Exclude Content Pack Field Extraction from Log Events Search

You can exclude content pack fields from extraction when searching log events to increase the query's performance.

Important: Only exclude content packs that are not required to be extracted as part of the specific search.

Prerequisites

Verify that you are logged into the VMware Aria Operations for Logs web user interface. The URL format is https://<operations_for_logs-host>, where operations_for_logs-host is the IP address or host name of the VMware Aria Operations for Logs virtual appliance.

Procedure

Expand the main menu and click Explore Logs.
Click Content Packs to open the drop-down menu.
1. Select All to select all content packs for the log search.
2. Select only the content packs you want to include in the log search results.
Click Search.

Note: If the extracted field participates in the query filter and its content pack is excluded from the search, then the extracted field is used to create the query results. However, the extracted field does not appear in the search results.

Results

Only selected content pack fields are extracted during the log events search.

What to do next

You can save this search query for future use.