Root cause analysis by using logs
Monitoring logs is key to troubleshooting issues. BMC Helix Log Analytics can take the tediousness out of monitoring a continuous stream of logs from various applications and sources.
The following video (3:45) provides a brief overview about the process to get to the root cause of an issue by using logs.
Step 1: Collect
Configure collection policies to collect logs. Connectors that help you in collecting logs are provided out of the box. Following are a few examples of sources from where you can collect logs:
- Amazon Web Services
- Kubernetes clusters
- Linux and Windows-based applications
For more information, see Collecting logs.
Step 2: Configure
You can configure the following policies to make logs more valuable:
- Field extraction: Extract and save the fields that are present in the log message as key-value pairs. Use them to analyze and visualize logs better. For more information, see Extracting fields.
- Enrichment: Save the amount of time that operators spend looking for important information in different sources and add that information to the logs by configuring enrichment sources and policies. For example, from a CSV file, you add host and service names by using the host ID that is available in the logs. For more information, see Enriching logs.
- Alert: Configure alerts to notify you when a specific condition occurs in the logs. You can also use alert to notify you when an anomaly is detected in the log message. You are alerted by the events generated in BMC Helix Operations Management. For more information, see Generating alerts from logs.
Step 3: Analyze
Analyze the collected logs to troubleshoot an issue and identify its root cause. Use the search, time, and available fields to narrow down your search results.
For more information, see Deriving insights from logs.
Step 4: Visualize
In BMC Helix Dashboards, the out-of-the-box dashboards including Kubernetes, Amazon Web Services, Self Monitoring, and so on provide statistics related to log collection and events. You can also create dashboards based on your requirements. For example, create a dashboard that shows log events.
For more information, see Visualizing logs.
Step 5: Monitor
If you have configured alert policies, events are generated and are available in BMC Helix Operations Management. You can also monitor these events from BMC Helix AIOps and BMC Helix Dashboards. The class of these events is Log Event. When you are monitoring events from these products, you get a cross-launch link to BMC Helix Log Analytics and the logs for which the event is generated are shown in the Explorer tab.
For more information, see Generating alerts from logs.