Variety in machine data analysis
In Part 1: Speeding up machine data analysis of this series, you learned how you can use machine data from some known types such as Apache web access and WebSphere. You also learned how you can use some of the types that are lesser known to the accelerator, using a generic type.
As long as the data is textual time-series-based data, you can use the techniques on any machine data for analysis without writing any new code!
Using the generic type, you will be able to extract most of the fields that are commonly found in machine data. Many times a lot of the data contains name value pairs, XML leaf tag values, and the generic type will extract most of the interesting information.
After using these techniques, if there are still fields that are specific to a certain data type that are not extracted, the accelerator provides a way to customize the existing rules or add new ones.
In this tutorial, you will use email data and learn how you can add a new log type to analyze this data, including the following.
- How to use the eclipse tooling to customize existing rules or build new ones.
- How to publish the customized rules via a customized application for production.