Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Next »

You can use the wizard to create or modify a pattern use the wizard to add and name columns that represent the structure of the records. The wizard includes features to set different indications on each column, such as type, length, optional, and column name. More information on each type is presented in the wizard itself.

Inserting a Field or Separator

To insert a field:

  1. In the Wizard pattern editor, click the + button.
    The Add Field dialog box opens.
  2. In Type, select Separator or another field type, such as String, Text, Date, Priority, Choices, Number, Timestamp, New Line, End of Event, GeoIP, IP Address, Term, Free Text, or an Advanced  Option –Regular Expression, Function, Converter, or Google App Engine.
    The parameters that have to be provided for the selected field type are displayed.
  3. If you want to configure more parameters for the field, click the Advanced link to open the additional parameters for the selected field type.
  4. Complete the parameters, and then click Apply.

Inserting a Separator

 You can insert between log fields one or more spaces or tabs, or any other separator that you choose.

  1. In Type, select Separator.
  2. In Separator, select Space, Tab, or Custom.
  3. If you selected Custom, in Insert separator, type the character to be used as a separator.
  4. In Num of repeats, type the number of the selected separator to insert.
  5. To configure advanced settings for the separator, click Advanced. Otherwise, continue with step 7.
  6. If the selected separator does not appear in all records, select the Optional checkbox.
  7. Click Apply.
    The log records are refreshed in the bottom pane showing the added separator.

Note: After clicking Apply, you may get an error, such as The marked field causes the log to be unparsed. In this case, edit or remove the separator.

Inserting a String Field

 The following procedure describes how to insert into a log record a field that has a string value.

  1. In Type, select String.
  2. In Name, type the name of the field (column heading).
  3. To configure advanced settings for the field, click Advanced. Otherwise, continue with step 11.
  4. In UI Message Length, type the maximum length of data displayed in a column. If the data is longer than this value, it continues onto the next line(s).
  5. In Chars Length, type the length of the character string. If there are less characters for this field in a log record, characters are added to the string to force it to be this length.
  6. In Trim Chars, type a character or string to delete from the column value. For example, typing $ means that $ will be deleted from log records with $ in this field.
  7. In Delimiter Chars, type a character or string for delimiting the column.
  8. In Mask Column, define the masking of column text by selecting one of the following: Don't mask (default), Mask entire column text, Mask part of column text.
  9. Select the GeoIP checkbox to enable GeoIP for this field. 
  10. If this string does not appear in all records, select the Optional checkbox. 
  11. Click Apply.
    The log records are refreshed in the bottom pane showing the added field.

Note: After clicking Apply, you may get an error, such as The marked field causes the log to be unparsed. In this case, edit or remove the field.

Inserting a Date Field

Inserting into a log record a field with a date value requires giving a name to the date field, and specifying how to format the date.  

For example, if the text in the log is 2003-05-23 00:24:41,368, the format should be yyy-MM-dd HH:mm:ss,SSS.

Examples of optional identifiers are:

  • MM – numeric month
  • MMMMM – full textual month
  • dd – numeric day
  • EEEEE – full textual day
  • EEE – textual day
  • yy –  two-digit year
  • yyyy –  four-digit year
  • HH – 24 hour
  • hh – 12 hour
  • a – AM/PM marker
  • mm – minute
  • ss – second
  • SSS – millisecond
  • z – general time zone
  • Z – RFC 822 time zone
  • 'TEXT' – a constant text that appears in the date string
  1. In Type, select Date.
  2. In Name, type the name of the field (column heading).
  3. In Format, type the format to be used to format the date.
  4. To configure advanced settings for the field, click Advanced. Otherwise, continue with step 14.
  5. In UI Message Length, type the maximum length of data displayed in a column. If the data is longer than this value, it continues onto the next line(s).
  6. In Chars Length, type the length of the character string. If there are less characters for this field in a log record, characters are added to the string to force it to be this length.
  7. In Trim Chars, type a character or string to delete from the column value. For example, typing $ means that $ will be deleted from log records with $ in this field.
  8. In Delimiter Chars, type a character or string for delimiting the column.
  9. In Display Format, type the format in which to display the date.
  10. In Time Diff, specify the time offset in milliseconds. For example, to subtract 5 seconds from the result in the log view, type -5000.
    Text in log: 2003-05-23 00:24:41,368
    Time Diff Value: -5000
    Result in the log view: 2003-05-23 00:24:36,368
  11. In Locale, specify the locale in which the log was written.
  12. In Locale View, specify the locale in which the log should be displayed. 
  13. If this date field does not appear in all records, select the Optional checkbox. 
  14. Click Apply.
    The log records are refreshed in the bottom pane showing the added field.

Note: After clicking Apply, you may get an error, such as The marked field causes the log to be unparsed.In this case, edit or remove the field.

Inserting a Text Field

Same as Inserting a String Field above.

Inserting a Priority Field

 The following procedure describes how to insert into a log record a priority field.

  1. In Type, select Priority.
  2. In Name, type the name of the field (column heading).
  3. In Set Priorities, specify the set of priorities that can appear in the field, in a semi-colon separated list. Example: DEBUG;INFO;WARN;ERROR;FATAL
  4. To configure advanced settings for the field, click Advanced. Otherwise, continue with step 9.
  5. In Chars Length, type the length of the character string. If there are less characters for this field in a log record, characters are added to the string to force it to be this length.
  6. In Trim Chars, type a character or string to delete from the column value. For example, typing $ means that $ will be deleted from log records with $ in this field.
  7. In Delimiter Chars, type a character or string for delimiting the column.
  8. In Mask Column, define the masking of column text by selecting one of the following: Don't mask (default), Mask entire column text, Mask part of column text
  9. If this field does not appear in all records, select the Optional checkbox. 
  10. Click Apply.
    The log records are refreshed in the bottom pane showing the added field.

Note: After clicking Apply, you may get an error, such as The marked field causes the log to be unparsed. In this case, edit or remove the field.

Inserting a Choice Field

 The following procedure describes how to insert into a log record a choice field.

  1. In Type, select Choice.
  2. In Name, type the name of the field (column heading).
  3. In Set Choice, specify the set of choices that can appear in the field, in a semi-colon separated list. Example: RED;YELLOW;GREEN
  4. To configure advanced settings for the field, click Advanced. Otherwise, continue with step 10.
  5. In Chars Length, type the length of the character string. If there are less characters for this field in a log record, characters are added to the string to force it to be this length.
  6. In Trim Chars, type a character or string to delete from the column value. For example, typing $ means that $ will be deleted from log records with $ in this field.
  7. In Delimiter Chars, type a character or string for delimiting the column.
  8. In Mask Column, define the masking of column text by selecting one of the following: Don't mask (default), Mask entire column text, Mask part of column text
  9. If this field does not appear in all records, select the Optional checkbox. 
  10. Click Apply.
    The log records are refreshed in the bottom pane showing the added field.

Note: After clicking Apply, you may get an error, such as The marked field causes the log to be unparsed. In this case, edit or remove the field.

Inserting a Numeric Field

 The following procedure describes how to insert into a log record a numeric field.

  1. In Type, select Number.
  2. In Name, type the name of the field (column heading).
  3. To configure advanced settings for the field, click Advanced. Otherwise, continue with step 9.
  4. In Chars Length, type the length of the character string. If there are less characters for this field in a log record, characters are added to the string to force it to be this length.
  5. In Trim Chars, type a character or string to delete from the column value. For example, typing $ means that $ will be deleted from log records with $ in this field.
  6. In Delimiter Chars, type a character or string for delimiting the column.
  7. In Mask Column, define the masking of column text by selecting one of the following: Don't mask (default), Mask entire column text, Mask part of column text
  8. If this numeric field does not appear in all records, select the Optional checkbox. 
  9. Click Apply.
    The log records are refreshed in the bottom pane showing the added field.

Note: After clicking Apply, you may get an error, such as The marked field causes the log to be unparsed. In this case, edit or remove the field.

Inserting a Timestamp Field

 The following procedure describes how to insert into a log record a timestamp field.

  1. In Type, select Timestamp.
  2. In Name, type the name of the field (column heading).
  3. In Display Format, type the format in which to display the time zone.
    For example:
    Text in log: 56895633232
    Display Format: yyyy/MM/dd
    Result in the log view: 2007/11/13
  4. To configure advanced settings for the field, click Advanced. Otherwise, continue with step 9.
  5. In Product, type the number by which to multiply the timestamp in the log to convert it into milliseconds. For example, to convert a timestamp in seconds to milliseconds, type 1000.
  6. If this timestamp field does not appear in all records, select the Optional checkbox. 
  7. Click Apply.
    The log records are refreshed in the bottom pane showing the added field.

Note: After clicking Apply, you may get an error, such as The marked field causes the log to be unparsed. In this case, edit or remove the field.

Inserting a New Line Field

 The following procedure describes how to insert into a log record a new line field.

  1. In Type, select New Line.
  2. Click Apply.
    The log records are refreshed in the bottom pane showing the added field.

Note: After clicking Apply, you may get an error, such as The marked field causes the log to be unparsed. In this case, edit or remove the field.

Inserting an End of Event Field

 The following procedure describes how to insert into a log record an End of Event field.

  1. In Type, select End of Event.
  2. Click Apply.
    The log records are refreshed in the bottom pane showing the added field.

Note: After clicking Apply, you may get an error, such as The marked field causes the log to be unparsed. In this case, edit or remove the field.

Inserting a GeoIP Field

 The following procedure describes how to insert into a log record a GeoIP field.

  1. In Type, select GeoIP.
  2. In Name, type the name of the field (column heading).
  3. In Information, type the information appearing in the field: Country, Region, City; Country; Country Code; Region; City; None.
  4. To configure advanced settings for the field, click Advanced. Otherwise, continue with step 9.
  5. In Ref Index, type the zero-based index of the source column. The regular expression will be extracted according to this reference.
  6. In Ref Name, type the zero-based name of the source column. The regular expression will be extracted according to this reference.
  7. In Mask Column, define the masking of column text by selecting one of the following: Don't mask (default), Mask entire column text, Mask part of column text
  8. If this GeoIP field does not appear in all records, select the Optional checkbox. 
  9. Click Apply.
    The log records are refreshed in the bottom pane showing the added field.

Note: After clicking Apply, you may get an error, such as The marked field causes the log to be unparsed. In this case, edit or remove the field.

Inserting an IP Address Field

 The following procedure describes how to insert into a log record an IP address field.

  1. In Type, select IP Address.
  2. In Name, type the name of the field (column heading).
  3. To configure advanced settings for the field, click Advanced. Otherwise, continue with step 11.
  4. In UI Message Length, type the maximum length of data displayed in a column. If the data is longer than this value, it continues onto the next line(s).
  5. In Chars Length, type the length of the character string. If there are less characters for this field in a log record, characters are added to the string to force it to be this length.
  6. In Trim Chars, type a character or string to delete from the column value. For example, typing $ means that $ will be deleted from log records with $ in this field.
  7. In Delimiter Chars, type a character or string for delimiting the column.
  8. In Mask Column, define the masking of column text by selecting one of the following: Don't mask (default), Mask entire column text, Mask part of column text.
  9. Select the GeoIP checkbox to enable GeoIP for this field. 
  10. If this string does not appear in all records, select the Optional checkbox. 
  11. Click Apply.
    The log records are refreshed in the bottom pane showing the added field.

Note: After clicking Apply, you may get an error, such as The marked field causes the log to be unparsed. In this case, edit or remove the field.

Modifying a Field

Removing a Field

  • No labels