Overview of BMC Helix Log Analytics
With the growth of applications, a tremedous amount of logs is being generated everyday. Logs are complex and difficult to comprehend, but it contains operational intelligence for IT, security, and business. BMC Helix Log Analytics helps you to analyze the log files from multiple environments and derive insights out of it. It also helps you to get to the root cause of the issue that you are troubleshooting. It is an open, scalable, and secure product that reduces the time required to search log files to troubleshoot an issue.
BMC Helix Log Analytics is part of the BMC Helix IT Operations Management solution. It is built on a microservices-based architecture and is available both as a SaaS service and a container-based on-premises deployment. You access BMC Helix Log Analytics through BMC Helix Portal, which is the launchpad to your licensed BMC Helix services. BMC Helix Portal provides a single, unified view for an improved end-user experience. You perform user management and tenant management functions from BMC Helix Portal.
The following video (3:16) provides a brief overview of the product.
BMC Helix Log Analytics provides the following key capabilities:
Collect logs from various sources like Kubernetes, Amazon Web Services, Linux and Winodws servers, and so on. To collect logs from these sources, configure integrations that require connectors. In the integrations, you configure how to contact the sources and which log files you want to collect. Configure collection by using the Collection menu.
For more information, see Collecting logs.
Enrich the logs with meaningful information that will help operators to reduce the mean time to resolve (MTTR) an issue. For example, by using a CSV file, add host details like its name, location, and so on and operators will save the time to get these host details. To configure enrichment, add enrichment sources and then enrichment policies. These configurations are available in the Enrichment menu.
For more information, see Enriching logs.
While analyzing logs, you might want to be notified when a critical condition is reported in the logs. For example, you want to be notified when status 401 is reported multiple times in a time period. To get such a notification, configure alert policies from the Alerts menu. When the condition is satisfied in the logs, a notification is generated in the form of events. These events are generated in BMC Helix Operations Management. Also view these events in BMC Helix AIOps and BMC Helix Dashboards.
For more information, see Generating events from logs.
Analyze the logs with the help of options that narrow down the search results. These options include search field, filters, time period, and so on. These options help you to get to the root cause and reduce the MTTR to solve an issue. Log trends are depicted in a chart.
For more information, see Deriving insights from logs.
View out-of-the-box dashboards for quick references on log trends and create new for your specific requirements. The Kubernetes out-of-the-box dashboard is added for you in BMC Helix Dashboards that provides the following details:
- Log count statistics for log sources in Kubernetes
- Log count by node name, namespace, and services
- Top five nodes and services by log count
- Log count by service and node names
Use the Dashboards menu to access the dashboards.
For more information, see Visualizing logs.
Extract fields from log messages
Most of the times, all the information available in the logs is part of the log message. Although it is searchable, search becomes more effective if the key-value pairs available in the log message are present as fields. You can also use such fields in visualizations, dashboards, or as a field to configure policy selection criteria. Extract the fields from the log message by using the Field Extraction policies.
For more information, see Extracting fields.
Archive and restore
Retaining logs in your tenant is costly. Logs are purged after the retention period is over. To retain logs for a longer time for compliance purpose or viewing the log trends, get the Archive & Restore feature enabled in your tenant. The Archive & Restore option is available in the Configurations menu.
For more information, see Archiving and restoring logs.