BMC Helix Log Analytics overview
Monitor logs from multiple environments and use Explorer to analyze logs and get to the root cause of the issue that you are troubleshooting by using BMC Helix Log Analytics. You can proactively monitor your logs by setting up event generation when a condition is true in logs.
The modern applications and IT environment has become more complicated which makes being able to collect and quickly analyze logs essential to maintaining system uptime. Architecture has evolved into microservices, containers, and orchestration infrastructure deployed on the cloud (public and private), or in hybrid environments. Also, the volume of data generated by these environments is constantly growing, which constitutes a challenge in comprehending logs.
In addition to the volume, log files can be structured, semistructured, or unstructured, making logs complex and difficult to comprehend. Despite the challenges, this information is vital to operational intelligence for IT, security, and business in general.
BMC Helix Log Analytics helps you to analyze the log files from multiple environments. It provides a wealth of insights into the usage, health, and performance of your environments, together with a set of integrated capabilities for detecting and troubleshooting issues. It simplifies and accelerates the process of collating, normalizing, and parsing your logs to make them available for analysis. It is an open, scalable, and secure product that reduces the time required to search log files to troubleshoot an issue.
BMC Helix Log Analytics is part of the BMC Helix Operations Management solution. It is built on a microservices-based architecture and is available both as SaaS and as a container-based, on-premises deployment. You access BMC Helix Log Analytics through BMC Helix Portal, which is the launchpad to your licensed BMC Helix services. BMC Helix Portal provides a single, unified view for an improved end-user experience. You perform user management and tenant management functions from BMC Helix Portal.
The following image depicts how BMC Helix Log Analytics interacts with other products available in BMC Helix.
Note that BMC Helix Developer Tools contains integrations to support log collection for BMC Helix Log Analytics.
For more information about these products, see Related spaces.
Video introduction
The following video (3:34) provides a brief overview of the product.
Watch the YouTube video about the overview of BMC Helix Log Analytics.
Product architecture
The Log ingestion service receives logs from various sources, such as Amazon Web Services and Kubernetes and passes it on to the Log Processing service. The Log Processing service enriches the logs, extracts fields from the logs, and generates alerts. BMC Helix IT Operations Management identifies anomalies in the incoming logs by using the machine-learning (ML) log model. If an anomaly is detected, an alert (in the form of event) is generated in BMC Helix Operations Management.
Product roles
The user roles and their product goals are shown in the following image:
Role and permissions in BMC Helix Log Analytics
The following table lists the Operator and Administrator roles used in BMC Helix Log Analytics, the permissions assigned to it, and its responsibilities.
Use cases | Application or Service > Resource > Permission | Description |
|---|---|---|
| loganalytics > logs > manage | All roles (operators and administrators) require this permission to access and analyze logs in BMC Helix Log Analytics. |
| Archive and restore logs | loganalytics > log_archival >manage | Assign the permission to operators to archive and restore logs. |
| Collect logs | loganalytics > logs > manage loganalytics > logs > ingest intelligent-integrations > integrations > manage intelligent-integrations > integrations > view intelligent-integrations > connectors > manage intelligent-integrations > connectors > view | Assign view permission for viewing rights only. For create, edit, and delete permissions, assign the manage permission. You might want to assign view permissions to operators to view the configurations for log collection. However, administrators require all - manage, ingest, and view - permissions to collect logs. |
| Configure log enrichment | loganalytics > logs > manage loganalytics > enrichment_sources > manage loganalytics > enrichment_sources > view loganalytics > log_policies > manage loganalytics > log_policies > view | Assign view permission for viewing rights only. For create, edit, and delete permissions, assign the manage permission. You might want to assign view permissions to operators to view the enrichment configurations. However, administrators require both manage and view permissions to configure log enrichment. |
For information about assigning permissions, see
Setting up roles and permissions.
in the BMC Helix Portal documentation.
Product features
BMC Helix Log Analytics provides the following key capabilities:
Collect logs
Collect logs from various sources like Kubernetes, Amazon Web Services, Linux and Winodws servers, and so on. To collect logs from these sources, configure integrations that require connectors. In the integrations, configure how to contact the sources and which log files you want to collect. Configure collection by using the Collection menu.
For more information, see Collecting logs.
Extract fields from log messages
Most of the times all the information available in the logs is part of the log message. Search is more effective if the information available in the log message is present as fields. You can also use these fields in visualizations, dashboards, or as a field to configure policy selection criteria. Extract the fields from the log message by using the Field Extraction policies.
For more information, see Extracting fields.
Enrich logs
Enrich the logs with meaningful information that will help operators to reduce the mean time to resolve (MTTR) an issue. For example, by using a CSV file, add host details like the name, location, and so on and operators will save time not having to get these host details. To configure enrichment, add enrichment sources and then enrichment policies. These configurations are available in the Enrichment menu.
For more information, see Enriching logs.
Configure alerts
While analyzing logs, you might want to be notified when a critical condition is reported in the logs. For example, you want to be notified when status 401 is reported multiple times in a time period. To get such a notification, configure alert policies from the Alerts menu. When the condition is satisfied in the logs, a notification is generated in the form of events. These events are generated in BMC Helix Operations Management. Also view these events in BMC Helix AIOps and BMC Helix Dashboards.
For more information, see Generating alerts from logs.
Detect anomalies
Detect anomalies in the log messages based on rare log pattern. For example, you want to be alerted if an anomalous log message is generated in the Kubernetes microservice logs. To get notified when an anomaly is detected in the logs, configure alert polices from the Alerts menu. When an anomaly is detected, a notification is generated in the form of events. These events are generated in BMC Helix Operations Management. Also view these events in BMC Helix AIOps and BMC Helix Dashboards.
For more information, see Generating alerts from logs.
Derive insights from logs
Analyze the logs with the help of options that narrow down the search results. These options include search field, filters, time period, and so on. These options help you to get to the root cause and reduce the MTTR to solve an issue. Log trends are depicted in a chart.
For more information, see Deriving insights from logs.
Visualize logs
View out-of-the-box dashboards for quick references on log trends and create new dashboards for your specific requirements. The following out-of-the-box dashboards are available for you in BMC Helix Dashboards:
- Amazon Web Services
- Kubernetes
- Self Monitoring
- Syslogs
- Windows events
Use the Dashboards menu to access the dashboards.
For more information, see Visualizing logs.
Archive and restore
To retain logs for longer duration than the default period, archive the logs. You might want to retain the logs for a longer duration for on-demand analysis, compliance, or other purposes. You can restore logs on demand, at a lower cost.
For more information, see Archiving and restoring logs.
Product documentation
The BMC Helix Log Analytics documentation helps new and experienced users implement or use this product. Based on your role, the following sections of the documentation are recommended:
Learn more
Use the following resources to learn more about BMC Helix Log Analytics.
Product blogs
-
Observability with logs to accelerate MTTR
-
AWS cloud observability with Log Analytics
-
Simplify troubleshooting and analysis with log enrichment
-
Kubernetes observability with logs
-
Archive logs to optimize storage & gain full visibility
-
Analyse Windows Event Logs to improve business performance
-
Gain Network Visibility and Performance with Syslog Monitoring
-
Predictive Log Alerting with ML Anomaly Detection
Webinars
Watch the following webinars and learn from experts as they talk about how BMC Helix Log Analytics helps you in achieving value from logs.
Making data smarter with BMC Helix Log Analytics
Click the following link to register:
webinar link
.
Watch the following webinar (47:59) that explains how you can make your logs smarter with BMC Helix Log Analytics.
Watch the following webinar (28:31) that explains how you can achieve service monitoring with BMC Helix Log Analytics and BMC Helix AIOps
Additional resources
| Source | Details |
|---|---|
| BMC Community | Learn and engage with other users of BMC Helix Log Analytics at
BMC Community
|
Education and certification | Go through the web-based trainings for BMC Helix Log Analytics at
courses for BMC Helix Log Analytics
|
Product datasheet | Access the product data sheet that summarizes the use-cases of BMC Helix Log Analytics: Datasheet. |
Comments
Log in or register to comment.