Log collection

Yes. For more information, see Importing logs with REST API and knowledge article Open link .

No. To get a connection token or key dynamically, if the API response is not in JSON format, you cannot fetch the token or key dynamically in BMC Helix Log Analytics.

Use Windows and Linux connectors to collect logs from Windows and Linux-based applications by configuring the Collect logs from file integration..

Alert policies


Alert policies are evaluated and executed with the lower precedence value to higher. Note that the lower the number, the higher the precedence.

Events will be generated for existing alerts. However, options to create, edit, enable, or disable alerts from the Explorer are disabled. Use the Alert Policies option from the Alerts menu. To avaoid duplicacy, after adding alert policies, delete the corresponding alerts in the Explorer.

Yes. Policy evaluation is done in phases. Enrichment policies are run before alert policies.

Archive and restore

The option to archive and restore logs is disabled by default. To get it enabled, contact BMC Support.  

Logs are archived each day after the retention period is over. For example, the retention period as per your license entitlement is 30 days, the logs collected on May 1st are archived on May 31st. Similarly, the logs collected on May 2nd will be archived on June 1st.

Restore logs on the Log Archival page. For more information, see Archiving and restoring logs.

No, you cannot search the archived logs. First, restore the archived logs and then search.

Archived logs are purged after the archival period is over. This period is set for each tenant when the feature is enabled.  

Yes, restored logs are archived automatically after the restore period (depends on your license entitlement) is over. However, you can also archive the restored logs manually. For more information, see Archiving and restoring logs.

Logs are archived automatically after the retention days are over. All logs are stored together in an index that is displayed on the Archive and Restore page. When you restore such an index, the restored logs are shown in the index pattern with the logarc_* format. 

Was this page helpful? Yes No Submitting... Thank you