Enriching logs
A log message is a wealth of information for an operator. It helps in troubleshooting an issue and finding the root cause.
Enrichment in logs helps you to add meaningful information to the log messages that will make search and analysis easier and more meaningful. Enriched logs are visualized better and bring out useful information and statistics. For example, you can enrich IPAddress, a field in logs, with geographical information like city, country code, longitude, and latitude that you can fetch from a CSV file. BMC Helix Log Analytics adds these additional details in real-time.
BMC Helix Log Analytics enables you to enrich logs from the CSV files.
As an administrator, enrich logs by following the steps explained in the following table:
| Step | Action | Reference |
|---|---|---|
| Plan enrichment | Plan log enrichment based on the following information:
For example, by using the IPAddress field in the logs, you might want to enrich the logs with the employee information (like office location, employee code, and so on) by using a CSV file. To plan enrichment better, understand how enrichment is applied to logs based on the precedence, conditions, and enrichment sources configured in an enrichment policy. | - |
| Add enrichment sources | Based on the enrichment that you want to add to logs, add the source that will enrich the logs. | Adding enrichment sources |
| Add enrichment policy | An enrichment policy defines the condition that triggers enrichment and applies the enrichment source to logs. For example, you enrich the IPAddress field with employee details when server == 11.0.1.111. | Creating enrichment policies |
Learn more
Read the following blog to learn how enriching logs make troubleshooting easier
Simplify troubleshooting and analysis with log enrichment
.
Comments
Log in or register to comment.