1. Using Oracle Log Analytics
  2. Administer Oracle Log Analytics
  3. Create a Parser
  4. Guided Creation of the Regex Type Parser

Guided Creation of the Regex Type Parser

If you want to generate the parser expression using the Parser Builder, then click on the Guided tab.

  1. In the Parser Name field, enter the parser name. For example, enter OBIO Performance Log Parser.

  2. In the Example Log Content field, paste the contents from a log file that you want to parse. You can alternatively click Add from file, and select the log file that you want to parse.

    The log records are extracted from the file and displayed in the Example Log Content field.

    Select the Handle entire file as a single log entry check box, if required. If you do, then you might want to consider selecting the check box Enable raw-text searching on this content. This option enables you to search the log records with the Raw Text field. When enabled, you can view the original log content with the raw text.

    Click Next.

  3. From the log content, select the lines that represent a single log entry. To select multiple lines, hold down Ctrl or Shift key, and select.

    Click Next.

  4. In the log entry, click on each field. The Extract Field dialog box opens.


    Description of parser_builder_field.png follows
    Description of the illustration parser_builder_field.png

    • To capture the type of field, select Capture this field as radio button, click the down arrow under Field Name, and select the field name that it corresponds with. Based on the field type, the field value in the log record will be replaced with the regular expression for that field. For example, select the time data in the log entry, and select Time field name. Then the {TIMEDATE} regular expression is displayed.

    • To capture the selected field by it’s literal text, select the Literal text radio button.

    Click Save.

  5. The log entry can be a single line or multiple lines. If the log entry spans multiple lines, then by default, Use Autogenerated Parse Expression input method for the parse expression is selected. Alternatively, you can manually enter the log record’s start expression.

    Optionally, you can enter the end expression too. Use End Expression to indicate the end of the log record. When a log record is written to the file in multiple chunks and you want the agent to pick up the complete log record that includes all the chunks, use the end regex. The agent waits till the end regex pattern is matched to collect the log record. The same format rules apply for the end expression as that of Entry Start Expression.

  6. After the fields are extracted, the regular expression is displayed and tested. The results of the test are displayed in a table.


    Description of parser_builder_test2.png follows
    Description of the illustration parser_builder_test2.png

    The test result displays the Step Count which is a good measure of the efficiency of the extract expression in extracting the required fields from the example log content. Ensure to fine tune your regex expression to optimize the matches and to reduce the step count.

  7. Click Next.

    The fields that you identified for parsing are listed along with the corresponding field names, type of data, descriptions of the fields, and the regular expressions.

  8. Confirm the parser data by clicking Create Parser.

    The parser builder will validate your input with the existing parsers. If an existing parser can be used for the example log content provided earlier, then you’ll be redirected to the specific Parser Creation page.