Analyzed and not Analyzed fields

How it Impacts Free-Text Searches

By default most log fields are not analyzed in Elasticsearch. The one exception is the 'message' field.

The 'message' field is analyzed and then tokenized (broken down) by whitespace, dashes, punctuation signs or other configuration changes made by Logz.io. The not analyzed fields do not apply any tokenizer at all so your search needs to match the value of the field exactly (unless you use Wildcard, Regex or Fuzzy), plus only not analyzed fields can be used to create Visualizations.

In our continuous efforts to enhance the usability of our platform, we’ve applied some changes to our tokenizer configurations to improve your free-text searching:

  • Splits upon dot - useful when searching for class names. 
    • For example: when searching for exceptions, instead of searching for `java.lang.NullPointerException` you can now search for the simple name of the class -- `NullPointerException`
  • Split of case -  useful for searching for parts of a camel-cased word. 
    • For example: searching for `Exception` will return all the exceptions in your logs (`IllegalArgumentException`, `NullPointerException` etc.)
  • Lowercase - this change now makes free-text searches case insensitive. 
    • For example: entering a search for ‘exception’ or ‘Exception’ will give you the same search results.