Help Center/ Log Tank Service/ More Documents/ User Guide (Ankara Region)/ Log Search and View/ Cloud Structuring Parsing/ Log Structuring Fields
Updated on 2024-04-12 GMT+08:00
View PDF
Share

Log Structuring Fields

Setting Log Structuring Fields

You can edit extracted fields after log structuring.

Table 1 Rules for configuring structured fields

Structuring Method

Field Name

Field Type Can Be Changed

Field Can Be Deleted

Regular expressions (auto generate)

User-defined.

The name must start with a letter and contain only letters and digits.

Yes

Yes

Regular expressions (manually enter)
  • User-defined.
  • Default names such as field1, field2, and field3 will be used for unnamed fields. You can modify these names.

Yes

Yes

JSON

Names are set automatically, but you can set aliases for fields.

Yes

Yes

Delimiter

Default names such as field1, field2, field3 are used. You can modify these names.

Yes

Yes

Nginx

Names are set based on Nginx configuration, but you can set aliases for fields.

Yes

Yes

VPC structuring template

Defined by VPC.

No

No

Custom templates

User-defined.

Yes

Yes

When you use regular expressions (manually entered), JSON, delimiters, Nginx, or custom templates to structure logs, field names:

  • Can contain only letters, digits, hyphens (-), underscores (_), and periods (.).
  • Cannot start with a period (.) or underscore (_) or end with a period (.).
  • Can contain 1 to 64 characters.

Setting Tag Fields

When you structure logs, you can configure tag fields, so you can use these fields to run SQL queries on the Visualization page.

  1. During field extraction, click the Tag Fields tab.
  2. Click Add Field.
  3. In the Field column, enter the name of the tag field, for example, hostIP.

    If you configure tag fields for a structuring rule that was created before the function of tag fields was brought online, no example values will be shown with the tag fields.

  4. To add more fields, click Add Field.
  5. Click Save to save the settings.

    • Tag fields can be the following system fields: category, clusterId, clusterName, containerName, hostIP, hostId, hostName, nameSpace, pathFile, and podName.
    • Tag fields cannot be the following system fields: groupName, logStream, lineNum, content, logContent, logContentSize, and collectTime.
    • You can configure both field extraction and tag fields during log structuring.