Skip to Content
Author's profile photo Eleanor Teuten

Getting Started with the Attribute Editor in SAP IT Operations Analytics 2.0

SAP IT Operations Analytics 2.0 has just been released and is available for download in SAP Software Download Center.


You can find the documentation at



The product comes with a set of rules that are used to convert the raw syslog events into messages with attributes. If required, you can use the attribute editor to define your own rules for extracting additional attributes and then use these attributes for enhanced filtering.


Basic experience with regular expressions is required to create custom rules. The example below assumes that you have this experience and now want to get started with the attribute editor in SAP ITOA 2.0.



Example: How to create a custom rule




In our example system, we are collecting a number of metrics on the monitored hosts. The metrics are forwarded through syslog into SAP ITOA. We’ll now define a new rule to parse the “used memory” on these hosts, which we can then use to do further analytics.


In our example, the raw message is: <13>Dec 15 14:20:01 myhostname logger 217304924 used memory.


The goal is to extract the value (217304924) and add it as the attribute “usedmemory”.



Step 1


From the table view, select a message containing the string you would like to use as a search pattern and click the button GET MORE INSIGHTS.


In this example, we select the message “<13>Dec 15 14:20:01 myhostname logger 217304924 used memory”.


01e_RegExp_15-12-2015 15-21-06.png



Step 2


Enter a name and a description for the new rule, and then copy (with Ctrl C, Ctrl V) the text you want to use as a basis for your regular expression to the Regular Expression field.


In the example, we have entered ‘usedmemory” for both the rule name and the rule description, and copied the snippet ‘logger 217304924 used memory’.

02_RegExp_15-12-2015 15-23-25.png



Step 3


In the Regular Expression field, mark off where the regular expression will be with curly brackets, and then press TAB.

The curly brackets have a two-fold purpose:

  • The content within them is the attribute name that will be displayed in the bucket for filtering purposes.
  • They act as a placeholder for the regular expression itself.


In the example, we have replaced the value (217304924) with the placeholder: ‘logger {usedmemory} used memory’.
04_RegExp_15-12-2015 15-24-35.png



Step 4


Pressing TAB causes all the placeholders to be displayed in the table at the bottom.


Select an attribute type (in the example, we use NVARCHAR), enter a matching regular expression in the Attribute RegExp field (in the example, we use (.*)?), and then click Test to check that it matches the test string.

05_RegExp_15-12-2015 15-25-09.png



Step 5


The identified attributes are displayed in different colors, both within the message and on the right where you see all attribute names as well as the parsed values.

07_RegExp_15-12-2015 15-26-27.png


To save the rule and apply it to new incoming messages, click Save (bottom right).

In the dialog box select Activate Now and click Save.

08_RegExp_15-12-2015 15-27-19.png



Step 6


Go to the bucket when you can now filter via the new attribute.

12_RegExp_15-12-2015 18-41-30.png





Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Tom Slee
      Tom Slee

      This post came up when I was looking how to use regular expressions in the Attribute Browser and provided just what I needed. Thanks.

      Author's profile photo Former Member
      Former Member

      What is the use of "Apply filter" ?

      Author's profile photo Former Member
      Former Member

      Worth Reading. Thanks for this beautiful piece.