In a large environment with numerous log events, you cannot always locate the data fields that are important to you.

Log Insight provides runtime field extraction to address this problem. You can extract any field dynamically from the data by providing a regular expression. See Examples of Regular Expressions.


Generic queries might be very slow. For example, if you attempt to extract a field by using the \(\d+\) expression, the query returns all log events that contain numbers in parenthesis. Verify that your queries contain as much textual context as possible. For example, a better field extraction query would be Event for vm\(\d+\).

You can use the extracted fields to search and filter the list of log events, or to aggregate events in the Interactive Analytics chart.