Instead of typing context values for extracting fields dynamically, you can use the one-click extract function.

The one-click extract populates all context values that correspond to the field that you select in a log event.

Note: The one-click extract option is available only in Events tab.

Prerequisites

Verify that you are logged in to the vRealize Log Insight web user interface as a user associated with the User role, or a role that has the relevant permissions. For more information, see Create and Modify Roles in Administering vRealize Log Insight. The URL format of the web user interface is https://log_insight-host, where log_insight-host is the IP address or host name of the vRealize Log Insight virtual appliance.

Procedure

  1. Navigate to the Interactive Analytics tab.
  2. In the list of log events, highlight the text that represents the field that you want to extract.
    An action menu appears above the set of field names present in that event.
  3. Click Extract Field.
    The pre and post context values in the Fields pane are populated automatically with the context needed to extract the highlighted field.
  4. (Optional) Modify the Extracted value regular expression in the Fields pane.
  5. (Optional) Modify the Pre and post context regular expressions in the Fields pane.
  6. (Optional) Click "" Add additional context to add more keywords and filters.
    You can add one or more keywords and use a single static field as a filter.
  7. If you are an administrator or a user with edit access for the Interactive Analytics > Extracted Fields permission, select which users can access the field from the drop down menu.
    Option Description
    All users All users will see the field in their events and in the filter drop-down menu.
    Me only Only the creator of the field will see the field in their events and filter drop down menu.
  8. (Optional) At the top of the Fields pane, click "" and then Edit to add notes to this field. Add notes in the Edit Notes window and click OK.
  9. Click Save.

What to do next

You can use the extracted field to search and filter the list of log events, or to aggregate events in the Interactive Analytics chart.

You can modify saved field definitions or delete them if you no longer need them.