Skip to main content

Log Analytics

Overview

Log Analytics is a powerful tool within AIOps that allows you to visualize logs from various IT infrastructure components, including applications, servers, and network devices. By providing critical insights into an infrastructure and helping relevant teams quickly identify why an issue occurred, Log Analytics is an essential feature for any organization.

We have seen that the Metric explorer tool is used to identify the trends in the metrics in an infrastructure. In a similar fashion, Log Analytics tool is used to identify the trends in the logs in an infrastructure. By allowing to visualize the complex log data, Log Analytics provides critical insights into an infrastructure and helps the relevant teams to quickly and easily identify why an issue occured in their infrastructure.

The parsed logs are available for visualization in Log Analytics, which is an open search query platform that enables you to view log data in multiple visualizations to help you solve a variety of use cases. You can build queries on the Log Analytics screen to visualize data in any of the visualization types mentioned above and use these data visualizations to detect the source of problems in your infrastructure.

You can get insights with the right context on the basis of all the parsed fields in the system using log analytics which is an open search query platform. You can view the log data in multiple vizualisations to help you solve a variety of use cases based on the query that you build on the log analytics screen.

Use-Cases

You can build queries on the log analytics screen to visualize the data in any of the visualization types mentioned above and use these data visualizations to detect the source of problems in your infrastructure.

  • Suppose you want to view the logs from a specific source in your infrastructure and the count of the log events that your infrastructure is ingesting from that particular log type you can do so by creating a widget on the log analytics screen.

  • Suppose you want to view the logs with error messages belonging to a particular severity and you want to view these logs or just learn about their count, you can do so by creating a relevant widget on the Log Analytics screen.

  • Suppose you want to look at Windows specific logs and we want to filter the log events based on the severity and then we can further group these log events based on the source IP, this enables you to identify the source IP generating the most errors based on the log severity.

*diagram for query on log analytics along with the graph*

Go to Menu, Select Log Explorer . The Log explorer is now displayed. Select Investigate in Search. The Log Search option is displayed by default.

Now, select the Log Analytics tab to open the tool.

Select the Visualization

First, select the visualization that you want to use on the log analytics tool to display the data.

You can use this tool to plot all the log data ingested via the various default vizualisation options including the following:

  1. Chart
  2. Grid
  3. Top N
  4. Gauge

These are some of the default vizualisations that are also available in the Dashboards and Widgets.

After selecting the visualization, we now move to querying data on the widget.

Querying data on the Widget

After selecting the visualization for the log data, we now query the data we want to display on the widget.

  1. Select the counter for which you want to display the data on the widget.

  2. Select the aggregate function that you want to be applied on the metric selected.

  3. Select the correct option as per the following:

    Source HostSelect this option if you wish to select specific monitor(s) as the source.
    Source TypeSelect this option if you wish to select one or more type(s) as the source. All the monitors that belong to the selected type(s) will be selected as the source.
    GroupSelect this option if you wish to select one or more group(s) as the source. All the monitors in the selected group(s) will be selected as the source.
    note

    In case you do not make any selection, then the data will be queried from all the log sources in the system that have the selected counter.

  4. Select the correct option as per the following:

    OptionDescription
    Select SourceThis option is displayed if you select Source Host in the previous selection. Select this option to specify the host(s) you want to select as the source. In case you don't specify any host, all the hosts with logs in the system that have the selected counter will be specified as the source.
    Select Source TypeThis option is displayed if you select Source Type in the previous selection. Select this option to specify the source type(s) you want to select as the source. In case you don't specify any type, all the log source types in the system will be specified as the source.
    Select GroupThis option is displayed if you select Group in the previous selection. Select this option to specify the group(s) you want to select as the source. In case you don't specify any group, all the groups with logs in the system will be specified as the source.

  5. Select an option from the Result By drop-down if you need to group the data after aggregation.

You can learn more about querying data on the Log Analytics widget in detail here.

Saving the visualization as Widget

You can save the visualization you created on the Log Analytics tool as a widget from the same screen. You can then use this widget on any of the dashboards you have created or you can use this widget on any future dashboards that you wish to create.

Click on to save the visualization you created on the log analytics tool as a widget. Enter the Widget Name, Description, and click on the Save button to create the widget right away.