Root cause analysis by using logs

Monitoring logs is key to troubleshooting issues. BMC Helix Log Analytics can take the tediousness out of monitoring a continuous stream of logs from various applications and sources.

The following video (3:45) provides a brief overview about the process to get to the root cause of an issue by using logs.


icon-play@2x.png Watch the YouTube video to get a brief overview about the process to get to the root cause of an issue by using logs.

Step1.png

Step 1: Collect

Configure collection policies to collect logs. Connectors that help you in collecting logs are provided out of the box. Following are a few examples of sources from where you can collect logs:

  • Amazon Web Services
  • Kubernetes clusters
  • Linux and Windows-based applications

For more information, see Collecting-logs.

Step2.png

Step 2: Configure

You can configure the following policies to make logs more valuable:

  • Field extraction: Extract and save the fields that are present in the log message as key-value pairs. Use them to analyze and visualize logs better. For more information, see Extracting-fields
  • Enrichment: Save the amount of time that operators spend looking for important information in different sources and add that information to the logs by configuring enrichment sources and policies. For example, from a CSV file, you add host and service names by using the host ID that is available in the logs. For more information, see Enriching-logs.
  • Alert: Configure alerts to notify you when a specific condition occurs in the logs. You can also use alert to notify you when an anomaly is detected in the log message. You are alerted by the events generated in BMC Helix Operations Management. For more information, see Generating-alerts-from-logs.

Step3.png

Step 3: Analyze

Analyze the collected logs to troubleshoot an issue and identify its root cause. Use the search, time, and available fields to narrow down your search results.

For more information, see Deriving-insights-from-logs.

Step4.png

Step 4: Visualize

In BMC Helix Dashboards, the out-of-the-box dashboards including Kubernetes, Amazon Web Services, Self Monitoring, and so on provide statistics related to log collection and events. You can also create dashboards based on your requirements. For example, create a dashboard that shows log events.

For more information, see Visualizing-logs.

Step5.png

Step 5: Monitor

If you have configured alert policies, events are generated and are available in BMC Helix Operations Management. You can also monitor these events from BMC Helix AIOps and BMC Helix Dashboards. The class of these events is Log Event. When you are monitoring events from these products, you get a cross-launch link to BMC Helix Log Analytics and the logs for which the event is generated are shown in the Explorer tab.

For more information, see Generating-alerts-from-logs.


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*