Source type structure adjustment in Health Log Analytics

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Source Type Structure Adjustment in Health Log Analytics

    Health Log Analytics (HLA) allows users to reclassify auto-classified log properties and modify auto-mapped labels, enhancing the accuracy of machine learning analysis on log data. HLA automatically separates transport headers from inner log messages, extracting properties and mapping them to source type fields for effective analysis.

    Show full answer Show less

    Key Features

    • Automatic Classification: HLA classifies log fields into categories including METER, GAUGE, ARCONLY, HISTOGRAM, and INVALID.
    • Labeling: Log fields are labeled with roles such as MESSAGE, HOST, TIMESTAMP, SEVERITY, and EVENT-ID.
    • AI-Powered Suggestions: Users can receive AI-generated suggestions for classifications and labels, streamlining the process of adjusting log properties.
    • Custom JavaScript Modifications: Users can implement JavaScript to extract relevant parts of messages or reclassify insignificant values for better clarity in logs.
    • Relearning Capability: Users can reactivate the learning mode to refresh the parsing, extraction, classification, and labeling of log data.

    Key Outcomes

    By adjusting the source type structure, customers can ensure that the HLA engine accurately interprets log fields, leading to improved data analysis and anomaly detection. This customization enables more effective monitoring and insights from log data, ultimately enhancing operational efficiency.

    Health Log Analytics (HLA) enables you to reclassify auto-classified log properties and change auto-mapped labels. These adjustments help HLA machine learning analyze your data accurately.

    What HLA does automatically

    HLA automatically separates the transport header from the inner log message and sends only the inner log message to the source type structure. The system extracts properties from incoming log messages and auto-maps labels to source type fields.
    • Classification determines how the HLA engine analyzes and processes each field. Available classifications are: METER, GAUGE, ARC_ONLY, HISTOGRAM, INVALID.
    • Labels tell HLA what role a field plays in the log structure. Available labels are: MESSAGE, HOST, TIMESTAMP, SEVERITY, EVENT-ID.

    Reviewing and, if necessary, modifying automatically mapped labels and auto-classified properties in the source type structure verifies the HLA engine interprets log fields correctly.

    Note:
    Because a single data input can contain multiple source types, HLA structures log data by source type rather than by data input.

    AI-powered classification and labeling suggestions

    Simplify classification and labeling of parsed log properties with AI-powered automatic classification and labeling suggestions. You can access the AI agent from the Source Type Structure page to receive AI-suggested classifications and labels based on dynamic analysis of your log samples. AI-suggested classifications include METER, GAUGE, ARC_ONLY, and INVALID. AI-suggested labels include MESSAGE, HOST, TIMESTAMP, and SEVERITY. After reviewing the suggestions, select your preferred classifications and labels.

    Example

    The following example shows how to modify values of extracted properties in the source type structure with JavaScript.

    Consider the following log:

    {
  "TenantId": "abc-01-02-03-04-05050708091011121314",
  "@timestamp": "2020-08-28T08:29:23.967Z",
  "Computer": "john Doe_computer",
  "EventType_s": "LogMessage",
  "Job_s": "johnDoe_cell",
  "IP_s": "1.00.00.00",
  "message": "This is the extracted message. This part of the message includes superfluous content and values",
  "MessageType_s": "OUT",
  "Timestamp_d": 1598603359017850000,
  "Type": "my_LogMessage_is",
  "_ResourceId": ""
}

    The sample code contains "key":"value" pairs: The key is the property name. The value is the property value.

    The key "message" in the sample has the following value: "This is the extracted message. This part of the message includes superfluous content and values".

    If you wanted your logs to contain only the meaningful part of that message, you would add JavaScript code instructing the system to extract only that part:

    //Added JavaScript to extract only the first sentence in the message! if (output['message'] != null){ output['message'] = output['message'].slice(0, output['message'].indexOf("\.")); } (edited)

    You could use the same logic to reclassify a value. For example, if the key "Computer" is insignificant, you could set its value to "Invalid."

    For more information about the source type structure, see the Source Type Structure – Labels & Classifications [KB0863562] article in the Now Support Knowledge Base.

    Note:
    You can reactivate the learning mode for a source type structure to use the HLA engine's learning functionality again after the initial learning period becomes outdated. On the Source Type Structure form, select Relearn to reset parsing, extraction, classification, and labeling for the source type structure and restart the learning process.