Instead of typing context values for extracting fields dynamically, you can use the one-click extract function.

The one-click extract populates all context values that correspond to the field that you select in a log event.

Note

The one-click extract option is available only in Normal view. You cannot use this option in Raw view. On the Interactive Analytics tab, use the View drop-down menu above the list of log events to switch between views.

Verify that you are logged in to the Log Insight Web user interface. The URL format is https://log_insight-host, where log_insight-host is the IP address or host name of the Log Insight virtual appliance.

1

Navigate to the Interactive Analytics tab.

2

In the list of log events, highlight the text that represents the field that you want to extract.

An action menu appears above the set of field names present in that event.

3

Click Extract Field.

The context values in the Fields pane are populated automatically with the context needed to extract the highlighted field.

4

(Optional) Modify the Value regular expression in the Fields pane.

5

(Optional) Modify the Context regular expression in the Fields pane.

6

If you are an administrator user, select which users can access the field.

Option

Description

All users

All users will see the field in the search drop-down menu.

Me only

Other users will not see the field in the Search drop-down menu.

7

Click Save.

You can use the extracted field to search and filter the list of log events, or to aggregate events in the Interactive Analytics chart.

You can modify saved field definitions or delete them if you no longer need them.