Environment Variable
|
Description
|
%EventId%
|
Event ID, equivalent to the Event Id field in Event Viewer.
|
%Computer%
|
Name of the computer the event was generated on.
|
%Date%
|
Date the event was created, from the TimeGenerated field.
|
%Time%
|
Time the event was created, from the TimeGenerated field.
|
%Type%
|
Type of the event, I = Informational, W = Warning, E = Error, S = Audit Success, F = Audit Failure, C = Critical, and V = Verbose.
|
%Logname%
|
Name of the event log the event originated from.
|
%Source%
|
The source of the event, equivalent to the Source field in Event Viewer.
|
%Category%
|
The category of the event, equivalent to the Category field in Event Viewer.
|
%User%
|
The Username of the account that generated the event.
|
%Message%
|
Message text of the event. This variable has white space, tabs, and new lines trimmed.
|
%ViewName%
|
Name of the Event View the event originated from.
|
%ViewIndex%
|
The unique index of the Event View the event originated from.
|
%MethodName%
|
Name of the Notification Method the event originated from.
|
%MethodIndex%
|
The unique index of the Notification Method the event originated from..
|
%Client_Username%
|
Name of the user from security events.
|
%Client_Domain%
|
Domain Name from security events.
|
%Workstation%
|
Workstation name from security events.
|
%Logon_ID%
|
Logon ID from security events.
|
%Object%
|
Name of the Object from audit events.
|
%Logon_Type%
|
Type of Logon (RDP, Local, service, etc) from security events.
|
%Accessess%
|
|
%Handle_Id%
|
Handle ID to track unique logons from security events.
|
%Source_Address%
|
Source IP address.
|
%Source_Port%
|
Source port number.
|
%Agent_Description%
|
Agent description field property from licensed ELM Agents.
|
