FAQs

Log collection

Can I send logs from a firewall to BMC Helix Log Analytics without installing a connector?

Yes. For more information, see Importing-logs-with-REST-API and knowledge article.


If my REST API returns token or key in a format that is not JSON, can I still fetch the token or key dynamically?

No. To get a connection token or key dynamically, if the API response is not in JSON format, you cannot fetch the token or key dynamically in BMC Helix Log Analytics.

For which integrations can I use Windows and Linux connectors?

Use Windows and Linux connectors to collect logs from Windows and Linux-based applications by configuring the Collect logs from file integration..

Alert policies

In an alert policy how many fields are allowed in the Group by field?

Three

What is the role of precedence value in alert policies execution?

Alert policies are evaluated and executed with the lower precedence value to higher. Note that the lower the number, the higher the precedence.

Can I use the alerts created in the Log Explorer?

Events will be generated for existing alerts. However, options to create, edit, enable, or disable alerts from the Log Explorer are disabled. Use the Alert Policies option from the Configuration menu. To avaoid duplicacy, after adding alert policies, delete the corresponding alerts in the Log Explorer.

Can I add alert polciy selection criteria on a field that is added by enriching the logs?

Yes. Policy evaluation is done in phases. Enrichment policies are run before alert policies.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*