forked from logscape/logscape.github.io
-
Notifications
You must be signed in to change notification settings - Fork 0
/
datatypes.html
162 lines (154 loc) · 11.7 KB
/
datatypes.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
<!DOCTYPE html ><html lang="en"><head><title> Logscape 2.0 </title><script src="js/kiss.js"></script><link href="css/bootstrap.min.css" rel="stylesheet"/><link href="css/style.css" rel="stylesheet"/><link href="css/font-awesome-4.0.3/css/font-awesome.min.css" rel="stylesheet"/><link href="css/style-app.css" rel="stylesheet"/><link href="css/app.css" rel="stylesheet"/><link href="//vjs.zencdn.net/4.9/video-js.css" rel="stylesheet"/><script src="//vjs.zencdn.net/4.9/video.js"></script><script src="js/jquery-1.11.0.js"></script><script src="js/bootstrap.min.js"></script><script>var breadcrumbs={
"gettingstarted":"Getting Started"
,"searching":"Search"
,"kv":"Data Discovery"
,"offsets":"Using Offsets"
,"geoip":"Geo IP"
,"pattern":"Using Search Patterns"
,"video":"tutorials"
,"overlays":"Overlaying Searches"
,"starthere":""
,"ds":"Data Sources"
,"add":" Add a New Data Source"
,"multitags":" Using Multi-Tags"
,"syslog":" Connect Syslog Clients"
,"tags": " Sources and Tags"
,"intelligent_field_discovery":" Intelligent Field Discovery"
,"types":"Data Types"
,"system_fields":"System Fields"
,"deploy":"Deployment"
,"app":" Logscape Apps"
,"agents": "Agents "
,"architectures_default": " Default Deployment"
,"architectures_failover": "Failover"
,"architectures_indexstores": " Index Stores"
,"architectures_tenured":"Tenured Data"
,"architectures_zones":" Zones"
,"Backup": "Backup"
,"home":" The Home WorkspacE"
,"import":" Restoring from Backup"
,"partial": " Selective Import"
,"arch_zoning":"Distributed Topology"
,"arch_clm":"Centralized Monitoring Topology"
,"arch_indexstores":"Multiple Index Store Topology"
,"rawtcpserver": "Tcp Server"
,"syslogserer":"Syslog Server"
,"centralconfigs":"Centralized Configuration"
,"boot_properties":"Boot Properties"
,"users":"Users"
,"datagroups": "Data Groups"
,"nested": "Nested Groups"
,"ldap":"Active Directory"
};
$(window).load(function(){
function genLink(arr,idx){
if (idx<0) { return "/"; }
var l="/"
for(i=0;i<=idx;i++){
l=l + arr[i] + "-" ;
}
return l.substring(0,l.length-1) + ".html";
}
function renderCrumbs(page){
console.log("rendering breadcrumbs for page:" + page)
if (page.indexOf("-") < 0){
return ""
}
var parts=page.split("-");
var idx=0;
console.log("rendering " + parts);
var html="<a href='"+genLink(parts,-1)+"'> / Home </a>";
for(idx=0;idx<parts.length;idx++){
k=parts[idx];
html=html + "<a href="+ genLink(parts,idx) + ">";
if (breadcrumbs.hasOwnProperty(k)){
html=html + " / " + breadcrumbs[k];
}else{
html=html + " / " + k[0].toUpperCase() + k.substring(1,k.length);
}
console.log(".");
}
console.log("this far!!!");
return html
}
var elems=window.location.href.split('?')[0].split('/');
var currentPage=elems[elems.length-1].split('.')[0]
console.log("crumb>" + renderCrumbs(currentPage));
$('#widget-bc').html(renderCrumbs(currentPage));
});
</script><script>var blogFeed;
function parseRSS(url, callback) {
$.ajax({
url: document.location.protocol + '//ajax.googleapis.com/ajax/services/feed/load?v=1.0&num=10&callback=?&q=' + encodeURIComponent(url),
dataType: 'json',
success: function(data) {
callback(data.responseData.feed);
}});
}
$(window).load(function() {
parseRSS("http://blog.logscape.com/feed",function(feed){
var num = feed.entries.length;
for(i=0;i< num;i++){
var title=feed.entries[i].title;
//var link=feed.entries[i].
link=feed.entries[i].link;
$(".resource-list ul").append("<li><a href='"+link+"'>"+title+"</a> </li>")
blogFeed=feed;
}
});
});
</script><script>$(window).bind("pageshow",function(){
var $form= $("form")[0];
$form.reset();
});
</script><script>function submit_form(){
var q=$("#searchBox").val()
q=encodeURIComponent(q)
var query="https://www.google.com/?gws_rd=cr&q=site:logscape.github.io++"+q+"#q=site:logscape.github.io++"+q
var location = window.location.href;
console.log("back:" + location);
history.pushState({},"",location);
window.location.replace(query);
}</script></head><body><div style="width:100%;height:85px;background-color:#333;"><!--diva(href="/") Documentation
a(href="") Forums |
a(href="") Getting Started |
a(href="") Logscape |
--><div style="padding-left:100px;padding-top:25px"><img src="images/logscape-apps-logo.png" style="height:45px"/><div style="float:right" class="col-md-3"><form id="cse-search-box" action="" style="position:right;padding-top:5px;padding-bottom:5px" onSubmit="submit_form()"><input type="hidden" name="cx" value="partner-pub-2789521296837340:9402765321"/><input type="hidden" name="ie" value="UTF-8"/><input id="searchBox" type="text" name="q" size="31" style="margin-left:15px"/><input id="cseSubmit" type="submit" value=" " class="btn-search"/></form></div></div></div><div style="width:100%;height:40px;background-color:#EEE;box-shadow: 0 0 2px #999;"><div style="padding-left:140px;padding-top:10px;font-size:14px"><a href="http://apps.logscape.com">Apps | </a><!--a(href="http://support.liquidlabs.co.uk") Release 1.3 | --><a href="http://logscape.activeboard.com/">Forums | </a><a href="gettingstarted.html">Getting Started </a><img style="height:0;width:0" src="http://logscape.com/images/track.png?version=support"/></div></div><!--.container-fluid.navbar(style="min-height:30px;margin-bottom:5px;").row(style="height:5px")
.row
.col-md-8
.col-md-1--><div class="container-fluid"><!--.row.col-md-7
form#cse-search-box(action="",style="position:right;padding-top:5px;padding-bottom:5px",onSubmit="submit_form()")
a(href="/")
img(src="images/logo.png",style="padding-top:0px,padding-right:15px",width="150")
input(type="hidden",name="cx",value="partner-pub-2789521296837340:9402765321")
input(type="hidden",name="ie",value="UTF-8")
input#searchBox(type="text",name="q",size="31",style="margin-left:15px")
input.btn-search#cseSubmit(type="submit",value=" ")
a(href="http://apps.logscape.com") Apps |
a(href="http://support.liquidlabs.co.uk") Release 1.3 |
a(href="http://logscape.activeboard.com/") Forums |
a(href="gettingstarted.html") Getting Started
--><div class="row"><div class="col-md-1"></div><div class="col-md-2"></div><div class="col-md-5"><div id="widget-bc" padding-left:150px="padding-left:150px" class="breadcrumbs style"> </div></div></div><div class="row"><div style="width:100px" class="col-md-1"><p></p></div><div class="col-md-2 nav-padding"><ul class="nav nav-tabs nav-stacked"><li><a href="searching.html">Search</a></li><li><a href="workspaces.html">WorkSpaces</a></li><li><a href="ds.html">Data Sources</a></li><li><a href="types.html">Data Types </a></li><li><a href="deploy.html">Deployment</a></li><li><a href="users.html">Users </a></li><li><a href="alerts.html">Alerts </a></li><li><a href="technology.html">Technology</a></li><li><a href="https://twitter.com/logscape" data-show-count="false" data-size="large" class="twitter-follow-button">Follow @logscape</a><script>=!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^http:/.test(d.location)?'http':'https';if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+'://platform.twitter.com/widgets.js';fjs.parentNode.insertBefore(js,fjs);}}(document, 'script', 'twitter-wjs');</script></li></ul><div style="padding-left:50px"><h4>Articles </h4></div><hr/><div class="resource-list"><ul style="list-style:none;padding-left:10px;background-color:#FFFEE7"></ul></div></div><div class="col-md-9 content-area"><h3>Datatypes Tutorials </h3><p>A Datatype is a loose schema that is assigned to files. This schema is used to extract fields and add structure to data being analysed. </p><p>You can use the following search syntax to filter your results by type </p><ul><li><em>_type.equals(MYNEWTYPE)</em></li><li><em>_type.includes(java-) </em></li></ul><p>Assigning a type to your data will allow you to go beyond simple keyword searches on your data and use analytics on fields extracted from your data. </p><h3>Extracting Fields </h3><p> In this video we will create a new type that will extract the following fields:<ul><li> date </li><li> time </li><li> level</li><li> package </li><li> thread </li><li> msg </li></ul></p><p> You can use the sample text below to follow the example in the video<pre>2013-12-05 16:44:16,930 INFO orm-SHARED-5-1 (netty.NettyEndPoint) Stats:SHARED/stcp://10.28.1.154:11003 SendMsg:28 SendKb: 11 RecvMsg:29 RecvKb:9 ]
2013-12-05 16:44:25,978 INFO agent-local-sched-18-1 (agent.ResourceAgent) AGENT QA-UK-FW-W82-11003-0 CPU:2 MemFree:348 MemUsePC:22.67 DiskFree:35898 DiskUsePC:29.75 SwapFree:1532 SwapUsePC:50.11
2013-12-05 16:44:25,978 INFO agent-local-sched-18-1 (agent.ResourceAgent) AGENT QA-UK-FW-W82-11003-0 MEM MB MAX:990 COMMITED:447 USED:296 AVAIL:694 SysMemFree:348 TimeDelta:317 Threads:243
2013-12-05 16:45:16,933 INFO orm-SHARED-5-1 (netty.NettyEndPoint) Stats:SHARED/stcp://10.28.1.154:11003 SendMsg:47 SendKb: 19 RecvMsg:18 RecvKb:6 ]</pre></p><p><video preload="auto" width="640" height="480" controls="controls"><source src="http://logscape.com/videos/support/datatypes-fields.webm" type="video/webm"/><source src="http://logscape.com/videos/support/datatypes-fields.mp4" type="video/mp4"/><Your>browser does not support this tag </Your></video></p><h3>Creating Synthetic Fields </h3><p> Synthetics are dynamic fields and do not occur on every line eg. usernames,heartbeats, cpu stats and so on. If we take a look at the following sample data:</p><p>We can see that <em>memFree,sendMsg,sendKb </em>do not occur on every line. We can use a <em>synthetic </em>field to extract these values. </p><p><video preload="auto" width="640" height="480" controls="controls"><source src="http://logscape.com/videos/support/datatypes-synthetics.webm" type="video/webm"/><source src="http://logscape.com/videos/support/datatypes-synthetics.mp4" type="video/mp4"/><Your>browser does not support this tag </Your></video></p><p>A Synthetic field needs a source field and a synthetic function. The synthetic function is applied to contents of the predefined source field. The synthetic function can be a pattern,a text function like split, an arithemetic evaluator or groovy script.</p><p>In the video a pattern expression is used.</p><h3>Saving your datatype.</h3><p>Each data type needs a <ul><li> name </li><li> tag or directory mask</li><li> a file mask</li></ul></p><p><video preload="auto" width="640" height="480" controls="controls"><source src="http://logscape.com/videos/support/datatypes-saving.webm" type="video/webm"/><source src="http://logscape.com/videos/support/datatypes-saving.mp4" type="video/mp4"/><Your>browser does not support this tag </Your></video></p><p>A tag is one of your data sources. This makes your datatype independent of the physical location of your data source. This is recommended over using the directory mask syntax</p><blockquote>tag:DataSourceTagName </blockquote><p>A comma separated list of tags and directory masks are also valid entries:</p><blockquote>tag:dev-gc-logs, ./opt/tomcat/logs,tag:uat-gc-logs </blockquote></div></div><!--hr.dark
.col-md-3
Logscape Copyright 2014(c) Registered Trademark --></div><script>$( document ).ready(function() {
$("#cseSubmit").on("click",function(e){
e.preventDefault();
submit_form();
});
$("#searchBox").on("keypress",function(e){
if (e.keyCode == 13) {
e.preventDefault();
submit_form()
}
});
});
</script><script>(function(g,i,a,n,t,s){g['SeeYourVisitors']=n;g[n]=g[n]||function(){
(g[n].q=g[n].q||[]).push(arguments)},g[n].l=1*new Date();t=i.createElement(a),
s=i.getElementsByTagName(a)[0];t.async=1;t.src='//seeyourvisitors2.appspot.com/gg.js';
s.parentNode.insertBefore(t,s)})(window,document,'script','gg');
gg('create', 'd1a8b082-8806-4793-936f-35f5e41b3592');
gg('track');</script><script src="js/ga.js"></script></body></html>