Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 16 Next »

By default, XpoLog applies an automated pattern to parse the logs, when you click the Save button on the first page of the Add Log wizard.

Applying a pattern on a log enables viewing the log in organized tabular format, setting an alarm on a specific field, or aggregating on a certain field.

For certain log types (local, Windows Network, Over SSH, and Hadoop HDFS), XpoLog enables you to tune the log and parse it more deeply to normalize the log records into tabular format, by applying patterns on the incoming log data. 

This can be performed from the Patterns Administration page, accessed by clicking the Next button on the first page of the Add Log wizard or Edit Log wizard.

The Patterns Administration page is divided into three sections, as follows:

  • Upper pane – Text sample from the selected log. This pane presents the first 20 records from the incoming log (original data). You can copy paste other records from the incoming log data into this section, and then view the results of applying a pattern on those records (see Verifying Patterns on Manually Selected Data). 
  • Central pane – Provides you with three different ways for configuring patterns to apply on the log data.
    • Wizard – Use the wizard to create or modify a pattern. As part of the wizard, you can set different indications on each column such as type, length, optional, column name and more (more information on each type is presented in the wizard itself).
    • Manual – for advanced users who are familiar with the Pattern language.
    • Automatic – XpoLog matches patterns automatically and suggests possible patterns for deeper parsing. This is only available when adding a log; not when editing a log.
  • Bottom pane – Log records analysis results. Shows the results of each parsing, i.e. applying the pattern to the log data.

It may be necessary to configure more than one pattern for logs that have different types of records that cannot be represented by a single pattern. You can do so, by clicking  the New tab in the central pane.

To apply a pattern on the log:
  1. In the central pane, click one of the available Pattern Editor options:
    Auto – see Selecting an Automatic Pattern.
    Wizard – see  
    Manual – see Configuring a Manual Pattern.
    Note: You can also create a pattern in the wizard based on one of the automatic pattern suggestions (see Creating a Pattern Based On an Automatic Pattern Suggestion).   
  2. Click the Save button.
    XpoLog applies the pattern on the incoming log, and the Log Viewer opens displaying the parsed records of the new log. The log name is displayed in the left pane in its selected location under Folders and Logs. If you put in the log path a {string} pattern, the various files of the log appear in the left pane. Otherwise, only one file appears. You can perform regular actions on this log.

 

  • No labels