Add, edit, or delete Health Log Analytics lexical keywords

  • Release version: Xanadu
  • Updated August 1, 2024
  • 1 minute to read

    • Manage the keywords that Health Log Analytics looks for in your log data.

    Before you begin

    Role required: evt_mgmt_operator or evt_mgmt_admin

    About this task

    In log data, terms like "crash" or "failed" are called lexical keywords because they indicate issues that can merit attention. When text in log data for a source matches a lexical keyword that exceeds a specified count threshold, the system identifies an anomaly and generates an alert.

    Important:
    A lexical keyword differs from a key in a key:value pair in a log line. For example, Hostname is a key that takes on a value: the name or IP address of the host. In contrast, a keyword like Failed is important by itself and does not take on a value.
    The application comes with many default global keywords. You can add, edit, and delete global keywords or phrases. These keywords apply to all source types.
    Note:
    To add a specified keyword that is associated with a specific source type, see Configure source type capabilities.

    Procedure

    1. Navigate to All > Health Log Analytics > Log Anomaly Detection > Lexical Keywords.
      By default, the Lexical Keywords table lists only global keywords.
    2. Optional: Add a global keyword.
      1. Select New.
      2. On the form, fill in the fields.
        Table 1. Lexical keyword form
        Field Description
        Name Unique and descriptive name for the keyword.
        Regular expression Regular expression (regex) that defines matches.
        Exact match Option to make Health Log Analytics match the exact regex. For example, 'NullPointerException' in a message would not match the regex 'exception'.

        This field is automatically set to True.
        Case-sensitive Option to make Health Log Analytics look for a case-sensitive match of the regex.

        This field is automatically set to False.
        Range of analysis Range of sources types where Health Log Analytics looks for the keyword in the log data. Choices are as follows:
        • All source types
        • Specified source type
        Excluded source types Source types that are not associated with the keyword. Health Log Analytics does not look for the keyword in the log data of these source types.
      3. Select Submit.
    3. Optional: Edit a global keyword.
      1. Click the keyword that you want to edit in the list.
      2. On the form, edit the relevant fields.
      3. Select Update.
    4. Optional: Delete one or more global keywords.
      1. Select the rows of the keywords that you want to delete.
      2. From the Actions on selected rows list at the bottom of the page, select Delete.
      3. Select OK.