Log Structuring Fields
Setting Log Structuring Fields
You can edit extracted fields after log structuring.
|
Structuring Method |
Field Name |
Field Type Can Be Changed |
Field Can Be Deleted |
|---|---|---|---|
|
Regular expressions (auto generate) |
User-defined. The name must start with a letter and contain only letters and digits. |
Yes |
Yes |
|
Regular expressions (manually enter) |
|
Yes |
Yes |
|
JSON |
Names are set automatically, but you can set aliases for fields. |
Yes |
Yes |
|
Delimiter |
Default names such as field1, field2, field3 are used. You can modify these names. |
Yes |
Yes |
|
Nginx |
Names are set based on Nginx configuration, but you can set aliases for fields. |
Yes |
Yes |
|
ELB structuring template |
Defined by ELB. |
No |
No |
|
VPC structuring template |
Defined by VPC. |
No |
No |
|
CTS structuring template |
Keys in JSON log events. |
No |
No |
|
APIG structuring template |
Defined by APIG. |
No |
No |
|
DCS audit logs |
Defined by DCS. |
No |
No |
|
Tomcat |
Defined by Tomcat. |
No |
No |
|
Nginx |
Defined by Nginx. |
No |
No |
|
GAUSSV5 audit logs |
Defined by GAUSSV5. |
No |
No |
|
DDS audit logs |
Defined by DDS. |
No |
No |
|
DDS error logs |
Defined by DDS. |
No |
No |
|
DDS slow query logs |
Defined by DDS. |
No |
No |
|
CFW access control logs |
Defined by CFW. |
No |
No |
|
CFW attack logs |
Defined by CFW. |
No |
No |
|
CFW traffic logs |
Defined by CFW. |
No |
No |
|
MySQL error logs |
Defined by MySQL. |
No |
No |
|
MySQL slow query logs |
Defined by MySQL. |
No |
No |
|
PostgreSQL error logs |
Defined by PostgreSQL. |
No |
No |
|
SQL Server error logs |
Defined by SQL Server. |
No |
No |
|
GaussDB(for Redis) slow query logs |
Defined by GaussDB(for Redis). |
No |
No |
|
CDN |
Defined by CDN. |
No |
No |
|
SMN |
Defined by SMN. |
No |
No |
|
GaussDB_MySQL error logs |
Defined by GaussDB_MySQL. |
No |
No |
|
GaussDB_MySQL slow query logs |
Defined by GaussDB_MySQL. |
No |
No |
|
Enterprise Router |
Defined by ER. |
No |
No |
|
MySQL audit logs |
Defined by MySQL. |
No |
No |
|
GaussDB(for Cassandra) slow query logs |
Defined by GaussDB(for Cassandra). |
No |
No |
|
GaussDB(for Mongo) slow query logs |
Defined by GaussDB(for Mongo). |
No |
No |
|
GaussDB(for Mongo) error logs |
Defined by GaussDB(for Mongo). |
No |
No |
|
Custom templates |
User-defined. |
Yes |
Yes |
When you use regular expressions (manually entered), JSON, delimiters, Nginx, or custom templates to structure logs, field names:
- Can contain only letters, digits, hyphens (-), underscores (_), and periods (.).
- Cannot start with a period (.) or underscore (_) or end with a period (.).
- Can contain 1 to 64 characters.
Setting Tag Fields
When you structure logs, you can configure tag fields, so you can use these fields to run SQL queries on the Visualization page.
- During field extraction, click the Tag Fields tab.
- Click Add Field.
- In the Field column, enter the name of the tag field, for example, hostIP.
If you configure tag fields for a structuring rule that was created before the function of tag fields was brought online, no example values will be shown with the tag fields.
- To add more fields, click Add Field.
- Click Save to save the settings.
- Tag fields can be the following system fields: category, clusterId, clusterName, containerName, hostIP, hostId, hostName, nameSpace, pathFile, and podName.
- Tag fields cannot be the following system fields: groupName, logStream, lineNum, content, logContent, logContentSize, and collectTime.
- You can configure both field extraction and tag fields during log structuring.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
