# Output datatree for events

The output datatree contains basic information about the event like the outcome and timestamp. Additionally, it contains data objects about the following:

  • Actor
  • Client
  • Authentication context
  • Security context
  • Transaction information
  • Target(s) of the event
Output field Description
Version A versioning indicator.
Actor
The entity that created the event.
ID ID of the actor.
Type Type of actor.
Alternate ID Alternative ID of the ator.
Display Name Display name of the actor.
Detail Details about the actor.
Client
Where the HTTP request originated from.
User Agent object A software acting on behalf of a user. This object includes the User agent, OS, and Browser.
Zone Display name of the actor.
Device The type of device (e.g. a computer).
ID ID of the OAuth client or ID of the agent.
IP address The IP address where the request originated.
Geographical context object The physical location where the client made the request. It contains information about city, state, country, postal code as well as geolocation coordinates.
Authentication context
This contains metadata about how the actor was authenticated.
Authentication provider The system that proves the identity of an actor.
Credential provider A credential provider is a software service that manages identities and their associated credentials.
Credential type The credential type used.
Interface The third party user interface.
Authentication step A zero-based step number in the authentication pipeline.
External session ID A proxy for the actor's session ID.
Issuer object The specific software entity that created and issued the credential. It contains information about The ID and type of the authorization server.
Display message The display message for the event.
Event type The type of event that was retrieved.
Outcome
Information about the result of the event.
Result Result of the action.
Reason The result of the result. Usually, this describes the error message.
Published The timestamp when the event was published.
Security context
Security data of the event.
As number Autonomous system number associated with the autonomous system that the event request was sourced to. Learn more here.
As organization Organization associated with the autonomous system that the event request was sourced to.
ISP The internet service provider used to send the event request.
Domain The domain name associated with the IP address of the inbound event request.
Is proxy Specifies whether this event's request is from a known proxy.
Severity This indivates how severe the event is.
Debug context Contains additional information about the event. The debug data includes Request URI, Request ID, and URL.
Legacy event type Associated events API attribute value.
Transaction
Transaction details of the event.
Type Describes the kind of transaction. For example, `Web` or `Job`.
ID The unique identifiers for this transaction.
UUID A unique identifier for this event.
Request Information about the request that triggered this event. If it is sourced from a HTTP request, it will return an IP chain.
Target
A list datapill that describes the target(s) of the event.
ID ID of the target.
Type Type of the target
Alternate ID The alternative ID of the target.
Display name The display name of the target.
Detail entry Details about the target.
List size The number of targets in the list.
List index The index of this target in the list of targets.

Find out more about Okta's log event object here (opens new window).