RawLogResult

RawLogResult contains a single result match that is one of unparsed raw log, telemetry event, or entity context event. Along with that this contains summary, id, logType of the log that generated the result.

JSON representation 
{
  "summary": string,
  "id": string,
  "logType": {
    object (LogType)
  },

  // Union field result can be only one of the following:
  "event": {
    object (Event)
  },
  "entity": {
    object (Entity)
  },
  "snippet": {
    object (RawLogSnippet)
  }
  // End of list of possible types for union field result.
}
Fields
summary

string

If the result is unparsed log, summary will be a snippet for unparsed raw log. If the result is a telemetry event or a context event, it will be a description of the event.
id

string (bytes format)

Id for raw log / entity / event result.

A base64-encoded string.
logType

object (LogType)

Log type of the result.

Union field result.

result can be only one of the following:
event

object (Event)

Normalized UDM event from the raw log that matched search query.
entity

object (Entity)

Normalized entity context event from the raw log that matched search query.
snippet

object (RawLogSnippet)

Raw log snippet in case of unparsed log.

RawLogSnippet

RawLog contains raw log id, ingestion time, and a snippet of the log.

JSON representation 
{
  "id": string,
  "snippet": string,
  "ingestionTime": string
}
Fields
id

string (bytes format)

ID of the raw log.

A base64-encoded string.
snippet

string

Snippet of the raw log.
ingestionTime

string (Timestamp format)

Ingestion time of the raw log.

Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".