google-workspace-alerts

Get alert logs in the alert center in Google Workspace.

google-workspace-alerts [profile=PROFILE] [duration=NUM{mon|w|d|h|m|s}] [from=yyyyMMddHHmmss] [to=yyyyMMddHHmmss] [order=ORDER]

profile=PROFILE: Profile name of Google Workspace
duration=NUM{mon|w|d|h|m|s}: Scan only recent data. You should use s(second), m(minute), h(hour), d(day), mon(month) time unit. For example, 10s means data from 10 seconds earlier.
from=yyyyMMddHHmmss: Start time of range. yyyyMMddHHmmss format. If you omit time part, it will be padded by zero.
to=yyyyMMddHHmmss: End time of range. yyyyMMddHHmmss format. If you omit time part, it will be padded by zero.
order=ORDER: asc or desc.

Output Fields

Field	Type	Name	Description
profile	String	Connect profile	Google Workspace connect profile code
_time	Date	Time
severity	String	Severity	e.g. LOW, MEDIUM, HIGH
log_type	String	Log type	e.g. User reported phishing
log_source	String	Log source	e.g. Gmail phishing, Google identity
data_type	String	Data type	e.g. type.googleapis.com/google.apps.alertcenter.type.MailPhishing
title	String	Title	e.g. [Reminder] Jamboard application wind down
description	String	description	e.g. Dear Administrator,This is a reminder that ..
mail_from	String	Mail sender	Email address format
mail_to	String	Mail recipient	Email address format
mail_subject	String	Mail subject	e.g. INTRODUCTION - OFFER
msg_id	String	Message ID	e.g. OF18CC4ABB.D55E82C5-ON4825882B.0028A732@beyondsoft.com
mail_subject_md5	String	Mail subject MD5	e.g. aabbf51bde6f40eda5d00b6b94df7c65
mail_content_md5	String	Mail content MD5	e.g. 3df8675cc6df7b4ca369ffe9c768bf2c
data	Map	Data
metadata	Map	Metadata
create_time	Date	Create time
update_time	Date	Update time
start_time	Date	Start time
end_time	Date	End time
customer_id	String	Customer ID
alert_id	String	Alert ID	GUID format
etag	String	Etag	e.g. 6l6v8vd6ZqQ=