{
  "$schema" : "https://json-schema.org/draft/2020-12/schema",
  "type" : "object",
  "properties" : {
    "timestamp" : {
      "type" : "string",
      "format" : "date-time",
      "x-isAttributed" : false,
      "description" : "The timestamp when the event originally occurred"
    },
    "facility" : {
      "type" : "string",
      "enum" : [ "KERNEL_MESSAGES", "USER_LEVEL_MESSAGES", "MAIL_SYSTEM", "SYSTEM_DAEMONS", "SECURITY_OR_AUTHORIZATION_MESSAGES", "INTERNAL_SYSLOGD_MESSAGES", "LINE_PRINTER_SUBSYSTEM", "NETWORK_NEWS_SUBSYSTEM", "UUCP_SUBSYSTEM", "CLOCK_DAEMON", "SECURITY_OR_AUTHORIZATION_MESSAGES_2", "FTP_DAEMON", "NTP_SUBSYSTEM", "LOG_AUDIT", "LOG_ALERT", "CLOCK_DAEMON_2", "LOCAL_USE_0", "LOCAL_USE_1", "LOCAL_USE_2", "LOCAL_USE_3", "LOCAL_USE_4", "LOCAL_USE_5", "LOCAL_USE_6", "LOCAL_USE_7" ],
      "x-isAttributed" : false,
      "description" : "Syslog Facility of the event. See RFC 5424"
    },
    "severity" : {
      "type" : "string",
      "enum" : [ "EMERGENCY", "ALERT", "CRITICAL", "ERROR", "WARNING", "NOTICE", "INFORMATIONAL", "DEBUG" ],
      "x-isAttributed" : false,
      "description" : "Syslog Severity of the event. See RFC 5424"
    },
    "hostname" : {
      "type" : "string",
      "x-isAttributed" : false,
      "description" : "Hostname of the producer of the syslog event. For example, IP address, partial hostname, or fully qualified domain name (FQDN)",
      "oneOf" : [ {
        "format" : "ipv4"
      }, {
        "format" : "ipv6"
      }, {
        "format" : "hostname"
      } ]
    },
    "appname" : {
      "type" : "string",
      "x-isAttributed" : false,
      "description" : "Name of the process or command that created the syslog event on the host machine"
    },
    "source_json" : {
      "type" : "object",
      "x-isAttributed" : false,
      "description" : "The data that was received or collected by our collector or endpoint agent, formatted as JSON"
    },
    "source_data" : {
      "type" : "string",
      "x-isAttributed" : false,
      "description" : "The unparsed, original log line as received from the collector"
    },
    "custom_data" : {
      "type" : "object",
      "x-isAttributed" : false,
      "description" : "JSON string produced by applying one or more user-defined custom parsers to the original data"
    },
    "entry_id" : {
      "type" : "string",
      "x-isAttributed" : false,
      "description" : "Unique Entry ID assigned to each document or log entry"
    }
  },
  "required" : [ "timestamp" ],
  "description" : "Generic Syslog"
}