Product overview

Monitor logs from multiple environments and use Explorer to analyze logs and get to the root cause of the issue that you are troubleshooting by using BMC Helix Log Analytics. You can proactively monitor your logs by setting up event generation when a condition is true in logs.

The modern applications and IT environment has become more complicated which makes being able to collect and quickly analyze logs essential to maintaining system uptime. Architecture has evolved into microservices, containers, and orchestration infrastructure deployed on the cloud (public and private), or in hybrid environments. Also, the volume of data generated by these environments is constantly growing, which constitutes a challenge in comprehending logs.

In addition to the volume, log files can be structured, semistructured, or unstructured, making logs complex and difficult to comprehend. Despite the challenges, this information is vital to operational intelligence for IT, security, and business in general.

BMC Helix Log Analytics helps you to analyze the log files from multiple environments. It provides a wealth of insights into the usage, health, and performance of your environments, together with a set of integrated capabilities for detecting and troubleshooting issues. It simplifies and accelerates the process of collating, normalizing, and parsing your logs to make them available for analysis. It is an open, scalable, and secure product that reduces the time required to search log files to troubleshoot an issue.

BMC Helix Log Analytics is part of the BMC Helix Operations Management solution. It is built on a microservices-based architecture and is available both as SaaS and as a container-based, on-premises deployment. You access BMC Helix Log Analytics through BMC Helix Portal, which is the launchpad to your licensed BMC Helix services. BMC Helix Portal provides a single, unified view for an improved end-user experience. You perform user management and tenant management functions from BMC Helix Portal.

The following video (3:35) provides a brief overview of the product.

Watch the YouTube video about the overview of BMC Helix Log Analytics.

Product architecture

The Log ingestion service receives logs from various sources, such as Amazon Web Services and Kubernetes and passes it on to the Log Processing service. The Log Processing service enriches the logs, extracts fields from the logs, and generates alerts. BMC Helix IT Operations Management identifies anomalies in the incoming logs by using the machine-learning (ML) log model. If an anomaly is detected, an alert (in the form of event) is generated in BMC Helix Operations Management.

Product roles

The user roles and their product goals are shown in the following image:

User Roles.png

Roles and permissions in BMC Helix Log Analytics

The following table lists the Operator and Administrator roles used in BMC Helix Log Analytics, the permissions assigned to it, and its responsibilities.

Use cases	Application or Service > Resource > Permission	Description
Analyze logs Create dashboards and visualizations	loganalytics > logs > manage	All roles (operators and administrators) require this permission to access and analyze logs in BMC Helix Log Analytics.
Archive and restore logs	loganalytics > log_archival >manage	Assign the permission to operators to archive and restore logs.
Collect logs	loganalytics > logs > manage loganalytics > logs > ingest intelligent-integrations > integrations > manage intelligent-integrations > integrations > view intelligent-integrations > connectors > manage intelligent-integrations > connectors > view	Assign view permission for viewing rights only. For create, edit, and delete permissions, assign the manage permission. You might want to assign view permissions to operators to view the configurations for log collection. However, administrators require all - manage, ingest, and view - permissions to collect logs.
Configure log enrichment	loganalytics > logs > manage loganalytics > enrichment_sources > manage loganalytics > enrichment_sources > view loganalytics > log_policies > manage loganalytics > log_policies > view	Assign view permission for viewing rights only. For create, edit, and delete permissions, assign the manage permission. You might want to assign view permissions to operators to view the enrichment configurations. However, administrators require both manage and view permissions to configure log enrichment.

For information about assigning permissions, see Setting up roles and permissions. in the BMC Helix Portal documentation.

Product features

BMC Helix Log Analytics provides the following key capabilities:

Collect logs

Collect logs from various sources like Kubernetes, Amazon Web Services, Linux and Windows servers, and so on. To collect logs from these sources, configure integrations that require connectors. In the integrations, configure how to contact the sources and which log files you want to collect. Configure the collection by using the Collection menu.

For more information, see Collecting-logs.

Extract fields from log messages

Most of the time, all the information available in the logs is part of the log message. Search is more effective if the information available in the log message is present as fields. You can also use these fields in visualizations, dashboards, or as a field to configure policy selection criteria. Extract the fields from the log message by using the Field Extraction policies.

For more information, see Extracting-fields.

Enrich logs

Enrich the logs with meaningful information that will help operators to reduce the mean time to resolve (MTTR) an issue. For example, by using a CSV file, add host details like the name, location, and so on and operators will save time not having to get these host details. To configure enrichment, add enrichment sources and then enrichment policies. These configurations are available in the Enrichment menu.

For more information, see Enriching-logs.

Configure alerts

While analyzing logs, you might want to be notified when a critical condition is reported in the logs. For example, you want to be notified when status 401 is reported multiple times in a time period. To get such a notification, configure alert policies from the Alerts menu. When the condition is satisfied in the logs, a notification is generated in the form of events. These events are generated in BMC Helix Operations Management. Also view these events in BMC Helix AIOps and BMC Helix Dashboards.

For more information, see Generating-alerts-from-logs.

Derive insights from logs

Analyze the logs with the help of options that narrow down the search results. These options include search field, filters, time period, and so on. These options help you to get to the root cause and reduce the MTTR to solve an issue. Log trends are depicted in a chart.

For more information, see Deriving-insights-from-logs.

Visualize logs

View out-of-the-box dashboards for quick references on log trends and create new dashboards for your specific requirements. The following out-of-the-box dashboards are available for you in BMC Helix Dashboards:

Amazon Web Services
Kubernetes
Self Monitoring
Syslogs
Windows events

Use the Dashboards menu to access the dashboards.

For more information, see Visualizing-logs.

Implement data-level access control

Control access to log data for enhanced security to your system. Assign user groups to alert policies so that the data generated from an alert policy is accessible only to the users in the specified user group.

For more information, see Controlling-access-to-the-log-data.

Detect anomalies

Detect anomalies in the log messages based on rare log pattern. For example, you want to be alerted if an anomalous log message is generated in the Kubernetes microservice logs. To get notified when an anomaly is detected in the logs, configure alert policies from the Alerts menu. When an anomaly is detected, a notification is generated in the form of events. These events are generated in BMC Helix Operations Management. Also view these events in BMC Helix AIOps and BMC Helix Dashboards.

For more information, see Generating-alerts-from-logs.

Archive and restore

To retain logs for longer duration than the default period, archive the logs. You might want to retain the logs for a longer duration for on-demand analysis, compliance, or other purposes. You can restore logs on demand, at a lower cost.

For more information, see Archiving-and-restoring-logs.

Product documentation

The BMC Helix Log Analytics documentation helps new and experienced users implement or use this product. Based on your role, the following sections of the documentation are recommended:

Documentation Overview 22.2.png

Learn more

Use the following resources to learn more about BMC Helix Log Analytics.

Product blogs

Webinars

Watch the following webinars and learn from experts as they talk about how BMC Helix Log Analytics helps you achieve value from logs.

Making data smarter with BMC Helix Log Analytics

Click the following link to register: webinar link.

Watch the following webinar (47:59) that explains how you can make your logs smarter with BMC Helix Log Analytics.

https://youtu.be/OKIUWSzLbrw

Video contents

00:00	Introduction
01:45	Agenda
02:27	Observability with BMC Helix Log Analytics and BMC Helix AIOps
06:40	Key capabilities of BMC Helix Log Analytics
13:42	Solution demo
41:21	BMC Helix Log Analytics road map
43:21	Questions and answers

Improving MTTR with BMC Helix Log Analytics and BMC Helix AIOps

Watch the following webinar (28:31) that explains how you can achieve service monitoring with BMC Helix Log Analytics and BMC Helix AIOps

https://youtu.be/l09rULNbbaI