# Output datatree for events
The output datatree contains basic information about the event like the outcome and timestamp. Additionally, it contains data objects about the following:
- Actor
- Client
- Authentication context
- Security context
- Transaction information
- Targets of the event
Output field | Description | |
---|---|---|
Version | A versioning indicator. | |
Actor The entity that created the event. | ID | ID of the actor. |
Type | Type of actor. | |
Alternate ID | Alternative ID of the actor. | |
Display Name | Display name of the actor. | |
Detail | Details about the actor. | |
Client Where the HTTP request originated from. | User Agent object | A software acting on behalf of a user. This object includes the User agent, OS, and Browser. |
Zone | Display name of the actor. | |
Device | The type of device (for example, a computer). | |
ID | ID of the OAuth client or ID of the agent. | |
IP address | The IP address where the request originated. | |
Geographical context object | The physical location where the client made the request. It contains information about city, state, country, postal code as well as geolocation coordinates. | |
Authentication context This contains metadata about how the actor was authenticated. | Authentication provider | The system that proves the identity of an actor. |
Credential provider | A credential provider is a software service that manages identities and their associated credentials. | |
Credential type | The credential type used. | |
Interface | The third party user interface. | |
Authentication step | A zero-based step number in the authentication pipeline. | |
External session ID | A proxy for the actor's session ID. | |
Issuer object | The specific software entity that created and issued the credential. It contains information about The ID and type of the authorization server. | |
Display message | The display message for the event. | |
Event type | The type of event that was retrieved. | |
Outcome Information about the result of the event. | Result | Result of the action. |
Reason | The result of the result. Usually, this describes the error message. | |
Published | The timestamp when the event was published. | |
Security context Security data of the event. | As number | Autonomous system number associated with the autonomous system that the event request was sourced to. Learn more here. |
As organization | Organization associated with the autonomous system that the event request was sourced to. | |
ISP | The internet service provider used to send the event request. | |
Domain | The domain name associated with the IP address of the inbound event request. | |
Is proxy | Specifies whether this event's request is from a known proxy. | |
Severity | This indicates how severe the event is. | |
Debug context | Contains additional information about the event. The debug data includes Request URI, Request ID, and URL. | |
Legacy event type | Associated events API attribute value. | |
Transaction Transaction details of the event. | Type | Describes the kind of transaction. For example, `Web` or `Job`. |
ID | The unique identifiers for this transaction. | |
UUID | A unique identifier for this event. | |
Request | Information about the request that triggered this event. If it is sourced from a HTTP request, it will return an IP chain. | |
Target A list datapill that describes the targets of the event. | ID | ID of the target. |
Type | Type of the target | |
Alternate ID | The alternative ID of the target. | |
Display name | The display name of the target. | |
Detail entry | Details about the target. | |
List size | The number of targets in the list. | |
List index | The index of this target in the list of targets. |
Find out more about Okta's log event object here (opens new window).
Last updated: 3/29/2023, 2:00:59 PM