In a large environment with numerous log events, you cannot always locate the data fields that are important to you. VMware Log Intelligence provides runtime field extraction to address this problem.
You can also create custom extracted fields dynamically. You identify these fields with regular expressions.
Generic queries might be very slow. For example, if you attempt to extract a field by using the
\(\d+\) expression, the query returns all log events that contain numbers in parenthesis. Verify that your queries contain as much textual context as possible. For example, a better field extraction query would be
Event for vm\(\d+\).
You can use extracted fields to search and filter log events.
Extracted fields are shown in the Fields section of the Log Explorer window.