Field configuration

IBM® Operations Analytics Log Analysis uses the attributes that are listed in the table to configure individual fields during indexing.

The indexing configuration is a file in the JavaScript Object Notation (JSON) format. The attributes are set up as the key-value pairs in the indexing configuration file and the resulting record is mapped to the appropriate field name. The JSON record key for each attribute is listed in the first column. The possible values that are associated with this key and default values that are used when the key is missing are shown in the second and third columns. The symbols true and false refer to the corresponding JSON Boolean values. All other values, unless otherwise specified, are JSON strings.

Table 1. Field configuration
Attribute key Possible value Default Description
dataType TEXT, LONG, DOUBLE and DATE TEXT

Specifies the type of data that is stored in this field.

retrievable true or false false

Determines whether the contents of this field are stored for retrieval. When set to false, the content is not stored in the index. When set to true, the content is stored and available for retrieval. The retrieveByDefault value controls how and when the content of this field is included in search results.

retrieveByDefault true or false false

When set to true, the contents of the field is always returned as part of any search response. When set to false, the field is not part of the default response. However, when required, the content of the field can be explicitly requested using the appropriate parameters that are supported by the search run time. The retrieveable flag must be set to true for this attribute to work.

sortable true or false false

Enable or disable the field for sorting and range queries

filterable true or false false

Enable or disable facet counting and filtering on this field

searchable true or false true

Controls whether the field is enabled for searching/matching against it

enableWildcard true or false false

Controls whether the field is enabled for wildcard matching

source N/A N/A

Each index field is associated with a source attribute. The source attribute consists of three other attributes: paths, dateFormats, and combine.

paths JSON path expression.

For example, key1.key2, where key2 is nested within the value for key1.

N/A

Contains an array of one or more JSON path expressions.

dateFormats Java SimpleDateFormat and EPOCH N/A

Specifies format strings that determine how date values that are entered in this field are parsed.

The Epoch value or absolute point in time from which time is measured is milliseconds since January 1, 1970.

combine ALL and FIRST ALL

Determines how the values that are returned by the paths and dateFormats attributes are used.