Adding new datasets to Log Explorer¶
Logs contained in a generic dataset do not automatically appear in the Log Explorer. For that to happen, you must tell Observe that this dataset contains logs. This is done by editing the dataset and using the “log” option of the interface OPAL command. Observe will then recognize this dataset contains logs, and automatically present its logs for visualization in Log Explorer.
The interface verb is used to map fields to an interface. In the case of logs, the required OPAL looks as follows:
// Make a string column named "log" from the "FIELDS.log_msg" object so interface models it
make_col log:string(FIELDS.log_msg)
interface "log"
The data you see doesn’t change, but using the log interface on a dataset sets the following conditions:
Each row represents an event in a time series
A field named
logcontains the message from the application