Creating collection policies
To start collecting logs, add all the collection-related configurations to a collection policy and save time by reusing these configurations in multiple collection policies.
The following image displays the configurations in a collection policy.
The following table describes the configurations that you can add in a collection policy.
Configuration | Description |
|---|---|
Connector | Specify the type of connector and selection criteria that identifies the connector for collection. |
Log source | Specify the source of log collection like a file path or collection interval. These configurations differ for each source. |
Parsing rule | Select the parsing rule that you have created to parse the logs that you are collecting. If you have not created a parsing rule and directly move on to create a collection policy, you get a link to create a parsing rule from the collection policy page. |
Filtering rule | Select the filtering rule that includes or excludes the logs from the collection. It is optional to add these rules. However, these rules help you to optimally utilize the storage space for logs. |
User group | Select one or more user groups to assign them to collection policies. You can implement role-based access for collection policies by assigning user groups to policies while creating or editing policies. Scenario Sarah is a tenant administrator at Apex Global, who uses BMC Helix Log Analytics to collect and analyze logs. As an administrator, Sarah has created the Operators and Administrators user groups in the system for implementing role-based access. Sarah does not want the Operators group to view restricted data that can be viewed by the Administrator group. However, she wants the Administrators group to view all the collected data. Sarah can achieve this by associating the correct user group with a collection policy. For example, she can create a collection policy and associate the Administrators user group with it. The operators won't be able to see the data collected by this policy. Sarah can assign one or multiple user groups to collection policies while creating or editing the policies. If you do not associate a user group with a collection policy, data collected with the policy is available to all user groups. |
After the collection policy runs, you can see the logs on the Explorer page. In the log records, you can see the log_source_host field that provides information about the data source where the logs originated. With this information, you can perform accurate root-cause analysis because the logs are enriched with the host or server name that caused service degradation.
Create a collection policy to collect: