Overview of BMC Helix Log Analytics
The modern applications and IT environment has become more complicated which makes being able to collect and quickly analyze logs essential to maintaining system uptime. Architecture has evolved into microservices, containers, and orchestration infrastructure deployed on the cloud (public and private), or in hybrid environments. Also, the volume of data generated by these environments is constantly growing, which constitutes a challenge in comprehending logs.
In addition to the volume, log files can be structured, semistructured, or unstructured, making logs complex and difficult to comprehend. Despite the challenges, this information is vital to operational intelligence for IT, security, and business in general.
BMC Helix Log Analytics helps you to analyze the log files from multiple environments. It provides a wealth of insights into the usage, health, and performance of your environments, together with a set of integrated capabilities for detecting and troubleshooting issues. It simplifies and accelerates the process of collating, normalizing, and parsing your logs to make them available for analysis. It is an open, scalable, and secure product that reduces the time required to search log files to troubleshoot an issue.
BMC Helix Log Analytics is part of the BMC Helix Operations Management solution. It is built on a microservices-based architecture and is available both as SaaS and as a container-based, on-premises deployment. You access BMC Helix Log Analytics through BMC Helix Portal, which is the launchpad to your licensed BMC Helix services. BMC Helix Portal provides a single, unified view for an improved end-user experience. You perform user management and tenant management functions from BMC Helix Portal.
The following video (3:16) provides a brief overview of the product.
BMC Helix Log Analytics provides the following key capabilities:
Collect logs from various sources like Kubernetes, Amazon Web Services, Linux and Winodws servers, and so on. To collect logs from these sources, configure integrations that require connectors. In the integrations, configure how to contact the sources and which log files you want to collect. Configure collection by using the Collection menu.
For more information, see Collecting logs.
Extract fields from log messages
Most of the times all the information available in the logs is part of the log message. Search is more effective if the information available in the log message is present as fields. You can also use these fields in visualizations, dashboards, or as a field to configure policy selection criteria. Extract the fields from the log message by using the Field Extraction policies.
For more information, see Extracting fields.
Enrich the logs with meaningful information that will help operators to reduce the mean time to resolve (MTTR) an issue. For example, by using a CSV file, add host details like the name, location, and so on and operators will save time not having to get these host details. To configure enrichment, add enrichment sources and then enrichment policies. These configurations are available in the Enrichment menu.
For more information, see Enriching logs.
While analyzing logs, you might want to be notified when a critical condition is reported in the logs. For example, you want to be notified when status 401 is reported multiple times in a time period. To get such a notification, configure alert policies from the Alerts menu. When the condition is satisfied in the logs, a notification is generated in the form of events. These events are generated in BMC Helix Operations Management. Also view these events in BMC Helix AIOps and BMC Helix Dashboards.
For more information, see Generating events from logs.
Derive insights from logs
Analyze the logs with the help of options that narrow down the search results. These options include search field, filters, time period, and so on. These options help you to get to the root cause and reduce the MTTR to solve an issue. Log trends are depicted in a chart.
For more information, see Deriving insights from logs.
View out-of-the-box dashboards for quick references on log trends and create new dashboards for your specific requirements. The Kubernetes out-of-the-box dashboard is added for you in BMC Helix Dashboards and it provides the following details:
- Log count statistics for log sources in Kubernetes
- Log count by node name, namespace, and services
- Top five nodes and services by log count
- Log count by service and node names
Use the Dashboards menu to access the dashboards.
For more information, see Visualizing logs.
Archive and restore
Retaining logs in your tenant is costly, so logs are purged after a period of time. To retain logs beyond the retention period for compliance purposes or for viewing log trends, get the Archive & Restore feature enabled in your tenant. The Archive & Restore option is available in the Configurations menu.
For more information, see Archiving and restoring logs.