Return to
Portfolio

115. Fields

Log messages commonly contain important data such as user names, IP addresses, application names, and more. An event is represented as a list of key-value pairs, or "fields". The name of the field is the key, and the field data is the value. This metadata is sometimes referred to as event properties or message tags.

NXLog Manager comes with a set of predefined fields which are suitable for typical cases. These fields can also be extended, and new fields created, to suit custom requirements. Fields in NXLog Manager are typed (the kind of data permitted in a key value is pre-defined), which allows complex operations and efficient storage of event log data.

The field list is kept in the configuration database. All of the major components used throughout NXLog Manager depend on fields, including Patterns, Correlation and Agent configuration.

To list the available fields, click on the LIST FIELDS menu item under the PATTERN menu. A list similar to the following should appear:

Listing fields

The field properties will be explained shortly as we look at creating and modifying fields. To do this, click on Create or Edit under the field list.

Creating a field

The field properties are as follows:

Name

The name of the field will be used to refer to the field from various places in NXLog Manager and NXLog.

Type

The following types can be chosen for a field:

  • STRING

  • INTEGER

  • BINARY

  • DATETIME

  • IPV4ADDR

  • IPV6ADDR

  • BOOLEAN

Persist

If this option is not enabled, the field value is available to the NXLog agent only for correlation and pattern matching. Fields should be persisted if the information is needed in additional functions.

Lookup

This special property only takes effect when the field is persistent and is a string type. The lookup property should be enabled for fields whose values are highly repetitive such as user names, enumerations, host names etc. This enables the storage engine to map the value to an integer which yields significant compression and performance boost.

Description

The user can store additional information about the field in the description. It is not used by NXLog Manager.

← Previous: Dashboard and Menu | ↑ Up: NXLog Manager | ⌂ Home: NXLog User Guide | Next: Patterns →