Consolidated viewing and searching across all logs
Machine data comes in all shapes and sizes. Some types of data formats follow known structures or formats while other types of data have completely custom formats. Some types are semi-structured or unstructured while others are structured.
Bringing all types of data together in a consolidated view for searching provides significant benefit in any type of analysis. While some of the machine logs can provide information about the application behavior, combining it with unstructured information like emails can help provide actionable analysis. Combining this further with structured information from configuration files or reports from external systems leads to a searchable gold mine of information.
In Part 1: Speeding up machine data analysis of this series, you saw the variety in machine data across application layers. In Part 2: Speeding up analysis of new log types of this series, you saw how external information like emails can be easily added for analysis.
In this tutorial, you will bring all this data together in a searchable repository.