The "type" field is used to identify the type of log data and provide you with a richer logging experience. For example, if your "type" is apache_access, we will assume that the logs that we receive are Apache access logs, parse them accordingly, and then give you customised GROKing and enrichment out of the box.
A detailed explanation on how to ship the logs for the various sources is specified here.
The following table describes the built-in types supported by the platform - customized types can be added as required:
|Nginx Access logs||nginx , nginx_access , nginx-access|
|Nginx Error logs||nginx-error|
|Apache Access logs||apache , apache_access , apache-access|
|Mysql Error logs||mysql_error|
|Mysql Slow Query logs||mysql_slow_query|
|Mysql Monitor logs||mysql_monitor|
|AWS S3 Access||S3Access|