In a large environment with numerous log events, you cannot always locate the data fields that are important to you.
vRealize Log Insight provides runtime field extraction to address this problem. You can extract any field dynamically from the data by providing a regular expression. See Examples of Regular Expressions.
Note: Generic queries might be slow. For example, if you attempt to extract a field by using the
\(\d+\) expression, the query returns all log events that contain numbers in parentheses. Verify that your queries contain as much textual context as possible. For example, a better field extraction query is
Event for vm\(\d+\).
You can use the extracted fields to search and filter the list of log events, or to aggregate events in the Interactive Analytics chart.
Note: An extracted field name can contain different characters. However, the field name for an ingested event must begin only with a letter or an underscore character and contain only letters, digits, or the underscore character.
