Log file annotations
The annotations that are defined by the log file index configurations are described here.
The following table lists the index configuration files
that are included in the Insight Pack.
| Log file | Index configuration file |
|---|---|
| db2diag.log | Included in the sourcetypes.json file |
The following sections describe the fields that are defined in the index configuration file. These fields, or annotations, are displayed in the IBM® Operations Analytics - Log Analysis Search workspace, and can be used to filter or search the log records. Fields are extracted from the fields of a log record or collected from metadata around the log file. Each table gives the names of the fields (these names correspond to fields in the IBM Operations Analytics - Log Analysis Search workspace), descriptions of how the related annotations are made, and the index configuration attributes assigned to the fields.
Log record annotations
The following table
lists the index configuration fields that relate to log record annotations.
Each field corresponds to part of a db2diag log record. The fields
are listed in the order in which they appear in a log record.
| Field | Description | Attributes |
|---|---|---|
| timestamp | The timestamp of the log record, which is located at the beginning of a line. | |
| recordID | The record identifier of the log record that follows the timestamp. The recordID of the log files specifies the file offset at which the current message is being logged (for example, 27204 and the message length (for example, 655) for the platform where the log was created. | |
| diagnosticLevel | A diagnostic level of the log record that follows the label LEVEL:. It is the diagnostic level that is associated with an error message. For example, Info, Warning, Error, Severe, or Event." Not all log records have a diagnostic level. | |
| processID | The process identifier in the log record that follows the PID: label. For example, 1988. | |
| threadID | The thread identifier (TID) for the process in the log record that follows the TID: label. For example, 1988 | |
| processName | The name of the process in the log record that follows the PROC:label. For example, db2iCacheFunction.exe | |
| instance | The DB2 instance that generated the message in the log record that follows the INSTANCE:label. For example, DB2. | |
| node | The node identifier that generated the message for a multi-partition system. Otherwise it is 000. It follows the NODE:label. For example, 001. | |
| databaseName | If present, the database name in the log record, that follows the DB:label. For example, DB2. | |
| applicationHandle | If present, the application handle in the log record, that follows the APPHDL: label. For example, 0-2772. | |
| applicationID | If present, the application identifier in the log record, that follows the APPID: label. For example, *LOCAL.DB2.130226175838. | |
| authorizationID | If present the authorization user identifier in the log record, that follows the AUTHID: label. For example, adminuser1. | |
| eduID | The engine dispatchable unit identifier in the log record that follows the EDUID: label. For example, 2004. | |
| eduName | The name of the engine dispatchable unit in the log record that follows the EDUNAME: label. For example, db2agent (instance). | |
| functionProductName | The product name that wrote the log record. It follows the FUNCTION: label, which also includes the component name, function name, and function probe point. For example, DB2. | |
| functionComponentName | The name of the component that wrote the log record. It follows the product name in the FUNCTION: label, which also includes the product name, function name, and function probe point. For example, UDB | |
| functionFunctionName | The name of the function that wrote the log record. It follows the component name in the FUNCTION: label, which also includes the product name, component name, and function probe point. For example, Self tuning memory manager | |
| functionInfo | The information that is returned by the function in the log record. It follows the FUNCTION: label. It includes all information after the FUNCTION entry. For example, DATA #1 : unsigned integer, 8 bytes | |
| functionProbePoint | The probe point within the function that wrote the log record. It follows the probe: label in the FUNCTION: label, which also includes the product name, component name, and function information. For example, probe:1008 | |
| message | The message that follows the MESSAGE: label. It is optional data that a function can provide in the log record. For example, New STMM log file (C:\ProgramData\IBM\DB2\DB2COPY1\DB2\stmmlog\stmm.0.log) created automatically. | |
| sqlcode | The SQL code is optional data that is provided by the function in the log record. It is preceded by the text SQLCODE or sqlcode. | |
| msgClassifier | The message ID if it exists in a message (which follows MESSAGE: label). It starts with 3 or 4 letters, followed by 4 numbers, followed by I, E, or W such as ADM0506I. | |
| DB2Hostname | The hostname following the HOSTNAME: label where the DB2 log record was generated. If there is only one DB2 server, there is no hostname in the log record. For example, mydb2host.tiv.pok.ibm.com | |
| start | This is the message following the label START provided by the function. It is an indication of the start of an event. For example, Starting FCM Session Manager. | |
| stop | This is the message follows the label STOP provided by the function. It is an indication of the end of an event. For example, DATABASE: DTW : DEACTIVATED: NO. | |
Metadata annotations
The following table lists the index configuration
fields that relate to metadata annotations.
| Field | Description | Annotation attributes |
|---|---|---|
| application | The application name populated by the service topology data source field. | |
| hostname | The host name populated by the service topology data source field. | |
| logRecord | The entire log record output by the splitter. | |
| datasourceHostname | The host name specified in the data source. | |
| middleware | The middleware name populated by the service topology data source field. | |
| service | The service name populated by the service topology data source field. | |