Machine Learning Based Query Enrichment

Typically, you can derive rich insights about the log records using the Cluster and Link features. But it is not possible to use the insights generated from these analytical tools in other Oracle Log Analytics visualizations. Now use the new insights feature that auto-analyzes the results of a search, and returns a set of ML-derived fields that capture the insights.

Generate Insights Fields Using the addinsights Command

Run the addinsights command after a search to analyze the given query and automatically enrich the query results with additional insight information for each log record. The following insights fields are returned by the command: Cluster Record Count, Shape Record Count, Shape Cluster Count, Potential Issue, and Shape ID. See Addinsights Command in Using Oracle Log Analytics Search.

Following is an example query with addinsights for Linux Syslog Logs:

'Log Source' = 'Linux Syslog Logs' | addinsights

The following image shows the result of running the example query.

Click on the info icon to view the insights fields that are auto-generated based on the analysis of the query search results.

Use the Insights to View Similar Log Records

This time, run a similar query on Database Alert Logs.

'Log Source' = 'Database Alert Logs' | addinsights

After the query is run with the addinsights command, scroll down the search result to the log record that you are interested in, expand to view the fields, click Add To Search on the Cluster Record Count field view.

This now updates the query to the one below, showing only the log records that have similar Cluster Count.

'Log Source' = 'Database Alert Logs' | addinsights | where 'Cluster Record Count' = 34097

Switch to the Cluster visualization. It shows all the clusters that are similar to the selected message. You can click on a variable to see the specific values for that variable.