BMC Helix Log Analytics overview

Monitor logs from multiple environments and use Explorer to analyze logs and get to the root cause of the issue that you are troubleshooting by using BMC Helix Log Analytics. You can proactively monitor your logs by setting up event generation when a condition is true in logs.

The modern applications and IT environment has become more complicated which makes being able to collect and quickly analyze logs essential to maintaining system uptime. Architecture has evolved into microservices, containers, and orchestration infrastructure deployed on the cloud (public and private), or in hybrid environments. Also, the volume of data generated by these environments is constantly growing, which constitutes a challenge in comprehending logs.

In addition to the volume, log files can be structured, semistructured, or unstructured, making logs complex and difficult to comprehend. Despite the challenges, this information is vital to operational intelligence for IT, security, and business in general.

BMC Helix Log Analytics helps you to analyze the log files from multiple environments. It provides a wealth of insights into the usage, health, and performance of your environments, together with a set of integrated capabilities for detecting and troubleshooting issues. It simplifies and accelerates the process of collating, normalizing, and parsing your logs to make them available for analysis. It is an open, scalable, and secure product that reduces the time required to search log files to troubleshoot an issue.

BMC Helix Log Analytics is part of the BMC Helix Operations Management solution. It is built on a microservices-based architecture and is available both as SaaS and as a container-based, on-premises deployment. You access BMC Helix Log Analytics through BMC Helix Portal, which is the launchpad to your licensed BMC Helix services. BMC Helix Portal provides a single, unified view for an improved end-user experience. You perform user management and tenant management functions from BMC Helix Portal.

Related topics

Accessing and navigating BMC Helix Log Analytics

Related spaces

BMC Helix security information Open link

BMC Helix Operations Management Documentation Open link

BMC Helix Portal Documentation Open link

BMC Helix Dashboard Documentation Open link

BMC Helix AIOps Documentation Open link


The following image depicts how BMC Helix Log Analytics interacts with other products available in BMC Helix.

Note that BMC Helix Developer Tools contains integrations to support log collection for BMC Helix Log Analytics.

For more information about these products, see Related spaces.


Video introduction

The following video (3:35) provides a brief overview of the product.


 Watch the YouTube video about the overview of BMC Helix Log Analytics.


Product architecture

The Log ingestion service receives logs from various sources, such as Amazon Web Services and Kubernetes and passes it on to the Log Processing service. The Log Processing service enriches the logs, extracts fields from the logs, and generates alerts. BMC Helix IT Operations Management identifies anomalies in the incoming logs by using the machine-learning (ML) log model. If an anomaly is detected, an alert (in the form of event) is generated in BMC Helix Operations Management.


Product roles

The user roles and their product goals are shown in the following image:

Roles and permissions in BMC Helix Log Analytics

The following table lists the Operator and Administrator roles used in BMC Helix Log Analytics, the permissions assigned to it, and its responsibilities.

Use cases

Application or Service > Resource > Permission 

Description
  • Analyze logs
  • Create dashboards and visualizations

loganalytics > logs > manage

All roles (operators and administrators) require this permission to access and analyze logs in BMC Helix Log Analytics.

Archive and restore logs

loganalytics > log_archival >manage

Assign the permission to operators to archive and restore logs.

Collect logs

loganalytics > logs > manage

loganalytics > logs > ingest

intelligent-integrations > integrations > manage

intelligent-integrations > integrations > view

intelligent-integrations > connectors > manage

intelligent-integrations > connectors > view

Assign view permission for viewing rights only. For create, edit, and delete permissions, assign the manage permission.

You might want to assign view permissions to operators to view the configurations for log collection. However, administrators require all - manage, ingest, and view - permissions to collect logs.

Configure log enrichment

loganalytics > logs > manage

loganalytics > enrichment_sources > manage

loganalytics > enrichment_sources > view

loganalytics > log_policies > manage

loganalytics > log_policies > view

Assign view permission for viewing rights only. For create, edit, and delete permissions, assign the manage permission.

You might want to assign view permissions to operators to view the enrichment configurations. However, administrators require both manage and view permissions to configure log enrichment. 

For information about assigning permissions, see  Setting up roles and permissions. Open link in the BMC Helix Portal documentation.

Product features

BMC Helix Log Analytics provides the following key capabilities:

Collect logs

Collect logs from various sources like Kubernetes, Amazon Web Services, Linux and Windows servers, and so on. To collect logs from these sources, configure integrations that require connectors. In the integrations, configure how to contact the sources and which log files you want to collect. Configure the collection by using the Collection menu. 

For more information, see Collecting logs.

Extract fields from log messages

Most of the time, all the information available in the logs is part of the log message. Search is more effective if the information available in the log message is present as fields. You can also use these fields in visualizations, dashboards, or as a field to configure policy selection criteria. Extract the fields from the log message by using the Field Extraction policies.

For more information, see Extracting fields.

Enrich logs

Enrich the logs with meaningful information that will help operators to reduce the mean time to resolve (MTTR) an issue. For example, by using a CSV file, add host details like the name, location, and so on and operators will save time not having to get these host details. To configure enrichment, add enrichment sources and then enrichment policies. These configurations are available in the Enrichment menu.

For more information, see Enriching logs

Configure alerts

While analyzing logs, you might want to be notified when a critical condition is reported in the logs. For example, you want to be notified when status 401 is reported multiple times in a time period. To get such a notification, configure alert policies from the Alerts menu. When the condition is satisfied in the logs, a notification is generated in the form of events. These events are generated in BMC Helix Operations Management. Also view these events in BMC Helix AIOps and BMC Helix Dashboards.

For more information, see Generating alerts from logs.

Derive insights from logs

Analyze the logs with the help of options that narrow down the search results. These options include search field, filters, time period, and so on. These options help you to get to the root cause and reduce the MTTR to solve an issue. Log trends are depicted in a chart. 

For more information, see Deriving insights from logs.

Visualize logs

View out-of-the-box dashboards for quick references on log trends and create new dashboards for your specific requirements. The following out-of-the-box dashboards are available for you in BMC Helix Dashboards:

  • Amazon Web Services
  • Kubernetes
  • Self Monitoring
  • Syslogs
  • Windows events

Use the Dashboards menu to access the dashboards. 

For more information, see Visualizing logs.

Implement data-level access control

Control access to log data for enhanced security to your system. Assign user groups to alert policies so that the data generated from an alert policy is accessible only to the users in the specified user group.

For more information, see Controlling access to the log data.

Detect anomalies

Detect anomalies in the log messages based on rare log pattern. For example, you want to be alerted if an anomalous log message is generated in the Kubernetes microservice logs. To get notified when an anomaly is detected in the logs, configure alert policies from the Alerts menu. When an anomaly is detected, a notification is generated in the form of events. These events are generated in BMC Helix Operations Management. Also view these events in BMC Helix AIOps and BMC Helix Dashboards.

For more information, see Generating alerts from logs.

Archive and restore

To retain logs for longer duration than the default period, archive the logs. You might want to retain the logs for a longer duration for on-demand analysis, compliance, or other purposes. You can restore logs on demand, at a lower cost.

For more information, see Archiving and restoring logs.


Product documentation

The BMC Helix Log Analytics documentation helps new and experienced users implement or use this product. Based on your role, the following sections of the documentation are recommended:


Learn more

Use the following resources to learn more about BMC Helix Log Analytics.

Product blogs

  • Observability with logs to accelerate MTTR Open link
  • AWS cloud observability with Log Analytics Open link
  • Simplify troubleshooting and analysis with log enrichment Open link
  • Kubernetes observability with logs Open link
  • Archive logs to optimize storage & gain full visibility Open link
  • Analyse Windows Event Logs to improve business performance Open link
  • Gain Network Visibility and Performance with Syslog Monitoring Open link
  • Predictive Log Alerting with ML Anomaly Detection Open link

Webinars

Watch the following webinars and learn from experts as they talk about how BMC Helix Log Analytics helps you achieve value from logs. 

Making data smarter with BMC Helix Log Analytics

Click the following link to register:  webinar link Open link .



Watch the following webinar (47:59) that explains how you can make your logs smarter with BMC Helix Log Analytics.



 https://youtu.be/OKIUWSzLbrw

Video contents

00:00Introduction
01:45Agenda
02:27

Observability with BMC Helix Log Analytics and BMC Helix AIOps

06:40

Key capabilities of BMC Helix Log Analytics

13:42

Solution demo

41:21

BMC Helix Log Analytics road map 

43:21

Questions and answers

Improving MTTR with BMC Helix Log Analytics and BMC Helix AIOps

 Watch the following webinar (28:31) that explains how you can achieve service monitoring with BMC Helix Log Analytics and BMC Helix AIOps


 https://youtu.be/l09rULNbbaI

Video contents

00:00Introduction
01:10Agenda
1:41

Introduction to BMC Helix Log Analytics

3:47

Key capabilities of BMC Helix Log Analytics

9:56

Benefits

11:16

Example

12:39

Lifecycle of logs

16:07

Demo

27:56

Summary

28:14

References

Additional resources

SourceDetails
BMC Community

Learn and engage with other users of BMC Helix Log Analytics at  BMC Community Open link .

Education and certification

Go through the web-based trainings for BMC Helix Log Analytics at  courses for BMC Helix Log Analytics Open link .

Product datasheet

Access the product data sheet that summarizes the use-cases of BMC Helix Log Analytics: Datasheet.

Was this page helpful? Yes No Submitting... Thank you

Comments