Creating collection policies
To start collecting logs, add all the collection-related configurations to a collection policy and save time by reusing these configurations in multiple collection policies.
The following image displays the configurations in a collection policy.
The following table describes the configurations that you can add in a collection policy.
Configuration | Description |
|---|---|
Connector | Specify the type of connector and selection criteria that identifies the connector for collection. |
Log source | Specify the source of log collection like a file path or collection interval. These configurations differ for each source. |
Parsing rule | Select the parsing rule that you have created to parse the logs that you are collecting. If you have not created a parsing rule and directly move on to create a collection policy, you get a link to create a parsing rule from the collection policy page. |
Filtering rule | Select the filtering rule that includes or excludes the logs from the collection. It is optional to add these rules. However, these rules help you to optimally utilize the storage space for logs. |
User group | Select one or more user groups to assign them to collection policies. You can implement role-based access for collection policies by assigning user groups to policies while creating or editing policies. Scenario Sarah is a tenant administrator at Apex Global, which uses BMC Helix Log Analytics to collect and analyze logs. As an administrator, Sarah has created the Security, Network, and Application user groups to implement role-based access. Sarah does not want any of these groups to view the other group’s data. Sarah can achieve this by associating the correct user group with a collection policy while creating or editing the collection policy. If you do not associate a user group with a collection policy, data collected with the policy is available to all user groups. |
To create a collection policy
- In BMC Helix Log Analytics, go to Collection > Collection Policies.
- Click Create.
- Depending on the logs that you want to collect, configure the details of the collection type, connectors, tags, fields, filtering rule, and user group.
For detailed information about these configurations, see the following topics: - Enable and save the policy after all the configurations are complete.
After the collection policy runs, you can see the logs on the Explorer page. In the log records, you can see the log_source_host field that provides information about the data source where the logs originated. With this information, you can perform accurate root-cause analysis because the logs are enriched with the host or server name that caused service degradation.