Skip to content

Month: December 2013

Log Insight Query Building: Fields

In the final installment of the Log Insight query building series I would like to cover the use of fields. Fields in Log Insight are a way of providing structure to unstructured data. Fields represent a regular expression pattern match for a particular object within an event. I covered how to manage fields in this post and now I would like to cover the different types of fields Log Insight supports, how to construct fields, how to modify fields, and how to use fields to extend query building in Log Insight.
UPDATE: While this post is from version 1.x, it is applicable for 2.x and 3.x as well. The post has been updated to reflect changes over time. Note the screenshots are old, but do represent the capabilities available.
li-logo

Log Insight Query Building: Search Bar

If you missed the Deep Dive into vSphere Log Management with vCenter Log Insight session at VMworld 2013 then you missed out on some great information about Log Insight! If you are using or considering using Log Insight then I would highly recommend you view the recording as it will help you on your journey of managing unstructured data. In the session, I did a deep dive on query building in Log Insight and I would like to dig into some of the concepts covered in this and future posts. In short, once you download, deploy, configure, and start sending sources to Log Insight the next step is to query for important information in your events for information, troubleshooting, and root cause analysis.