Display Filter Reference: systemd Journal Entry

Protocol field name: systemd_journal

Versions: 3.0.0 to 3.0.7

Back to Display Filter Reference

Field name Description Type Versions
systemd_journal.audit_field_apparmor Audit field AppArmor Character string 3.0.0 to 3.0.7
systemd_journal.audit_field_name Audit field name Character string 3.0.0 to 3.0.7
systemd_journal.audit_field_operation Audit field operation Character string 3.0.0 to 3.0.7
systemd_journal.audit_field_profile Audit field profile Character string 3.0.0 to 3.0.7
systemd_journal.audit_id Audit ID Unsigned integer, 4 bytes 3.0.0 to 3.0.7
systemd_journal.audit_loginuid Audit login UID Unsigned integer, 4 bytes 3.0.0 to 3.0.7
systemd_journal.audit_session Audit session Unsigned integer, 4 bytes 3.0.0 to 3.0.7
systemd_journal.audit_type Audit type Unsigned integer, 4 bytes 3.0.0 to 3.0.7
systemd_journal.available Available Unsigned integer, 4 bytes 3.0.0 to 3.0.7
systemd_journal.available_pretty Human readable available Character string 3.0.0 to 3.0.7
systemd_journal.binary_data_len Binary data length Unsigned integer, 8 bytes 3.0.0 to 3.0.7
systemd_journal.boot_id Boot ID Character string 3.0.0 to 3.0.7
systemd_journal.cap_effective Effective capability Character string 3.0.0 to 3.0.7
systemd_journal.cmdline Command line Character string 3.0.0 to 3.0.7
systemd_journal.code_file Code file Character string 3.0.0 to 3.0.7
systemd_journal.code_func Code func Character string 3.0.0 to 3.0.7
systemd_journal.code_line Code line Unsigned integer, 4 bytes 3.0.0 to 3.0.7
systemd_journal.comm Command name Character string 3.0.0 to 3.0.7
systemd_journal.coredump_unit Coredump unit Character string 3.0.0 to 3.0.7
systemd_journal.coredump_user_unit Coredump user unit Character string 3.0.0 to 3.0.7
systemd_journal.current_use Current use Unsigned integer, 4 bytes 3.0.0 to 3.0.7
systemd_journal.current_use_pretty Human readable current use Character string 3.0.0 to 3.0.7
systemd_journal.cursor Cursor Character string 3.0.0 to 3.0.7
systemd_journal.disk_available Disk available Unsigned integer, 4 bytes 3.0.0 to 3.0.7
systemd_journal.disk_available_pretty Human readable disk available Character string 3.0.0 to 3.0.7
systemd_journal.disk_keep_free Disk keep free Unsigned integer, 4 bytes 3.0.0 to 3.0.7
systemd_journal.disk_keep_free_pretty Human readable disk keep free Character string 3.0.0 to 3.0.7
systemd_journal.errno Errno Signed integer, 4 bytes 3.0.0 to 3.0.7
systemd_journal.exe Executable path Character string 3.0.0 to 3.0.7
systemd_journal.field Unknown field Label 3.0.0 to 3.0.7
systemd_journal.field.data Field data Character string 3.0.0 to 3.0.7
systemd_journal.field.name Field name Character string 3.0.0 to 3.0.7
systemd_journal.field.value Field value Character string 3.0.0 to 3.0.7
systemd_journal.gid GID Unsigned integer, 4 bytes 3.0.0 to 3.0.7
systemd_journal.hostname Hostname Character string 3.0.0 to 3.0.7
systemd_journal.job_result Job result Character string 3.0.0 to 3.0.7
systemd_journal.job_type Job type Character string 3.0.0 to 3.0.7
systemd_journal.journal_name Journal name Character string 3.0.0 to 3.0.7
systemd_journal.journal_path Journal path Character string 3.0.0 to 3.0.7
systemd_journal.kernel_device Kernel device Character string 3.0.0 to 3.0.7
systemd_journal.kernel_subsystem Kernel subsystem Character string 3.0.0 to 3.0.7
systemd_journal.kernel_usec Kernel microseconds Time offset 3.0.0 to 3.0.7
systemd_journal.leader Leader Unsigned integer, 4 bytes 3.0.0 to 3.0.7
systemd_journal.limit Limit Unsigned integer, 4 bytes 3.0.0 to 3.0.7
systemd_journal.limit_pretty Human readable limit Character string 3.0.0 to 3.0.7
systemd_journal.line_break Line break Character string 3.0.0 to 3.0.7
systemd_journal.machine_id Machine ID Character string 3.0.0 to 3.0.7
systemd_journal.max_use Max use Unsigned integer, 4 bytes 3.0.0 to 3.0.7
systemd_journal.max_use_pretty Human readable max use Character string 3.0.0 to 3.0.7
systemd_journal.message Message Character string 3.0.0 to 3.0.7
systemd_journal.message_id Message ID Character string 3.0.0 to 3.0.7
systemd_journal.monotonic_timestamp Monotonic Timestamp Time offset 3.0.0 to 3.0.7
systemd_journal.nonbinary_field Field shouldn\'t be binary Label 3.0.0 to 3.0.7
systemd_journal.object_audit_loginuid Object audit login UID Unsigned integer, 4 bytes 3.0.0 to 3.0.7
systemd_journal.object_audit_session Object audit session Unsigned integer, 4 bytes 3.0.0 to 3.0.7
systemd_journal.object_cap_effective Object effective capability Unsigned integer, 4 bytes 3.0.0 to 3.0.7
systemd_journal.object_cmdline Object command line Character string 3.0.0 to 3.0.7
systemd_journal.object_comm Object command name Character string 3.0.0 to 3.0.7
systemd_journal.object_exe Object executable path Character string 3.0.0 to 3.0.7
systemd_journal.object_gid Object GID Unsigned integer, 4 bytes 3.0.0 to 3.0.7
systemd_journal.object_pid Object PID Unsigned integer, 4 bytes 3.0.0 to 3.0.7
systemd_journal.object_selinux_context Object SELinux context Character string 3.0.0 to 3.0.7
systemd_journal.object_systemd_cgroup Object systemd cgroup Character string 3.0.0 to 3.0.7
systemd_journal.object_systemd_invocation_id Object systemd invocation ID Character string 3.0.0 to 3.0.7
systemd_journal.object_systemd_owner_uid Object systemd owner UID Unsigned integer, 4 bytes 3.0.0 to 3.0.7
systemd_journal.object_systemd_session Object systemd session Unsigned integer, 4 bytes 3.0.0 to 3.0.7
systemd_journal.object_systemd_slice Object systemd slice Character string 3.0.0 to 3.0.7
systemd_journal.object_systemd_unit Object systemd unit Character string 3.0.0 to 3.0.7
systemd_journal.object_systemd_user_slice Object systemd user slice Character string 3.0.0 to 3.0.7
systemd_journal.object_systemd_user_unit Object systemd user unit Character string 3.0.0 to 3.0.7
systemd_journal.object_uid Object UID Unsigned integer, 4 bytes 3.0.0 to 3.0.7
systemd_journal.pid PID Unsigned integer, 4 bytes 3.0.0 to 3.0.7
systemd_journal.priority Priority Unsigned integer, 1 byte 3.0.0 to 3.0.7
systemd_journal.realtime_timestamp Realtime Timestamp Date and time 3.0.0 to 3.0.7
systemd_journal.result Result Character string 3.0.0 to 3.0.7
systemd_journal.seat_id Seat ID Character string 3.0.0 to 3.0.7
systemd_journal.selinux_context SELinux context Character string 3.0.0 to 3.0.7
systemd_journal.session_id Session ID Unsigned integer, 4 bytes 3.0.0 to 3.0.7
systemd_journal.source_monotonic_timestamp Source monotonic timestamp Time offset 3.0.0 to 3.0.7
systemd_journal.source_realtime_timestamp Source realtime timestamp Date and time 3.0.0 to 3.0.7
systemd_journal.stream_id Stream ID Character string 3.0.0 to 3.0.7
systemd_journal.syslog_facility Syslog facility Unsigned integer, 1 byte 3.0.0 to 3.0.7
systemd_journal.syslog_id Syslog identifier Character string 3.0.0 to 3.0.7
systemd_journal.syslog_pid Syslog PID Unsigned integer, 4 bytes 3.0.0 to 3.0.7
systemd_journal.systemd_cgroup Systemd cgroup Character string 3.0.0 to 3.0.7
systemd_journal.systemd_invocation_id Systemd invocation ID Character string 3.0.0 to 3.0.7
systemd_journal.systemd_owner_uid Systemd owner UID Unsigned integer, 4 bytes 3.0.0 to 3.0.7
systemd_journal.systemd_session Systemd session Unsigned integer, 4 bytes 3.0.0 to 3.0.7
systemd_journal.systemd_slice Systemd slice Character string 3.0.0 to 3.0.7
systemd_journal.systemd_unit Systemd unit Character string 3.0.0 to 3.0.7
systemd_journal.systemd_user_slice Systemd user slice Character string 3.0.0 to 3.0.7
systemd_journal.systemd_user_unit Systemd user unit Character string 3.0.0 to 3.0.7
systemd_journal.transport Transport Character string 3.0.0 to 3.0.7
systemd_journal.udev_devlink Device tree symlink Character string 3.0.0 to 3.0.7
systemd_journal.udev_devnode Device tree node Character string 3.0.0 to 3.0.7
systemd_journal.udev_sysname Device tree name Character string 3.0.0 to 3.0.7
systemd_journal.uid UID Unsigned integer, 4 bytes 3.0.0 to 3.0.7
systemd_journal.unhandled_field_type Field data Character string 3.0.0 to 3.0.7
systemd_journal.user_id User ID Character string 3.0.0 to 3.0.7
systemd_journal.user_invocation_id User invocation ID Character string 3.0.0 to 3.0.7
systemd_journal.userspace_usec Userspace microseconds Time offset 3.0.0 to 3.0.7
Go Beyond with Riverbed Technology

Riverbed is Wireshark's primary sponsor and provides our funding. They also make great products that fully integrate with Wireshark.

I have a lot of traffic...

ANSWER: SteelCentral™ Packet Analyzer PE
  • • Visually rich, powerful LAN analyzer
  • • Quickly access very large pcap files
  • • Professional, customizable reports
  • • Advanced triggers and alerts
Learn More

Buy Now

No, really, I have a LOT of traffic…

ANSWER: SteelCentral™ AppResponse 11
  • • Full stack analysis – from packets to pages
  • • Rich performance metrics & pre-defined insights for fast problem identification/resolution
  • • Modular, flexible solution for deeply-analyzing network & application performance
Learn More