In Health Log Analytics, automatic header properties detection separates the transport header from the inner log message and forwards only the inner log message to the source type structure. The inner message contains the actual log data without including shipping information.

The Health Log Analytics application supports header properties detection for Fluentd, Beats, and Syslog (RFC 3164, RFC 5424).

Starting with Version 33.0.27 - August 2024, the system also supports header properties detection for logs that follow the OpenTelemetry logs data model and semantic conventions. For more information, see the OpenTelemetry Logs Data Model documentation.

Disabling header properties detection

When you disable header properties detection for a data input, the Health Log Analytics AI Engine stops extracting properties from the header. Forwarding the complete raw message can be useful in the following situations:

  • The inner log message lacks information for parsing, such as timestamp and severity.
  • The data input contains information that can be used for structuring.
  • The data input forwards the logs fully parsed.

For the procedure to disable header properties detection, see Map raw log data in Health Log Analytics.