You can duplicate an extracted field.

You use the Duplicate option when you want to extract more than one field from an event and both fields appear in a similar context. After you extract a field and save it, open the extracted field definition and use the Duplicate option. The duplicated field has the exact same definition as the original extracted field. You can modify the definition of the duplicated field to match another value in the event that interests you.

Normal users can duplicate only their own content. Administrator users can modify their own content and their shared content.

Prerequisites

Verify that you are logged in to the vRealize Log Insight web user interface as a user associated with the User role, or a role that has the relevant permissions. For more information, see Create and Modify Roles in Administering vRealize Log Insight. The URL format of the web user interface is https://log_insight-host, where log_insight-host is the IP address or host name of the vRealize Log Insight virtual appliance.

Procedure

  1. Expand the main menu and click Explore Logs.
  2. At the top of the Fields pane, click Manage extracted fields "" and select an extracted field from the list.
  3. Click Duplicate to create a copy of the field.
  4. (Optional) Modify the Extracted value regular expression in the Fields pane.
  5. (Optional) Modify the Pre and post context regular expressions in the Fields pane.
  6. (Optional) Click "" Add additional context to add more keywords and filters.
    You can add one or more keywords and use a single static field as a filter.
  7. If you are an administrator or a user with edit access for the Explore Logs > Extracted Fields permission, select which users can access the field from the drop down menu.
    Option Description
    All users All users will see the field in their events and in the filter drop-down menu.
    Me only Only the creator of the field will see the field in their events and filter drop down menu.
  8. Click Save.

What to do next

You can use the extracted field to search and filter the list of log events, or to aggregate events in the Explore Logs chart.

You can modify saved field definitions or delete them if you no longer need them.