About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
Using templates
IBM Cloud Logs learns from the logs that are ingested through the Priority insights and Analyze and alert data pipelines, and groups similar logs into templates to help you determine logs requiring your attention and others that might not.
How are templates generated from logs
As data is ingested, automatic log aggregation groups log entries into a narrow set of patterns by using machine learning. Each log that is received by IBM Cloud Logs is analyzed for constant log variable data.
Log aggregation is based on repetitive log activity over a 24-hour period or over 100 K logs.
First, metadata fields are analyzed and used for log aggregation and definition of a branch. The metadata fields that are always used are:
- Application name
- Subsystem name
- Severity
Then, the following fields are also used for log aggregation and definition of a template:
textmessagemsgloginnerMessage
When log aggregation processes all ingested data, the logs that match a template must have an identical JSON structure. Any small variation of the JSON fields will result in a different template being created.
Launching the templates page
Log aggregations can be found as templates in the Templates tab in the Logs page.
To access the templates tab, complete the following steps:
-
In the navigation, click the Explore logs* icon
> Logs templates.In the Logs view you can also click the Templates tab to open the template view.
-
Click a log field to see the unique field values in the aggregated logs.
-
Click the number of occurrences for a template to see the details about the occurrences of the logs included in the aggregation.
-
Select the three dots to view the raw log, copy the permalink to access quickly the log at a later time, or open the info panel.
Viewing logs associated with a template
From the templates page, hover over the column First seen and click the magnifying glass icon to open a view that shows the logs that are associated with the template.
Limits
- Per IBM Cloud Logs instance, you can have up to 1000 branches by default.
- Per branch, you can have up to 150 templates per branch.