3.1 You need to extract fields from well-understood log types


Rather than extracting fields one at a time, you want to leverage the fact that your log is of a well-known type and simply extract all fields for further use.


Install an App that will extract fields and present data from your log types, for example:

There are many more Apps available; click Library, then the Apps tab to view the current list. Or go to Apps to see the documentation. 


Install one or more Apps that use a data filter, such as_sourceCategory=perfMon, to identify which sources to parse. The recipes that follow will describe how to extract data fields from any log type, but Apps make it easy for the more common log types.