# Output datatree for events
The output datatree contains basic information about the event like the outcome and timestamp. Additionally, it contains data objects about the following:
- Authentication context
- Security context
- Transaction information
- Targets of the event
|Version||A versioning indicator.|
The entity that created the event.
|ID||ID of the actor.|
|Type||Type of actor.|
|Alternate ID||Alternative ID of the actor.|
|Display Name||Display name of the actor.|
|Detail||Details about the actor.|
Where the HTTP request originated from.
|User Agent object||A software acting on behalf of a user. This object includes the User agent, OS, and Browser.|
|Zone||Display name of the actor.|
|Device||The type of device (for example, a computer).|
|ID||ID of the OAuth client or ID of the agent.|
|IP address||The IP address where the request originated.|
|Geographical context object||The physical location where the client made the request. It contains information about city, state, country, postal code as well as geolocation coordinates.|
|Authentication context |
This contains metadata about how the actor was authenticated.
|Authentication provider||The system that proves the identity of an actor.|
|Credential provider||A credential provider is a software service that manages identities and their associated credentials.|
|Credential type||The credential type used.|
|Interface||The third party user interface.|
|Authentication step||A zero-based step number in the authentication pipeline.|
|External session ID||A proxy for the actor's session ID.|
|Issuer object||The specific software entity that created and issued the credential. It contains information about The ID and type of the authorization server.|
|Display message||The display message for the event.|
|Event type||The type of event that was retrieved.|
Information about the result of the event.
|Result||Result of the action.|
|Reason||The result of the result. Usually, this describes the error message.|
|Published||The timestamp when the event was published.|
|Security context |
Security data of the event.
|As number||Autonomous system number associated with the autonomous system that the event request was sourced to. Learn more here.|
|As organization||Organization associated with the autonomous system that the event request was sourced to.|
|ISP||The internet service provider used to send the event request.|
|Domain||The domain name associated with the IP address of the inbound event request.|
|Is proxy||Specifies whether this event's request is from a known proxy.|
|Severity||This indicates how severe the event is.|
|Debug context||Contains additional information about the event. The debug data includes Request URI, Request ID, and URL.|
|Legacy event type||Associated events API attribute value.|
Transaction details of the event.
|Type||Describes the kind of transaction. For example, `Web` or `Job`.|
|ID||The unique identifiers for this transaction.|
|UUID||A unique identifier for this event.|
|Request||Information about the request that triggered this event. If it is sourced from a HTTP request, it will return an IP chain.|
A list datapill that describes the targets of the event.
|ID||ID of the target.|
|Type||Type of the target|
|Alternate ID||The alternative ID of the target.|
|Display name||The display name of the target.|
|Detail entry||Details about the target.|
|List size||The number of targets in the list.|
|List index||The index of this target in the list of targets.|
Find out more about Okta's log event object here (opens new window).
Last updated: 3/29/2023, 2:00:59 PM