close

Вход

Забыли?

вход по аккаунту

?

How to add Configured Patterns to the Generic Annotator - IBM

код для вставки
How to add 'Configured Patterns' to the Generic Annotator Insight Pack
The IBM SmartCloud Analytics solution allows for log file to be annotated via the Generic
Annotation Insight Pack (GA). Currently GA only outputs one Configured Pattern, the logsource.
The following steps show how the GA pack can be updated to output the following strings based on
the underlying AQL of the pack:
Hostnames
IP (v4) addresses
Severity e.g. WARN, INFO etc
URLs
User specified strings
Identifiers e.g. ATTACH_SUCCESS_RATE
Two steps are required:
Firstly, the GAInsightPack_v<N.N.N>/extractors/ruleset/GA_annotator/main.aql file of the needs
to be updated to output the underlying AQL views that identify the required strings, note that the
unity server would need to be re-started after applying the updates highlighted below:
module GA_annotator;
import module common;
import module GA_common;
output view __unity_concept;
output
output
output
output
output
output
output
view
view
view
view
view
view
view
__unity_key_value;
GA_common.IPAddressOutput;
common.SeverityOutput;
common.URLOutput;
GA_common.Identifier;
GA_common.userSpecStrings;
common.HostnameOutput;
Secondly, created a new source type utilizing the annotator Generic-Annotate ruleset with the
following indexConfig:
GAInsightPack_v1.1.0/extractors/ruleset/GA_annotator{
"fields": {
"logRecord": {
"searchable": true,
"filterable": false,
"retrievable": true,
"dataType": "TEXT",
"sortable": false,
"source": {
"paths": [
"content.text",
"metadata.text"
],
"combine": "ALL"
},
"retrieveByDefault": true
},
"timestamp": {
"searchable": true,
"filterable": true,
"retrievable": true,
"dataType": "DATE",
"sortable": true,
"source": {
"dateFormats": [
"MM/dd/yy HH:mm:ss:SSS Z"
],
"paths": [
"metadata.timestamp"
]
},
"retrieveByDefault": true
},
"Hostnames": {
"searchable": true,
"filterable": true,
"retrievable": true,
"dataType": "TEXT",
"sortable": true,
"source": {
"paths": [
"annotations.common_HostnameOutput.Hostname_span.text"
]
},
"retrieveByDefault": true
},
"IPAddress": {
"searchable": true,
"filterable": true,
"retrievable": true,
"dataType": "TEXT",
"sortable": true,
"source": {
"paths": [
"annotations.GA_common_IPAddressOutput.span.text"
]
},
"retrieveByDefault": true
},
"Severity": {
"searchable": true,
"filterable": true,
"retrievable": true,
"dataType": "TEXT",
"sortable": true,
"source": {
"paths": [
"annotations.common_SeverityOutput.span.text"
]
},
"retrieveByDefault": true
},
"URLs": {
"searchable": true,
"filterable": true,
"retrievable": true,
"dataType": "TEXT",
"sortable": true,
"source": {
"paths": [
"annotations.common_URLOutput.URL_span.text"
]
},
"retrieveByDefault": true
},
"UserDefinedStrings": {
"searchable": true,
"filterable": true,
"retrievable": true,
"dataType": "TEXT",
"sortable": true,
"source": {
"paths": [
"annotations.GA_common_userSpecStrings.span.text"
]
},
"retrieveByDefault": true
},
"Identifiers": {
"filterable": true,
"retrievable": true,
"dataType": "TEXT",
"sortable": true,
"source": {
"paths": [
"annotations.GA_common_Identifier.span.text"
]
},
"retrieveByDefault": true
}
}
},
"indexConfigMeta": {
"version": "1.1.0",
"name": "Generic Annotation",
"description": "Index Mapping Configuration for Generic Annotation",
"lastModified": "06/02/2013"
}
Create the collection & log source in the normal manner and when searching on the newly
created log source, the configured patterns as defined in the above indexConfig will be
populated:
Документ
Категория
Без категории
Просмотров
7
Размер файла
184 Кб
Теги
1/--страниц
Пожаловаться на содержимое документа