Creating collection policies

To start collecting logs, add all the collection-related configurations to a collection policy and save time by reusing these configurations in multiple collection policies.

The following image displays the configurations in a collection policy.

The following table describes the configurations that you can add in a collection policy.


Specify the type of connector and selection criteria that identifies the connector for collection.

Log source

Specify the source of log collection like a file path or collection interval. These configurations differ for each source.

Parsing rule

Select the parsing rule that you have created to parse the logs that you are collecting. If you have not created a parsing rule and directly move on to create a collection policy, you get a link to create a parsing rule from the collection policy page.

Filtering rule

Select the filtering rule that includes or excludes the logs from the collection. It is optional to add these rules. However, these rules help you to optimally utilize the storage space for logs.

User group

Select one or more user groups to assign them to collection policies.

You can implement role-based access for collection policies by assigning user groups to policies while creating or editing policies.


Sarah is a tenant administrator at Apex Global, who uses BMC Helix Log Analytics to collect and analyze logs. As an administrator, Sarah has created the Operators and Administrators user groups in the system for implementing role-based access. Sarah does not want the Operators group to view restricted data that can be viewed by the Administrator group. However, she wants the Administrators group to view all the collected data. 

Sarah can achieve this by associating the correct user group with a collection policy. For example, she can create a collection policy and associate the Administrators user group with it. The operators won't be able to see the data collected by this policy.

Sarah can assign one or multiple user groups to collection policies while creating or editing the policies.

If you do not associate a user group with a collection policy, data collected with the policy is available to all user groups.
For information about user groups, see  User groups Open link .

After the collection policy runs, you can see the logs on the Explorer page. In the log records,  you can see the   log_source_host   field that  provides information about the data source where the logs originated. With this information, you can perform accurate root-cause analysis because the logs are enriched with the host or server name that caused service degradation.

Was this page helpful? Yes No Submitting... Thank you