1. Using Oracle Log Analytics
  2. Administer Oracle Log Analytics
  3. Configure New Log Sources
  4. Use the Generic Parser

Use the Generic Parser

Oracle Log Analytics lets you configure a generic parser to parse logs from different log sources.

This is particularly helpful when you’re not sure about how to parse your logs or how to write regular expressions to parse your logs, and you just want to pass the raw log data to perform analysis. Typically, a parser defines how the fields are extracted from a log entry for a given type of log file. However, the generic parser in Log Analytics can:

  • Detect the time stamp and the time zone from log entries.

  • Create a time stamp using the current time if the log entries don’t have any time stamp.

  • Detect whether the log entries are multiple lined or single lined.

  1. From Oracle Log Analytics, click the OMC Navigation open menu icon icon on the top left corner of the interface. In the OMC Navigation bar, click Administration Home.
  2. In the Log Sources section, click Create source.
    Alternatively, in the Log Sources section, you can click the available number of log sources link and then in the Log Sources page, click Create.
    This displays the Create Log Source dialog box.
  3. In the Source field, enter the name for the log source.
  4. In the Source Type field, select File.
  5. Click Target Type and select the type of target for this log source.
  6. Select Automatically parse time only. Oracle Log Analytics automatically applies the generic parser type.
  7. To automatically associate this log source with all matching target types, select the Auto-Associate check box.
  8. Click Save.
When you access the log entries of the newly created log source, Oracle Log Analytics extracts and displays the following information from the log entries:

  • Time stamp:

    • When a log entry doesn’t have a time stamp, then the generic parser creates and displays the time stamp based on the time when the log data was collected.

    • When a log entry contains a time stamp, but the time zone isn’t defined, then the generic parser uses the cloud agent’s time zone.

  • Time zone:

    • When a log file has log entries with multiple time zones, the generic parser can support up to 11 time zones.

    • When a log displays some entries with a time zone and some without a time zone, then the generic parser follows the time zone of the latest log entry.


      Description of inconsistenttime.png follows
      Description of the illustration inconsistenttime.png

    If the time zone or the time zone offset is not indicated in the log events, then Oracle Log Analytics compares the last modified time of the OS with the timestamp of the last log entry to determine the proper time zone.

  • Multiple lines: When a log entry spans multiple lines, the generic parser can captures the multiline content correctly.