19 search results for "query building in log insight"

In the final installment of the Log Insight query building series I would like to cover the use of fields. Fields in Log Insight are a way of providing structure to unstructured data. Fields represent a regular expression pattern match for a particular object within an event. I covered how to manage fields in this post and now I would like to cover the different types of fields Log Insight supports, how to construct fields, how to modify fields, and how to use fields to extend query building in Log Insight.
UPDATE: While this post is from version 1.x, it is applicable for 2.x and 3.x as well. The post has been updated to reflect changes over time. Note the screenshots are old, but do represent the capabilities available.

In parts 1 and 2 of the query building series, I covered message queries, or queries that return text results. In part 3, I would like to cover aggregation queries, or queries that return visual results.

In my first post about querying building in Log Insight, I talked about using the search bar. Now, I would like to highlight the use of constraints.

If you missed the Deep Dive into vSphere Log Management with vCenter Log Insight session at VMworld 2013 then you missed out on some great information about Log Insight! If you are using or considering using Log Insight then I would highly recommend you view the recording as it will help you on your journey of managing unstructured data. In the session, I did a deep dive on query building in Log Insight and I would like to dig into some of the concepts covered in this and future posts. In short, once you download, deploy, configure, and start sending sources to Log Insight the next step is to query for important information in your events for information, troubleshooting, and root cause analysis.