Indexes 101 – The Basics

Indexes in Unified Logging are the primary way pieces of data that are of interest are identified.  At its core indexes are regular expression.

Why regular expressions?  Regular expressions allow application support to define very simple to very complex pattern matching and even the novice application support engineer already knows regular expressions as that is how they currently navigate large log files.

Index Types

Custom: A custom index is really just the base regular expression, if you are a regular expression pro this is probably the only index type you will use.

Data: This index matches on values in key:value pairs {e.g. Machine:Web1}.  This index type is a helper on top of the custom index type to get up and running quickly if you do not want to mess with regular expression.

Notification: This index matches on a word or phrase and you wish to be notified when this occurs.  More on notification conditions soon.  This index type is a helper on top of the custom index type to get up and running quickly if you do not want to mess with regular expression.

Index Properties

Indexes have some common properties such as name, color and regular expression and priority order.

Name: Make the index name something easily identifiable at a glance.

Color: The color is used in multiple places.  If you choose a color it will be used to highlight matches in notifications, messages on the web and in trends.

Priority Order: The priority order defines the order in which notification indexes are processed, more in the next post.

There are additional properties for notifications that will be discussed in the next post.

NEXT -> Indexes 102 – Notifications

Trackbacks/Pingbacks

  1. Indexes 102 – Notifications | Unified Logging Blog - March 28, 2012

    […] you have not read Indexes 101 Jump There Now then read […]