Which of the following log elements is NOT typically included to support investigations?

Focusing on what helps investigations reconstruct what happened, logs typically capture when an event occurred, what kind of event it was, and who performed it. A timestamp lets you sequence actions and align events across systems. The event type clarifies what happened, such as login, file access, or error. A user ID identifies the actor responsible for the action, which is essential for accountability and tracing. The physical location of the server is not normally included in log records because it doesn’t directly show the sequence, nature, or actor of a given event. Location might be inferred from network data like IPs or DNS, but storing a server’s geographic location is not a standard, reliable log attribute for investigations and can raise privacy concerns.