Log Analytics Source Rules
Analytics Agents collect logging information based on the log source rules you define in the Controller.
The primary function of a source rule is to specify the location and type of a log file, the pattern for capturing records from the log file, and the structure of the data of captured records. They can also specify field masking or sensitive data removal and manage time zones of captured records.
When the log source rules are enabled and associated with Agent Scopes, Analytics Agents automatically start collecting the configured logs as follows:
- Analytics Agents register with the Controller on startup
- Analytics Agents download log source rules to configure log collection (after registration)
- Log source rules are stored in the Controller data store and are configurable through the Centralized Log Management UI
- Analytics Agents start acting on log source rule changes within five minutes (this could be longer if there are any network communication issues)