FAQ

Log collection

Yes. For more information, see Log collection endpoints in the REST API and knowledge article Open link .

No. To get a connection token or key dynamically, if the API response is not in JSON format, you cannot fetch the token or key dynamically in BMC Helix Log Analytics.

Use Windows and Linux connectors to collect logs from Windows and Linux-based applications by configuring the Collect logs from file integration..

Alert policies

Three

Alert policies are evaluated and executed with the lower precedence value to higher. Note that the lower the number, the higher the precedence.

Events will be generated for existing alerts. However, options to create, edit, enable, or disable alerts from the Explorer are disabled. Use the Alert Policies option from the Alerts menu. To avaoid duplicacy, after adding alert policies, delete the corresponding alerts in the Explorer.

Yes. Policy evaluation is done in phases. Enrichment policies are run before alert policies.

Anomaly detection

It takes around 5 to 15 minutes to generate a model depending upon the size of a log message. After the model is generated, anomaly detection starts.

The model is updated in every 10 minutes.

You need at least 50000 logs that match the alert policy condition that you have configured.

If 50,000 logs are not available in your data store that match the alert policy selection criteria, the model is not generated. The algorithm will try after every 10 minutes. When 50,000 logs are found, model is generated.

The model goes through incremental training when you edit a policy provided new log messages are collected. The model is also updated in the following conditions:

  • You edit an alert policy that is already enabled (Policy Selection Criteria and Log Attribute fields only).
  • You enable a disabled alert policy.

Archive and restore

The option to archive and restore logs is disabled by default. To get it enabled, contact BMC Support.  

Logs are archived each day after the retention period is over. For example, the retention period as per your license entitlement is 30 days, the logs collected on May 1st are archived on May 31st. Similarly, the logs collected on May 2nd will be archived on June 1st.

Restore logs on the Log Archival page. For more information, see Archiving and restoring logs.

No, you cannot search the archived logs. First, restore the archived logs and then search.

Archived logs are purged after the archival period is over. This period is set for each tenant when the feature is enabled.  

Yes, restored logs are archived automatically after the restore period (depends on your license entitlement) is over. However, you can also archive the restored logs manually. For more information, see Archiving and restoring logs.

Logs are archived automatically after the retention days are over. All logs are stored together in an index that is displayed on the Archive and Restore page. When you restore such an index, the restored logs are shown in the index pattern with the logarc_* format. 

Was this page helpful? Yes No Submitting... Thank you

Comments