Troubleshooting log collection and visualization in the Log explorer
Unable to search for logs in the Explorer
Issue symptom
In BMC Helix Log Analytics, on the Explorer page, a search for logs doesn't display any results.
Issue scope
This issue occurs if the alert policy criteria in BMC Helix Log Analytics uses the Contains operator. This issue doesn't occur for the Equals and Does not equal operators.
Resolution
To obtain the search results, perform the following actions
- Ensure that you use the correct capitalization while searching with a keyword. The Search field is case-sensitive.
If the alert policy selection criterion contains two separate keywords, use the full keywords to search for logs.
Example
An alert policy contains the following selection criteria:
message Contains for administratorsIn this case, search results are displayed in the following conditions:
- You use both keywords in full: for administrators
- You use either one of the keywords in full: for or administrators
The originating server name is not dispalayed in the host.name field
Issue symptom
This issue occurs because, in the Log explorer, the name of the originating server is not displayed in the host.name field.
Issue scope
This issue affects all collection policies of all connector types.
Resolution
The log_source_host field now replaces the host.name field for all connector types. The log_source_field provides information about the data source where the logs originated.
The log_source_host field is automatically added to the log records as part of the log collection policy. For this change to be reflected in the collection policies, update the collection polices:
- Go to Collection > Collection Policies.
- Click the Action menu for a policy and click Edit.
- On the edit policy page, click Save.
You do not need to perform any other action. - Repeat these steps for all collection policies.
For logs ingested from third-party sources through rest APIs, manually add the information in the log_source_host field in the log records.