Log Analytics collects from log files depends on the source of the log file and the pattern that you specify to structure the data in the log with. Every log entry is an event in the Log Analytics event stream.
Log Analytics only supports the UTF-8 encoding format.
Event Type: logs
Key (event type identifier): sourceType
These fields are captured by default; you can configure and capture optional data, but these fields are always present:
| UI Field Name | Description | Events Service Internal Name |
|---|---|---|
| pickupTimestamp | The timestamp when the Java Agent picked up the event and sent it to the Analytics Agent. | pickupTimestamp |
| Message | The message body of the log event. | message |
| host | IP address or host name where the event was generated. | host |
| source | Location of the logs, usually a path or directory such as /tomcat/logs. | source |
| sourceType | The kind of log file, such as apache-httpserver-access-log. | sourceType |
| Timestamp | Timestamp of the log event. | eventTimestamp |
| Extracted Fields | Fields that were extracted using the Controller UI in previous versions appear in the Extracted Fields list. See Collect Log Analytics Data. | Varies |
You can optionally configure these fields:
| Optional Fields | Description |
|---|---|
| nodeName | Name of the node where the log event occurred. |
| tierName | Name of the tier where the log event occurred. |
| appName | Application name where the log event occurred. |