signature
Generates a signature string composed of only the special characters in the line field and assigns it to the signature field. Use this command to extract log samples by pattern type before developing a parser.
Command properties
| Property | Description |
|---|---|
| Command type | Transforming |
| Required permission | None |
| License usage | N/A |
| Parallel execution | Supported |
| Distributed execution | Not supported |
Syntax
Input fields
| Field | Type | Required | Description |
|---|---|---|---|
| line | string | Required | The source string from which to extract the signature. Records with a null value are skipped. |
Output fields
| Field | Type | Description |
|---|---|---|
| signature | string | A signature composed of special characters from the source string, excluding letters and digits. |
Error codes
Parsing errors
N/A
Runtime errors
N/A
Description
The signature command extracts only the special characters from the line field string, excluding letters and digits, and assigns the result to the signature field. Special characters inside double-quoted (") sections are excluded from extraction.
This command is useful for classifying pattern types in log data. Logs with the same signature are likely to share the same format, so combining it with the stats command allows you to extract sample logs by type.
Records where the line field is null are excluded from the output.
Examples
-
Extract the first sample log per signature
table duration=1h web_logs | signature | stats first(line) by signatureExtracts the first log sample for each signature type.
-
Count logs per signature
table duration=1d syslog | signature | stats count by signature | sort -countCounts log entries per signature and sorts them in descending order of count.
-
Filter logs matching a specific signature pattern
table duration=1h app_logs | signature | search signature == "[] - : - //"Filters only logs that match the specified signature pattern.