Corelight_v2_corelight_metrics_disk_CL

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Attribute	Value
Custom Log V1	Yes 🔶 — uses type-suffixed column names
Ingestion API Supported	✓ Yes

Schema
Solutions
Content Items
Parsers

Schema (471 columns)

Source: KQL validation test schema

Column Name	Type
_path_s	string
_system_name_s	string
_timestamp_s	string
_timestamp_t	datetime
_version_s	string
_write_ts_t	datetime
io_data_all_active_d	real
io_data_all_time_d	real
io_data_all_time_per_second_d	real
io_data_all_time_weighted_d	real
io_data_all_time_weighted_per_second_d	real
io_data_read_bytes_d	real
io_data_read_bytes_per_second_d	real
io_data_read_completed_d	real
io_data_read_completed_per_second_d	real
io_data_read_merged_d	real
io_data_read_merged_per_second_d	real
io_data_read_time_d	real
io_data_read_time_per_second_d	real
io_data_write_bytes_d	real
io_data_write_bytes_per_second_d	real
io_data_write_completed_d	real
io_data_write_completed_per_second_d	real
io_data_write_merged_d	real
io_data_write_merged_per_second_d	real
io_data_write_time_d	real
io_data_write_time_per_second_d	real
io_dm_0_all_active_d	real
io_dm_0_all_time_d	real
io_dm_0_all_time_per_second_d	real
io_dm_0_all_time_weighted_d	real
io_dm_0_all_time_weighted_per_second_d	real
io_dm_0_read_bytes_d	real
io_dm_0_read_bytes_per_second_d	real
io_dm_0_read_completed_d	real
io_dm_0_read_completed_per_second_d	real
io_dm_0_read_merged_d	real
io_dm_0_read_merged_per_second_d	real
io_dm_0_read_time_d	real
io_dm_0_read_time_per_second_d	real
io_dm_0_write_bytes_d	real
io_dm_0_write_bytes_per_second_d	real
io_dm_0_write_completed_d	real
io_dm_0_write_completed_per_second_d	real
io_dm_0_write_merged_d	real
io_dm_0_write_merged_per_second_d	real
io_dm_0_write_time_d	real
io_dm_0_write_time_per_second_d	real
io_dm_10_all_active_d	real
io_dm_10_all_time_d	real
io_dm_10_all_time_per_second_d	real
io_dm_10_all_time_weighted_d	real
io_dm_10_all_time_weighted_per_second_d	real
io_dm_10_read_bytes_d	real
io_dm_10_read_bytes_per_second_d	real
io_dm_10_read_completed_d	real
io_dm_10_read_completed_per_second_d	real
io_dm_10_read_merged_d	real
io_dm_10_read_merged_per_second_d	real
io_dm_10_read_time_d	real
io_dm_10_read_time_per_second_d	real
io_dm_10_write_bytes_d	real
io_dm_10_write_bytes_per_second_d	real
io_dm_10_write_completed_d	real
io_dm_10_write_completed_per_second_d	real
io_dm_10_write_merged_d	real
io_dm_10_write_merged_per_second_d	real
io_dm_10_write_time_d	real
io_dm_10_write_time_per_second_d	real
io_dm_11_all_active_d	real
io_dm_11_all_time_d	real
io_dm_11_all_time_per_second_d	real
io_dm_11_all_time_weighted_d	real
io_dm_11_all_time_weighted_per_second_d	real
io_dm_11_read_bytes_d	real
io_dm_11_read_bytes_per_second_d	real
io_dm_11_read_completed_d	real
io_dm_11_read_completed_per_second_d	real
io_dm_11_read_merged_d	real
io_dm_11_read_merged_per_second_d	real
io_dm_11_read_time_d	real
io_dm_11_read_time_per_second_d	real
io_dm_11_write_bytes_d	real
io_dm_11_write_bytes_per_second_d	real
io_dm_11_write_completed_d	real
io_dm_11_write_completed_per_second_d	real
io_dm_11_write_merged_d	real
io_dm_11_write_merged_per_second_d	real
io_dm_11_write_time_d	real
io_dm_11_write_time_per_second_d	real
io_dm_12_all_active_d	real
io_dm_12_all_time_d	real
io_dm_12_all_time_per_second_d	real
io_dm_12_all_time_weighted_d	real
io_dm_12_all_time_weighted_per_second_d	real
io_dm_12_read_bytes_d	real
io_dm_12_read_bytes_per_second_d	real
io_dm_12_read_completed_d	real
io_dm_12_read_completed_per_second_d	real
io_dm_12_read_merged_d	real
io_dm_12_read_merged_per_second_d	real
io_dm_12_read_time_d	real
io_dm_12_read_time_per_second_d	real
io_dm_12_write_bytes_d	real
io_dm_12_write_bytes_per_second_d	real
io_dm_12_write_completed_d	real
io_dm_12_write_completed_per_second_d	real
io_dm_12_write_merged_d	real
io_dm_12_write_merged_per_second_d	real
io_dm_12_write_time_d	real
io_dm_12_write_time_per_second_d	real
io_dm_13_all_active_d	real
io_dm_13_all_time_d	real
io_dm_13_all_time_per_second_d	real
io_dm_13_all_time_weighted_d	real
io_dm_13_all_time_weighted_per_second_d	real
io_dm_13_read_bytes_d	real
io_dm_13_read_bytes_per_second_d	real
io_dm_13_read_completed_d	real
io_dm_13_read_completed_per_second_d	real
io_dm_13_read_merged_d	real
io_dm_13_read_merged_per_second_d	real
io_dm_13_read_time_d	real
io_dm_13_read_time_per_second_d	real
io_dm_13_write_bytes_d	real
io_dm_13_write_bytes_per_second_d	real
io_dm_13_write_completed_d	real
io_dm_13_write_completed_per_second_d	real
io_dm_13_write_merged_d	real
io_dm_13_write_merged_per_second_d	real
io_dm_13_write_time_d	real
io_dm_13_write_time_per_second_d	real
io_dm_14_all_active_d	real
io_dm_14_all_time_d	real
io_dm_14_all_time_per_second_d	real
io_dm_14_all_time_weighted_d	real
io_dm_14_all_time_weighted_per_second_d	real
io_dm_14_read_bytes_d	real
io_dm_14_read_bytes_per_second_d	real
io_dm_14_read_completed_d	real
io_dm_14_read_completed_per_second_d	real
io_dm_14_read_merged_d	real
io_dm_14_read_merged_per_second_d	real
io_dm_14_read_time_d	real
io_dm_14_read_time_per_second_d	real
io_dm_14_write_bytes_d	real
io_dm_14_write_bytes_per_second_d	real
io_dm_14_write_completed_d	real
io_dm_14_write_completed_per_second_d	real
io_dm_14_write_merged_d	real
io_dm_14_write_merged_per_second_d	real
io_dm_14_write_time_d	real
io_dm_14_write_time_per_second_d	real
io_dm_15_all_active_d	real
io_dm_15_all_time_d	real
io_dm_15_all_time_per_second_d	real
io_dm_15_all_time_weighted_d	real
io_dm_15_all_time_weighted_per_second_d	real
io_dm_15_read_bytes_d	real
io_dm_15_read_bytes_per_second_d	real
io_dm_15_read_completed_d	real
io_dm_15_read_completed_per_second_d	real
io_dm_15_read_merged_d	real
io_dm_15_read_merged_per_second_d	real
io_dm_15_read_time_d	real
io_dm_15_read_time_per_second_d	real
io_dm_15_write_bytes_d	real
io_dm_15_write_bytes_per_second_d	real
io_dm_15_write_completed_d	real
io_dm_15_write_completed_per_second_d	real
io_dm_15_write_merged_d	real
io_dm_15_write_merged_per_second_d	real
io_dm_15_write_time_d	real
io_dm_15_write_time_per_second_d	real
io_dm_16_all_active_d	real
io_dm_16_all_time_d	real
io_dm_16_all_time_per_second_d	real
io_dm_16_all_time_weighted_d	real
io_dm_16_all_time_weighted_per_second_d	real
io_dm_16_read_bytes_d	real
io_dm_16_read_bytes_per_second_d	real
io_dm_16_read_completed_d	real
io_dm_16_read_completed_per_second_d	real
io_dm_16_read_merged_d	real
io_dm_16_read_merged_per_second_d	real
io_dm_16_read_time_d	real
io_dm_16_read_time_per_second_d	real
io_dm_16_write_bytes_d	real
io_dm_16_write_bytes_per_second_d	real
io_dm_16_write_completed_d	real
io_dm_16_write_completed_per_second_d	real
io_dm_16_write_merged_d	real
io_dm_16_write_merged_per_second_d	real
io_dm_16_write_time_d	real
io_dm_16_write_time_per_second_d	real
io_dm_1_all_active_d	real
io_dm_1_all_time_d	real
io_dm_1_all_time_per_second_d	real
io_dm_1_all_time_weighted_d	real
io_dm_1_all_time_weighted_per_second_d	real
io_dm_1_read_bytes_d	real
io_dm_1_read_bytes_per_second_d	real
io_dm_1_read_completed_d	real
io_dm_1_read_completed_per_second_d	real
io_dm_1_read_merged_d	real
io_dm_1_read_merged_per_second_d	real
io_dm_1_read_time_d	real
io_dm_1_read_time_per_second_d	real
io_dm_1_write_bytes_d	real
io_dm_1_write_bytes_per_second_d	real
io_dm_1_write_completed_d	real
io_dm_1_write_completed_per_second_d	real
io_dm_1_write_merged_d	real
io_dm_1_write_merged_per_second_d	real
io_dm_1_write_time_d	real
io_dm_1_write_time_per_second_d	real
io_dm_2_all_active_d	real
io_dm_2_all_time_d	real
io_dm_2_all_time_per_second_d	real
io_dm_2_all_time_weighted_d	real
io_dm_2_all_time_weighted_per_second_d	real
io_dm_2_read_bytes_d	real
io_dm_2_read_bytes_per_second_d	real
io_dm_2_read_completed_d	real
io_dm_2_read_completed_per_second_d	real
io_dm_2_read_merged_d	real
io_dm_2_read_merged_per_second_d	real
io_dm_2_read_time_d	real
io_dm_2_read_time_per_second_d	real
io_dm_2_write_bytes_d	real
io_dm_2_write_bytes_per_second_d	real
io_dm_2_write_completed_d	real
io_dm_2_write_completed_per_second_d	real
io_dm_2_write_merged_d	real
io_dm_2_write_merged_per_second_d	real
io_dm_2_write_time_d	real
io_dm_2_write_time_per_second_d	real
io_dm_3_all_active_d	real
io_dm_3_all_time_d	real
io_dm_3_all_time_per_second_d	real
io_dm_3_all_time_weighted_d	real
io_dm_3_all_time_weighted_per_second_d	real
io_dm_3_read_bytes_d	real
io_dm_3_read_bytes_per_second_d	real
io_dm_3_read_completed_d	real
io_dm_3_read_completed_per_second_d	real
io_dm_3_read_merged_d	real
io_dm_3_read_merged_per_second_d	real
io_dm_3_read_time_d	real
io_dm_3_read_time_per_second_d	real
io_dm_3_write_bytes_d	real
io_dm_3_write_bytes_per_second_d	real
io_dm_3_write_completed_d	real
io_dm_3_write_completed_per_second_d	real
io_dm_3_write_merged_d	real
io_dm_3_write_merged_per_second_d	real
io_dm_3_write_time_d	real
io_dm_3_write_time_per_second_d	real
io_dm_4_all_active_d	real
io_dm_4_all_time_d	real
io_dm_4_all_time_per_second_d	real
io_dm_4_all_time_weighted_d	real
io_dm_4_all_time_weighted_per_second_d	real
io_dm_4_read_bytes_d	real
io_dm_4_read_bytes_per_second_d	real
io_dm_4_read_completed_d	real
io_dm_4_read_completed_per_second_d	real
io_dm_4_read_merged_d	real
io_dm_4_read_merged_per_second_d	real
io_dm_4_read_time_d	real
io_dm_4_read_time_per_second_d	real
io_dm_4_write_bytes_d	real
io_dm_4_write_bytes_per_second_d	real
io_dm_4_write_completed_d	real
io_dm_4_write_completed_per_second_d	real
io_dm_4_write_merged_d	real
io_dm_4_write_merged_per_second_d	real
io_dm_4_write_time_d	real
io_dm_4_write_time_per_second_d	real
io_dm_5_all_active_d	real
io_dm_5_all_time_d	real
io_dm_5_all_time_per_second_d	real
io_dm_5_all_time_weighted_d	real
io_dm_5_all_time_weighted_per_second_d	real
io_dm_5_read_bytes_d	real
io_dm_5_read_bytes_per_second_d	real
io_dm_5_read_completed_d	real
io_dm_5_read_completed_per_second_d	real
io_dm_5_read_merged_d	real
io_dm_5_read_merged_per_second_d	real
io_dm_5_read_time_d	real
io_dm_5_read_time_per_second_d	real
io_dm_5_write_bytes_d	real
io_dm_5_write_bytes_per_second_d	real
io_dm_5_write_completed_d	real
io_dm_5_write_completed_per_second_d	real
io_dm_5_write_merged_d	real
io_dm_5_write_merged_per_second_d	real
io_dm_5_write_time_d	real
io_dm_5_write_time_per_second_d	real
io_dm_6_all_active_d	real
io_dm_6_all_time_d	real
io_dm_6_all_time_per_second_d	real
io_dm_6_all_time_weighted_d	real
io_dm_6_all_time_weighted_per_second_d	real
io_dm_6_read_bytes_d	real
io_dm_6_read_bytes_per_second_d	real
io_dm_6_read_completed_d	real
io_dm_6_read_completed_per_second_d	real
io_dm_6_read_merged_d	real
io_dm_6_read_merged_per_second_d	real
io_dm_6_read_time_d	real
io_dm_6_read_time_per_second_d	real
io_dm_6_write_bytes_d	real
io_dm_6_write_bytes_per_second_d	real
io_dm_6_write_completed_d	real
io_dm_6_write_completed_per_second_d	real
io_dm_6_write_merged_d	real
io_dm_6_write_merged_per_second_d	real
io_dm_6_write_time_d	real
io_dm_6_write_time_per_second_d	real
io_dm_7_all_active_d	real
io_dm_7_all_time_d	real
io_dm_7_all_time_per_second_d	real
io_dm_7_all_time_weighted_d	real
io_dm_7_all_time_weighted_per_second_d	real
io_dm_7_read_bytes_d	real
io_dm_7_read_bytes_per_second_d	real
io_dm_7_read_completed_d	real
io_dm_7_read_completed_per_second_d	real
io_dm_7_read_merged_d	real
io_dm_7_read_merged_per_second_d	real
io_dm_7_read_time_d	real
io_dm_7_read_time_per_second_d	real
io_dm_7_write_bytes_d	real
io_dm_7_write_bytes_per_second_d	real
io_dm_7_write_completed_d	real
io_dm_7_write_completed_per_second_d	real
io_dm_7_write_merged_d	real
io_dm_7_write_merged_per_second_d	real
io_dm_7_write_time_d	real
io_dm_7_write_time_per_second_d	real
io_dm_8_all_active_d	real
io_dm_8_all_time_d	real
io_dm_8_all_time_per_second_d	real
io_dm_8_all_time_weighted_d	real
io_dm_8_all_time_weighted_per_second_d	real
io_dm_8_read_bytes_d	real
io_dm_8_read_bytes_per_second_d	real
io_dm_8_read_completed_d	real
io_dm_8_read_completed_per_second_d	real
io_dm_8_read_merged_d	real
io_dm_8_read_merged_per_second_d	real
io_dm_8_read_time_d	real
io_dm_8_read_time_per_second_d	real
io_dm_8_write_bytes_d	real
io_dm_8_write_bytes_per_second_d	real
io_dm_8_write_completed_d	real
io_dm_8_write_completed_per_second_d	real
io_dm_8_write_merged_d	real
io_dm_8_write_merged_per_second_d	real
io_dm_8_write_time_d	real
io_dm_8_write_time_per_second_d	real
io_dm_9_all_active_d	real
io_dm_9_all_time_d	real
io_dm_9_all_time_per_second_d	real
io_dm_9_all_time_weighted_d	real
io_dm_9_all_time_weighted_per_second_d	real
io_dm_9_read_bytes_d	real
io_dm_9_read_bytes_per_second_d	real
io_dm_9_read_completed_d	real
io_dm_9_read_completed_per_second_d	real
io_dm_9_read_merged_d	real
io_dm_9_read_merged_per_second_d	real
io_dm_9_read_time_d	real
io_dm_9_read_time_per_second_d	real
io_dm_9_write_bytes_d	real
io_dm_9_write_bytes_per_second_d	real
io_dm_9_write_completed_d	real
io_dm_9_write_completed_per_second_d	real
io_dm_9_write_merged_d	real
io_dm_9_write_merged_per_second_d	real
io_dm_9_write_time_d	real
io_dm_9_write_time_per_second_d	real
io_os_all_active_d	real
io_os_all_time_d	real
io_os_all_time_per_second_d	real
io_os_all_time_weighted_d	real
io_os_all_time_weighted_per_second_d	real
io_os_read_bytes_d	real
io_os_read_bytes_per_second_d	real
io_os_read_completed_d	real
io_os_read_completed_per_second_d	real
io_os_read_merged_d	real
io_os_read_merged_per_second_d	real
io_os_read_time_d	real
io_os_read_time_per_second_d	real
io_os_write_bytes_d	real
io_os_write_bytes_per_second_d	real
io_os_write_completed_d	real
io_os_write_completed_per_second_d	real
io_os_write_merged_d	real
io_os_write_merged_per_second_d	real
io_os_write_time_d	real
io_os_write_time_per_second_d	real
io_sda_all_active_d	real
io_sda_all_time_d	real
io_sda_all_time_per_second_d	real
io_sda_all_time_weighted_d	real
io_sda_all_time_weighted_per_second_d	real
io_sda_read_bytes_d	real
io_sda_read_bytes_per_second_d	real
io_sda_read_completed_d	real
io_sda_read_completed_per_second_d	real
io_sda_read_merged_d	real
io_sda_read_merged_per_second_d	real
io_sda_read_time_d	real
io_sda_read_time_per_second_d	real
io_sda_write_bytes_d	real
io_sda_write_bytes_per_second_d	real
io_sda_write_completed_d	real
io_sda_write_completed_per_second_d	real
io_sda_write_merged_d	real
io_sda_write_merged_per_second_d	real
io_sda_write_time_d	real
io_sda_write_time_per_second_d	real
io_sdb_all_active_d	real
io_sdb_all_time_d	real
io_sdb_all_time_per_second_d	real
io_sdb_all_time_weighted_d	real
io_sdb_all_time_weighted_per_second_d	real
io_sdb_read_bytes_d	real
io_sdb_read_bytes_per_second_d	real
io_sdb_read_completed_d	real
io_sdb_read_completed_per_second_d	real
io_sdb_read_merged_d	real
io_sdb_read_merged_per_second_d	real
io_sdb_read_time_d	real
io_sdb_read_time_per_second_d	real
io_sdb_write_bytes_d	real
io_sdb_write_bytes_per_second_d	real
io_sdb_write_completed_d	real
io_sdb_write_completed_per_second_d	real
io_sdb_write_merged_d	real
io_sdb_write_merged_per_second_d	real
io_sdb_write_time_d	real
io_sdb_write_time_per_second_d	real
io_sr0_all_active_d	real
io_sr0_all_time_d	real
io_sr0_all_time_per_second_d	real
io_sr0_all_time_weighted_d	real
io_sr0_all_time_weighted_per_second_d	real
io_sr0_read_bytes_d	real
io_sr0_read_bytes_per_second_d	real
io_sr0_read_completed_d	real
io_sr0_read_completed_per_second_d	real
io_sr0_read_merged_d	real
io_sr0_read_merged_per_second_d	real
io_sr0_read_time_d	real
io_sr0_read_time_per_second_d	real
io_sr0_write_bytes_d	real
io_sr0_write_bytes_per_second_d	real
io_sr0_write_completed_d	real
io_sr0_write_completed_per_second_d	real
io_sr0_write_merged_d	real
io_sr0_write_merged_per_second_d	real
io_sr0_write_time_d	real
io_sr0_write_time_per_second_d	real
TimeGenerated	datetime
usage_data_d	real
usage_os_d	real