Source type structure adjustment

Watch

Save as PDF

Share this page

Feedback

IT Operations Management

HomeWashington DC IT Operations ManagementIT Operations ManagementITOM HealthHealth Log AnalyticsConfiguring Health Log AnalyticsHealth Log Analytics SetupSet up data inputs manuallySource type structure adjustment

Table of Contents

Source type structure adjustment

Release version:
Washington DC
Yokohama
Xanadu
Vancouver
UpdatedFeb 1, 2024
2 minutes to read

Washington DC
Health Log Analytics

Health Log Analytics enables you to reclassify auto-classified properties and change auto-mapped labels. These adjustments help Health Log Analytics machine learning to better understand your priorities.

Health Log Analytics automatically separates the transport header from the inner log message and sends the inner log message to the source type structure. It extracts properties from incoming log messages and auto-maps labels to source type fields.

Modifying the source type structure and classification is your chance to make sure that the Health Log Analytics AI engine extracts all the properties properly and classifies them appropriately. Because a single data input can contain more than one source type, the system structures log data by source type and not by data input.

For example, consider the following log:

{
  "TenantId": "abc-01-02-03-04-05050708091011121314",
  "@timestamp": "2020-08-28T08:29:23.967Z",
  "Computer": "john Doe_computer",
  "EventType_s": "LogMessage",
  "Job_s": "johnDoe_cell",
  "IP_s": "1.00.00.00",
  "message": "This is the extracted message. This part of the message includes superfluous content and values",
  "MessageType_s": "OUT",
  "Timestamp_d": 1598603359017850000,
  "Type": "my_LogMessage_is",
  "_ResourceId": ""
}

The sample code contains "key":"value" pairs. The key is the property name, and the value is the property value.

The key "message" has the following value: "This is the extracted message. This part of the message includes superfluous content and values". If you wanted your logs to contain only the meaningful part of that message, you would add JavaScript code instructing the system to extract only that part.

//Added JavaScript to extract only the first sentence in the message! if (output['message'] != null){ output['message'] = output['message'].slice(0, output['message'].indexOf("\.")); } (edited)

You could use the same logic to reclassify a value. For example, if the key "Computer" is insignificant, you could set its value to "Invalid".

For more information about the source type structure, see the Source Type Structure – Labels & Classifications [KB0863562] article in the Now Support Knowledge Base.

Was this topic helpful?

Yes No

Add source types manually

Refine the source type structure

Add source types manually

Refine the source type structure

Log in to get a better experience

Explain this code

{
  "TenantId": "abc-01-02-03-04-05050708091011121314",
  "@timestamp": "2020-08-28T08:29:23.967Z",
  "Computer": "john Doe_computer",
  "EventType_s": "LogMessage",
  "Job_s": "johnDoe_cell",
  "IP_s": "1.00.00.00",
  "message": "This is the extracted message. This part of the message includes superfluous content and values",
  "MessageType_s": "OUT",
  "Timestamp_d": 1598603359017850000,
  "Type": "my_LogMessage_is",
  "_ResourceId": ""
}

How was this response?

Code explanation using AI

Explain this code

//Added JavaScript to extract only the first sentence in the message! if (output['message'] != null){ output['message'] = output['message'].slice(0, output['message'].indexOf("\.")); } (edited)

How was this response?

Code explanation using AI

Washington DC IT Operations Management

Filters

Versions

Products