An IP address. Either an IPv4 address represented in dot-decimal notation, or an IPv6 address in hex-colon notation as specified in the IETF RFC 4291 specification. The primary type of action that was undertaken as part of the event. The status or result of the action should be detailed in the status field. A relative indication of the criticality, or impact, of an event. Events with a higher crit value have a potential for greater impact. For example, a hard disk failure is more critical that a user login. The environment or domain of the event. Typical event domains include network ("net"), operating system ("os"), and application ("app"). The event message id. Events generated by the same producer and having the same id value must be of the same event type. The type of object that is targeted or otherwise affected by the event. The application that is responsible for generating the event record. Where applicable, the p_app identifier should uniquely identify the application using the application name, version, and vendor information. The name of the process that produced the event record. The process should belong to the application identified by the p_app field. If necessary, the process ID can be included via the p_proc_id field. The process identifier ("pid") of the process that generated the event record. The hostname of the system that generated the event record. The event priority, expressed as an integer value. A higher pri value indicates a higher processing or transmission priority. Systems the produce or process event logs should use the pri field to prioritize their processing queues. The service the event involves. The service field value provides context to the event action or more precision to the event domain. A URI that resolves to the location of CEE Profile XML Schema file that defines the CEE Event Profile. The version of the CEE Profile that was used to construct the event. The actual CEE Profile XML Schema file location should be denoted by the value of the "profile" field. The end result or status of the event action identified by the action field. The type of object that initiated or started the event action identified by the action field. A list of uncategories CEE Taxonomy tag classifiers. The time the event occurred. This timestamp should have microsecond (1E-6 seconds) granularity and include the timezone GMT offset.