Analyzing anomalous logs and anomaly events

Anomalies are rare patterns or abnormalities that indicate a deviation from the normal behavior of system performance. BMC Helix Log Analytics provides automated analysis with machine learning (ML)-based anomaly detection of abnormal or rare log patterns. You can analyze anomalous logs to debug application errors and ensure optimum performance. You can proactively find concerns or errors before they become a problem.

Use BMC Helix Log Analytics to analyze  anomalous logs. Use BMC Helix Operations Management to analyze the related anomaly events.

Related topics

Deriving-insights-from-logs

Generating-alerts-from-logs


To analyze anomalous logs

  1. In BMC Helix Log Analytics, on the Explorer tab, select the logml-* index pattern to view all the anomalous log messages.
  2. Analyze the anomaly score of the logs to understand the anomaly strength.
    Each anomalous record contains the  Anomaly  and  Anomaly_Score  fields. The value of the  Anomaly  field is set to 1.0. The  Anomaly_Score  field represents the anomaly strength and has a value between 0 and 1. If the score is higher, the anomaly strength of the record is high.
    image-2024-6-7_18-36-6.png

BMC Helix Log Analytics automatically assigns severity to anomalous log messages depending on the keywords that the message contains.

For example, if a message contains the words error or critical, the anomaly is assigned the High severity.

The following table displays the severity level and its associated keywords:


To analyze log anomaly events

In BMC Helix Operations Management, use the Events page to analyze log anomaly events. Click the event to view the event details and analyze it .

The following procedure explains how you can go to BMC Helix Log Analytics  from BMC Helix Operations Management.

  1. On the Events page in BMC Helix Operations Management, c lick an anomaly event to view the event details.
    Log anomaly events are generated with the Log Event class. You can hover over Class Event class icon.pngto see the class of the event.

    Tip: Filter log anomaly events to quickly analyze them

    To filter all events of the Log Event class, use advanced filter in BMC Helix Operations Management. For more information about advanced filters, see Filtering events.

  2. Click the Others tab.
  3. In the  Search Parameters field, click the Review Logs link to open the Explorer  tab in BMC Helix Log Analytics .

search_para_link.png

The  Explorer  tab opens in BMC Helix Log Analytics  and the logs that generated the event are displayed. The anomalous logs are shown in the index pattern that begins with logml.
The anomalous log events are further processed for creating situations. For more information about situations, see Monitoring and investigating situations in the BMC Helix AIOps documentation.








 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*