In IBM Operations Analytics – Log Analysis, the “Source Type Cloning” feature allows users to create a new source type using an existing data source type and its details. One of the useful features in source type cloning is the ability to change the order of the fields in existing data source types. This can be a value-add in analyzing log data as a user can group the fields their interested in together. The search results would appear in same order on search user interface that was configured in source type cloning.
The “Source Type Cloning” feature is available from the Log Analysis Administrative User Interface.
- Locate the desired data source type and select the option to clone it. This will show the details of the source type with the “Edit Field Order” option that can be located on the right side of the screen as shown below.
- The “Edit Field” order option will open up the fields view in read only mode. The user can only change the order of the fields. No other change can be made to the field attributes.
- Once the fields are opened in order edit mode, the user can find the desired field and select it for re-ordering.
- Selecting a row will enable the order edit feature by showing the order numbers on the left. Will also show up / down arrows, along with a small text-box around the current selected row position number.
- User can click on the up / down arrow to make the row move taking it to the desired position with the sequence of up/ down actions.
- For a more advanced re-order, the user can also type in the provided text-box to list the field in the desired location. This will shift the selected row to the specified position, shifting all other rows either up or down, based on the position specified.
- On completion of re-ordering user can click on ‘Save Field Order’ to save his changes so that the search results grid appears in the same field order.
- As an example lets say a user wants to see some specific field info together like: hostname, authorizationId and processId from the DB2Diag log. They want them to appear at the start for better insights. To achieve this the user could modify the order as per the steps, mentioned above. Modification could look something like below:
The user can then create a new data source using this newly created source type and use this for data ingestion. On performing search using the newly created data source, the user would see the grid view of the search results in the modified order which could assist in better analytic insights.
This is how a user can change the order of fields from the Log Analysis Administrative User Interface in a source type cloning flow. IBM Operations Analytics – Log Analysis also provides a different way for user to change the order of the fields. This can be done right at the insight pack creation time, when the user creates an Insight Pack project in Eclipse.
For more information explore the Log Analysis Knowledge Center “Using the Eclipse tools to create Insight Pack artifacts” documentation section.
For more details on field “Re-ordering Fields Source Type Cloning” explore the “Changing the index configuration field order” section under same topic.