The intention of Intelligent Field Discovery is to lift as much work off the user as possible, Data that is comma-delimited or in K:V pairs will automatically have the field name and value extracted, however the user is also able to define rules which will be applied to the data to extract manually created fields. As data is processed it will be checked against all automatic and user created rules.
To enable or disable field discovery on indexed data go to the advanced tab of the Data Sources configure page. Field discovery is on by default whenever a data source is created. This can be disabled for data that may not benefit from this feature.
On the Data Sources page automatic field discovery can be enabled or disabled for incoming data. Automatic data discovery extracts common patterns at index time. These patterns and fields become available without any further effort from the user. See Field Discovery for more.
On the Data Sources page grokit field discovery can be enabled or disabled for incoming data. As data is index common text patterns such as urls, ip address, file paths are extracted from the data. The patterns are configurable by an external config file. See Grokit Config to find out more.
The time based system fields can also be disabled on the data source. See System Fields page to find out more
