1
_time
3
Channel
5
Computer
7
EventChannel
9
EventCode
11
EventData_Xml
13
EventDescription
15
EventID
17
EventRecordID
19
Guid
21
Image
23
Keywords
25
Level
27
Name
29
Opcode
31
ProcessGuid
33
ProcessID
35
ProcessId
37
RecordID
39
RecordNumber
41
RuleName
43
SecurityID
45
SystemTime
47
System_Props_Xml
49
Task
51
ThreadID
53
TimeCreated
55
UserID
57
UtcTime
59
Version
61
action
63
date_hour
65
date_mday
67
date_minute
69
date_month
71
date_second
73
date_wday
75
date_year
77
date_zone
79
dest
81
dvc_nt_host
83
event_id
85
eventtype
87
host
89
id
91
index
93
linecount
95
os
97
process
99
process_exec
101
process_guid
103
process_id
105
process_name
107
process_path
109
punct
111
signature
113
signature_id
115
source
117
sourcetype
119
splunk_server
121
tag
123
tag::eventtype
125
timeendpos
127
timestartpos
129
user_id
131
vendor_product
133
not set