Ensure the correct mapping of your severity key 🔗
The Log Observer Connect timeline displays a histogram of logged events over time, grouped by values of the message field severity. The severity key is a field that all logs contain. It has the values DEBUG, ERROR, INFO, UNKNOWN, and WARNING. Your logs might use a different field name for the severity key. Because the severity key in many logs is called level, Log Observer Connect automatically remaps the log field level to severity.
If your logs call the severity key by a different name, that’s okay. To ensure that Log Observer Connect can read your field, transform your field name to severity or add a severity alias to your field name. To transform your field name, see Extract fields from event data using Ingest Processor . To add an alias to your field name, see Create field aliases.
The mapping of your severity key and its values is case sensitive. The key and its values must appear exactly as follows:
severity
DEBUG
ERROR
INFO
UNKNOWN
WARNING