In a large environment with numerous log events, you cannot always locate the data fields that are important to you. VMware Aria Operations for Logs (SaaS) supports the creation of fields to use in queries and filters to address this concern. Fields are a powerful way to add structure to unstructured events and allow the manipulation of both the textual and visual representation of data.

Fields are a type of regular expression query useful for complex pattern matching. With fields, you can construct queries or build filters without needing to know, remember, or learn complicated regular expressions.

VMware Aria Operations for Logs (SaaS) supports indexed, content, and extracted fields. Indexed fields are part of your VMware Aria Operations for Logs (SaaS) deployment. Content fields are installed as part of content packs. And extracted, or custom fields, are user created.

Fields are listed in the Fields pane on the Stream tab on the Explore Logs page. Click a field name to find out more about its use in queries, or click Fields Library for additional information about fields.

The Fields Library page lists all VMware Aria Operations for Logs (SaaS) fields, organizing them into two tabs - Found in query results and Other Fields. Each field card indicates the field type and includes icons, which you can click for possible user actions for the field. You can filter fields by their source - Indexed, Extracted, Public Content Pack, and Private Content Pack.