation | "nginx" |
durationMs | Integer | Duration of the query in milliseconds | 200 |
egressNodeID | String | Unique ID of the node through which the resource was accessed | "n-56988fae64a73652" |
formatVersion | String | Version of the log format | "v1.0.0" |
hash | String | Hash of the body of the query | "0da22222ba9b212ecfed33a17147c466ae0929fb" |
headers | Object | HTTP headers of a Kubernetes operation | { "header1": "value1", "header2": "value2" } |
identityAlias | String | Username of the IdentityAlias used to access the resource | "alice.glick" |
isShell | Boolean | Whether the query was executed in a shell | false |
logType | String | Type of log, always “queries” for query logs | "queries" |
pod | String | Target pod of a Kubernetes operation | "kube-dns-v20-8gsbl" |
query | String | Captured content of the query; for queries against SSH, Kubernetes, and RDP resources, this contains a JSON representation of the QueryCapture | "select name from users" |
queryCategory | String | General category of resource against which query was performed | "k8s", "queries" (datasources), "rdp", "ssh", "web", "cloud", "all" |
requestBody | String | HTTP request body of a Kubernetes operation | |
requestMethod | String | HTTP request method of a Kubernetes operation | |
requestURI | String | HTTP request URI of a Kubernetes operation | |
resourceID | String | Unique identifier of the resource against which the query was performed | "r-1caa595464152e78" |
resourceName | String | Name of the resource accessed, at the time the query was executed | "MySQL" |
resourceTags | Object | Tags of the resource accessed, at the time the query was executed | {"env": "dev"} |
resourceType | String | Specific type of resource against which query was performed | "mysql" |
rowCount | Integer | Number of records returned by the query, for a database resource | 18 |
sourceIP | String | IP address the query was performed from, as detected at the ingress gateway | "1.11.222.333" |
target | String | Target destination of the query, in host:port format | "3.33.222.111:5432" |
timestamp | String | Time at which the query was started, formatted as datetime | "2024-08-01T13:13:20.895597162Z" |
uuid | String | Unique identifier of the query | "0CEGCEGCEGCEGCEGCEGCE1234ceg" |