1. Using Oracle Log Analytics
  2. Administer Oracle Log Analytics
  3. Configure New Log Sources
  4. Configure Field Enrichment Options

Configure Field Enrichment Options

Oracle Log Analytics lets you configure Field Enrichment options so you can further extract and display meaningful information from your extended fields data.

One of the Field Enrichment options is the Geolocation Lookup that converts IP addresses or host names present in the log records to a country or country code. This can be used in log sources like Web Access Logs that have external client IP addresses.

Using the Lookup Field Enrichment option, you can match field-value combinations from events to an external lookup table.

Geolocation Lookup

After you set up the Geolocation Lookup options, you can view log records grouped by country or country code using the maps visualization.

  1. From Oracle Log Analytics, click the OMC Navigation (open menu icon) icon on the top left corner of the interface. In the OMC Navigation bar, click Administration Home.
  2. In the Oracle Log Analytics Configuration page, click the count of available log sources link.
  3. In the Log Sources page, select the required log source where you want to define the extended fields and click Edit.
  4. Add the Extended Fields definition for the base field that contains the country-specific IP address or host names records, such as Host IP Address.
  5. Click the Field Enrichment tab and then click Add.
  6. In the Field Enrichment dialog box, select Geolocation Lookup as the Function.
    Click the View details link to see a sample representation of the Geolocation Lookup function.
  7. Keep the Enabled check box selected.
  8. In the IP or Host Name field, select the base field name that you’ve used in the Extended Fields definition.
  9. Click Add.
To use the Maps visualization in Oracle Log Analytics to view log records grouped by country or country code, see Maps Visualization.

Use a Lookup in the Log Source

Oracle Log Analytics lets you enrich event data by setting up Lookup Field Enrichment options to add field-value combinations from lookups. Oracle Log Analytics uses lookups to match field-value combinations from events to an external lookup table, and if matched, Oracle Log Analytics appends the field-value combinations to the events. See Create Lookups.
  1. From Oracle Log Analytics, click the OMC Navigation open menu icon icon on the top left corner of the interface. In the OMC Navigation bar, click Administration Home.
  2. In the Oracle Log Analytics Configuration page, click the count of available log sources link.
  3. In the Log Sources page, select the required log source where you want to define the lookup options and click Edit.

    Note:

    You can also click Create source and create a new log source.

  4. Click the Field Enrichment tab and then click Add.
  5. In the Field Enrichment dialog box, select Lookup as the Function.
    Click the View details link to see a sample representation of the Lookup function.
  6. Keep the Enabled check box selected.
  7. In the Reference Lookup field, select the lookup file that you uploaded earlier. The list shows all lookups that have been previously uploaded.
  8. To map the key from the lookup to a field that’s populated by your parser, in Lookup Field, select the field for which you’ve created the lookup, such as Error ID.

    Note:

    The list for the input field will be limited to the fields that your log source populates. In this case, the Lookup Field is matched against your log entries field, Error ID.

  9. Select the Output Field, such as Error Text.
    When there’s a match, then the lookup value is written to the output field, which in this case is the Error Text field.
  10. Click Add.
When you display log records for the log source for which you created the lookup, you can see that the Output Field displays values that are populated against the log entries because of the lookup against the CSV file that you uploaded earlier. See Create Lookups.