Add, edit, or delete lexical keywords in Health Log Analytics

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 2 minutes de lecture

    • Manage the keywords that Health Log Analytics looks for in your log data.

    Avant de commencer

    Role required: evt_mgmt_operator or evt_mgmt_admin

    Pourquoi et quand exécuter cette tâche

    In log data, terms like "crash" or "failed" are called lexical keywords because they indicate issues that can merit attention. When text in log data for a source matches a lexical keyword that exceeds a specified count threshold, the system identifies an anomaly and generates an alert.

    Important :
    A lexical keyword differs from a key in a key:value pair in a log line. For example, Hostname is a key that takes on a value: the name or IP address of the host. In contrast, a keyword like Failed is important by itself and does not take on a value.
    The application comes with many default global keywords. You can add, edit, and delete global keywords or phrases. These keywords apply to all source types.
    Remarque :
    To add a specified keyword that is associated with a specific source type, see Configure source type capabilities in Health Log Analytics.

    Procédure

    1. Navigate to All > Health Log Analytics > Log Anomaly Detection > Lexical Keywords.
      By default, the Lexical Keywords table lists only global keywords.
    2. Facultatif : Add a global keyword.
      1. Select New.
      2. On the form, fill in the fields.
        Tableau 1. Lexical keyword form
        Field Description
        Name Unique and descriptive name for the keyword.
        Regular expression Regular expression (regex) that defines matches.
        Exact match Option to make Health Log Analytics match the exact regex. For example, 'NullPointerException' in a message would not match the regex 'exception'.

        This field is automatically set to True.
        Case-sensitive Option to make Health Log Analytics look for a case-sensitive match of the regex.

        This field is automatically set to False.
        Range of analysis Range of sources types where Health Log Analytics looks for the keyword in the log data. Choices are as follows:
        • All source types
        • Specified source type
        Excluded source types Source types that are not associated with the keyword. Health Log Analytics does not look for the keyword in the log data of these source types.
      3. Select Submit.
    3. Facultatif : Edit a global keyword.
      1. Click the keyword that you want to edit in the list.
      2. On the form, edit the relevant fields.
      3. Select Update.
    4. Facultatif : Delete one or more global keywords.
      1. Select the rows of the keywords that you want to delete.
      2. From the Actions on selected rows list at the bottom of the page, select Delete.
      3. Select OK.