If my REST API returns token or key in a format that is not JSON, can I still fetch the token or key dynamically?
No. To get a connection token or key dynamically, if the API response is not in JSON format, you cannot fetch the token or key dynamically in BMC Helix Log Analytics.
For which integrations can I use Windows and Linux connectors?
Use Windows and Linux connectors to collect logs from Windows and Linux-based applications by configuring the Collect logs from file integration..
Alert policies
In an alert policy how many fields are allowed in the Group by field?
Three
What is the role of precedence value in alert policies execution?
Alert policies are evaluated and executed with the lower precedence value to higher. Note that the lower the number, the higher the precedence.
Can I use the alerts created in the Explorer?
Events will be generated for existing alerts. However, options to create, edit, enable, or disable alerts from the Explorer are disabled. Use the Alert Policies option from the Alerts menu. To avaoid duplicacy, after adding alert policies, delete the corresponding alerts in the Explorer.
Can I add alert polciy selection criteria on a field that is added by enriching the logs?
Yes. Policy evaluation is done in phases. Enrichment policies are run before alert policies.
Archive and restore
I don't see the option to archive or restore logs or the Logs Archival page. How do I get it?
The option to archive and restore logs is disabled by default. To get it enabled, contact BMC Support.
How often logs are archived?
Logs are archived each day after the retention period is over. For example, the retention period as per your license entitlement is 30 days, the logs collected on May 1st are archived on May 31st. Similarly, the logs collected on May 2nd will be archived on June 1st.
No, you cannot search the archived logs. First, restore the archived logs and then search.
How long archived logs are stored?
Archived logs are purged after the archival period is over. This period is set for each tenant when the feature is enabled.
Will the restored logs be archived automatically?
Yes, restored logs are archived automatically after the restore period (depends on your license entitlement) is over. However, you can also archive the restored logs manually. For more information, see Archiving-and-restoring-logs.
Where do I see the restored logs?
Logs are archived automatically after the retention days are over. All logs are stored together in an index that is displayed on the Archive and Restore page. When you restore such an index, the restored logs are shown in the index pattern with the logarc_* format.