Log file annotations
The annotations that are defined by the log file index configurations are described here.
The following sections describe the fields that are defined in the index configuration file. These fields, or annotations, are displayed in the IBM® Operations Analytics - Log Analysis Search workspace, and can be used to filter or search the log records. Fields are extracted from the fields of a log record or collected from metadata around the log file. Each table gives the names of the fields (these names correspond to fields in the IBM Operations Analytics - Log Analysis Search workspace), descriptions of how the related annotations are made, and the index configuration attributes assigned to the fields.
Log record annotations
The following table
lists the index configuration fields that relate to log record annotations.
Each field corresponds to part of a SystemOut, SystemErr, or trace
log record. The fields are listed in the order in which they appear
in a log record.
| Field | Description | Attributes |
|---|---|---|
| timestamp | The timestamp of the log record, which is located at the beginning of a line and delimited by brackets ([...]). | |
| threadID | An eight-character alphanumeric (0-9, A-F) thread identifier, which is enclosed by single white space characters, that follow a timestamp. | |
| shortname | A sequence of characters that represents a short name, which is enclosed by single white space characters, that follow a thread identifier. | |
| severity | A single-character event type code or severity code (A, C, D, E, F, I, O, R, W, Z, <, >, 1, 2, 3), enclosed by single white space characters, that follow a short name. | |
| className | If present, a sequence of characters that represents a fully qualified class name (for example, com.ibm.ws.webcontainer.servlet.ServletWrapper) that follows a severity or the string "class=". | |
| methodName | If present, a sequence of characters that represents a method name, which is enclosed by single white space characters, that follow a class name or the string "method=". | |
| msgclassifier | If present, a defined sequence of characters that ends with a colon (:) and that represents a message identifier (for example, WSVR0605W). | |
| message | If present, the text of the system, error, or trace message. This field is annotated only if a msgclassifier field is present. | |
| javaException | If present, the Java exception names that fit
the following pattern: *.*Exception |
|
Stack trace annotations
The following table
lists the index configuration fields that relate to log record stack
trace annotations.
| Field | Description | Attributes |
|---|---|---|
| exceptionClassName | The class name in the top stack trace entry. | |
| exceptionMethodName | The method name in the top stack trace entry. | |
| fileName | The file name in the top stack trace entry. | |
| lineNumber | The line number in the top stack trace entry. | |
| packageName | The package name in the top stack trace entry. | |
Metadata annotations
The following table lists the index configuration
fields that relate to metadata annotations.
| Field | Description | Annotation attributes |
|---|---|---|
| application | The application name populated by the service topology data source field. | |
| hostname | The host name populated by the service topology data source field. | |
| logRecord | The entire log record output by the splitter. | |
| datasourceHostname | The host name specified in the data source. | |
| middleware | The middleware name populated by the service topology data source field. | |
| service | The service name populated by the service topology data source field. | |