Log Insight uses machine learning to group together similar events. Event Types grouping makes troubleshooting and root cause analysis easier.
When you run queries in Log Insight, the number of results depends the query and the time range. Often queries return a large number of results. Machine learning dynamically learns and adjusts patterns from events coming to Log Insight.
The Event Types tab is located on the Interactive Analytics page, under the search bar. When you click the Event Types tab you see a list of similar events that are grouped together.
Machine learning analyzes events and discovers the types of fields that similar log messages contain. For example, the types may be timestamp, string, int, hex and others. The discovered types appear as hyperlinks within the Event Types list.
Each type that machine learning discovers represents a new type of field called smart field. The default name of a smart field follows the format smart field - type number [event_type]. You can change the default name of a smart field. After you name a smart field, it appears under the Fields section just like other fields. You can rename or delete a smart field but you cannot modify its definition.
Machine learning introduces a new static field called event_type. You can use the event_type as a filter to include or exclude certain event types from queries.