Run a pattern analysis on your log data

edit

Run a pattern analysis on your log data

edit

This functionality is in technical preview, requires a Platinum subscription, and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.

Log pattern analysis helps you to find patterns in unstructured log messages and makes it easier to examine your data. It performs categorization analysis on a selected field of a data view, creates categories based on the data and displays them together with a chart that shows the distribution of each category and an example document that matches the category.

Log pattern analysis works on every text field.

This example uses the sample web logs data, or you can use your own data.

  1. Open the main menu, and click Discover.
  2. Expand the data view dropdown, and select Kibana Sample Data Logs.
  3. If you don’t see any results, expand the time range, for example, to Last 15 days.
  4. Click the message field in the Available fields list sidebar and click Run pattern analysis.

    Available fields view in Discover showing the message field selected.

    The pattern analysis starts. The results are displayed in a flyout when the analysis is complete.

    Log pattern analysis results in Discover.
  5. (optional) Apply filters to one or more patterns. Discover only displays documents that match the selected patterns. Additionally, you can remove selected patterns from Discover, resulting in the display of only those documents that don’t match the selected pattern. These options enable you to remove unimportant messages and focus on the more important, actionable data during troubleshooting.