In a large environment with numerous log events, you cannot always locate the data fields that are important to you. VMware Log Intelligence supports three kinds of fields to address this concern. Fields allow you to use complex strings for filtering or querying.

Table 1. Types of fields in VMware Log Intelligence

Field Type

Definition

Actions

Admin

User

Indexed

Created by VMware Log Intelligence based on intelligent grouping algorithms applied to received logs and messages

  • None

  • None

Content

Defined in a content pack and available for use with queries after the content pack is imported.

  • Clone

  • View

Extracted or custom

Created by VMware Log Intelligence users with admin permissions based on log data and used to filter and query log events. There are ? ways to create custom fields.

  • Edit

  • Clone

  • Delete

  • View

Note:

Generic custom queries might be very slow. For example, if you attempt to extract a field by using the \(\d+\) expression, the query returns all log events that contain numbers in parenthesis. Verify that your queries contain as much textual context as possible. For example, a better field extraction query would be Event for vm\(\d+\).

Extracted fields are shown in the Fields section of the Log Explorer window.

provides runtime field extraction to address ?