Log Analytics collects from log files depends on the source of the log file and the pattern that you specify to structure the data in the log with. Every log entry is an event in the Log Analytics event stream.
Log Analytics Data
Log Analytics only supports the UTF-8 encoding format.
Event Type: logs
Key (event type identifier): sourceType
These fields are captured by default; you can configure and capture optional data, but these fields are always present:
UI Field Name
Description
Events Service Internal Name
pickupTimestamp
The timestamp when the Java Agent picked up the event and sent it to the Analytics Agent.
pickupTimestamp
Message
The message body of the log event.
message
host
IP address or host name where the event was generated.
host
source
Location of the logs, usually a path or directory such as /tomcat/logs.
source
sourceType
The kind of log file, such as apache-httpserver-access-log.
sourceType
Timestamp
Timestamp of the log event.
eventTimestamp
Extracted Fields
Fields that were extracted using the Controller UI in previous versions appear in the Extracted Fields list. See Collect Log Analytics Data.