Monday, June 25, 2018

Log Intelligence Features and UI Walk Through


 This post describes the features of Log Intelligence and does UI Walk Through

Home Page


When you log in, this is the first page where you will land up.You will see 3 sections

  • Search Bar
  • Event Observations
  • Recent Alerts

Search Bar


Assuming you have data ingested already you can start your smart searching. It allows you to search for keywords, queries. One of key feature it provides it will offer a suggestion for auto-complete while you are typing. A couple of examples of searches could be

  • logs where text contains error
  • hostname containing VC


You can try different combinations to match your requirement

Events Observations


If this is the first time you have logged in and there are no Data Collectors then it will show "Add Collector". You can refer to my previous blog which shares the process How to Deploy Data Collector.

If you already have Data Collector and data is being ingested then it will show interesting events in last hour what Log Intelligence has detected. Observations can include spikes/ dips of vSphere errors, warnings or All events or if any hosts are sending an unusual number of events compared to other hosts in last hour.

You can also view the Observations for last 1 day to analyze and identify anything obvious which would have caused the same.

Recent Alerts


This section shows if there are any triggered alerts in last hour for the Alerts which have been configured and enabled. You can also view alerts triggered over last day in your environment

If you have any alert triggered you can click from this section and it will show you the exact details of the triggered alert



Explore Logs


I would like to call this page as the heart of Log Intelligence. On this page you can do following things. I have divided them into 2 types based on my personal choices

Primary

  • Search for log stream, events types, and Alerts based on different filters and various time range
  • Analyze the logs which is the most important purpose of a customer choosing log intelligence
  • Visualize the logs in form of Charts. Optionally you can show Alerts occurred during that time frame on the Chart itself. 
    • Default Chart Type is Area however you can view in Column, Line, Pie, and Bubble based on your log search

Secondary 

  • Save log search as Queries
  • Create Alert Definitions based on your search/queries
  • Open existing queries and modify the same
  • Add Queries to Dashboards
  • Export Chart Data (CSV)
  • Export Log Events ( RAW, JSON)


This Page has so many things to offer which I can't cover here as part of introduction. I will cover them in a dedicated blog.




Dashboards

This page displays dashboards created by you. By default, there is no OOTB dashboard. You can create dashboards using OOTB queries or create Custom queries. It allows to view the query and Remove Chart from the Dashboard Page 



Alerts


This section shows everything related to Alerts as the name suggests. It has 2 subpages

Recent Alerts

 As the name suggests it shows recent alerts which are triggered in your environment for the Alerts which have been configured and enabled. You can also visualize the number of Alerts over last hour, day and week and search for specific Alerts

If you have any alert triggered you can click on 3 dots which will give you 3 options to view

  • Details of the Alert -  It will show the details of the specific alert like time range, logs
  • Definition of Alert – It will open the Alert Definition where you can view the criteria of the Alert
  • Query of Alert - If you choose this it will take you to Explorer Logs based and opens the specific query with all the relevant filters

Alert Definitions

 This shows a list of all the Alert Definitions for your Org including

  • Out of the box (OOTB) - By default, you get all the content for VMware SDDC ( vSphere (ESXi & VC) , VSAN and NSX)
  • Custom Alert Definitions - All the Custom alerts you have created in your environment

Administration

 Actual name of the section is called Manage. As the name suggestion it has list of pages which are used to manage your Org and environment. It includes

  • Email Configuration - You can configure your company's email server which can be used to notify whenever there is an alert triggered. By default, Log Intelligence used one of hosted server
  • Webhook Configuration - You can configure details to notify or send details to other services using webhook
  • Data Collectors - It lists the status of all current Data Collectors and you can add new data collectors from this page as well. You can refer my previous blog which shares the process How to Deploy Data Collector
  • API Keys - Details to be shared in a dedicated post. The idea is to create suspense



No comments:

Post a Comment