You can exclude content pack fields from extraction when searching log events to increase the query's performance.
Verify that you are logged into the vRealize Log Insight web user interface. The URL format is https://log_insight-host, where log_insight-host is the IP address or host name of the vRealize Log Insight virtual appliance.
- Expand the main menu and click Explore Logs.
- Click Content Packs to open the drop-down menu.
- Select All to select all content packs for the log search.
- Select only the content packs you want to include in the log search results.
- Click Search.
Note: If the extracted field participates in the query filter and its content pack is excluded from the search, then the extracted field is used to create the query results. However, the extracted field does not appear in the search results.
Only selected content pack fields are extracted during the log events search.
What to do next
You can save this search query for future use.