Log Search
Overview
The log search feature enables you to narrow down to the exact log event that you wish to view and analyze. You can set a condition to filter out the log data to the values you desire to view. Select to set the filter condition as per your requirement view the log events you have searched for.
For example, you can set a filter condition to view all the logs from a particular source host for a specific time period by providing appropriate filter conditions. You can then view and analyze the log events you have searched.
Navigation
Go to Menu, Select Log Explorer . After that, select .The screen to search and view the log details is now displayed.
Log Investigation using Log Search
Count of Log events
The bar graph at the top of the Log Search screen displays the count of log events received at different times during the day. To view more details about a specific time period, hover your cursor over the corresponding section of the graph.
To understand other elements of the log search, navigate to the list of tabs present below the bar graph. Select Event Log to start with.
Event Log
Event Log enables you to view the details of the live log events in your infrastructure.
The timestamp of the log events and the message associated with the event are displayed on this tab by default. You can add more fields from the list of available fields to view the details of that field for each log event. Suppose you want to view the log message along with the host generating these messages, you can simply add the source.host field from the list of Available Fields to the list of Selected Fields.
Go to the list of Available Fields. Hover the mouse cursor over the field that you want to add in the Event Log. Select present beside the field. This would move the field from the list of Available Fields to the list of Selected Fields.
Select the Raw Log checkbox to show the unparsed version of logs in the Message column as received in Motadata AIOps.
Surrounding Logs
Under the Event Log tab, navigate to a specific log message and select the View Surrounding Events button to view the log messages surrounding the selected log message.
Surrounding logs provide a more comprehensive understanding of the environment and help in performing effective root cause analysis, troubleshooting, and incident response.
When an event or alert is triggered, you can view the surrounding logs that capture additional log entries from relevant systems, applications, or infrastructure components. The idea is to gather a broader set of information that might be associated with the event, allowing IT operations teams to have a more complete picture of what occurred.
Organized Log
This tab shows all the parsed data from logs in an organized manner. For each log event, the details of all the available fields are shown in a tabular manner. This view enables you to easily skim through the log event data and gather relevant information at a glance.
Creating Reports from Log Search
The Log Search feature in Motadata AIOps also allows users to create detailed reports based on specified log filter criteria. Once you have specified the filter criteria to narrow down the log events you wish to include in the report, click on Save as Report. A dialog box will appear prompting you to enter the report Name and Description. Provide the required information and click Save. The Report will be available to view and analyse further in the All Reports category under the Log tab. For easy accessibility, you can also mark reports as favourite by clicking on the star icon preceding each of them. All marked reports will be listed under the My Favourite Reports section.
Log Event Timeline
By default, the Log Search screen displays log events generated on the current day.
This means the log events generated on the current day are shown by default. For example, if the current date is 1st January and the time period is selected as Today, then the log events generated on 1st January are shown on the screen.
You can also view the historical log events by changing the time period as required. Click on the button at the top-right corner of the screen to do so.
Log Pattern Correlation
Log Pattern Correlation is a crucial feature in Motadata AIOps' Log Search that works continuously in the background to correlate and identify logs with similar patterns. This process streamlines a large dataset of logs into a more manageable and insightful subset, allowing users to gain deeper insights into log data.
The Log Pattern Matching feature offers several advantages:
Pattern Identification: Motadata AIOps can recognize and group logs with similar patterns, making it easier for users to identify commonalities and trends within their log data.
Detection of Irregularities: By identifying patterns, the system becomes adept at recognizing anomalies or irregularities in log events. This is particularly valuable for quickly detecting and addressing issues within an IT infrastructure.
Efficient Troubleshooting: Log Pattern Matching accelerates troubleshooting by providing a focused view of logs related to specific patterns. This enables quicker issue resolution and a more efficient IT operations workflow.
Reduced Noise: Correlating logs into patterns helps in reducing noise in log data. Unrelated or non-critical logs are filtered out, allowing users to concentrate on the logs that matter most.
Enhanced Visibility: Users gain enhanced visibility into the structure and behavior of logs, facilitating a comprehensive understanding of the log data generated by different sources.
Navigation
Go to Menu, Select Log Explorer . After that, select .The screen to search and view the log details is now displayed. Select the Pattern tab to display the tab for pattern correlation.
Use Case 1: Identifying Noisy Patterns - Brute Force Attacks
A web-server/application is experiencing a surge in login attempts, indicating a potential brute force attack. The logs from various sources are being ingested into Motadata AIOps, and identifying unauthorized access swiftly is crucial.
Solution with Pattern Correlation
Pattern Identification
Motadata AIOps leverages Log Pattern Matching to identify patterns related to repeated failed login attempts, showcasing a potential brute force attack. Logs with similar patterns, but potentially masked usernames or IPs, are grouped together.
Detection of Irregularities
You will be able to identify the irregularity as an anomaly, as it deviates from regular login behavior.
Efficient Troubleshooting
IT operators can focus specifically on logs related to the identified pattern, making troubleshooting more efficient. By analyzing the masked usernames or IPs, security teams can narrow down the scope of the attack and take appropriate measures.
Reduced Noise
Log Pattern Matching filters out unrelated logs, ensuring that only logs related to the brute force attack pattern are presented. This reduces noise and allows security teams to concentrate on addressing the security threat.
Enhanced Visibility
Security teams gain enhanced visibility into the attack pattern, enabling them to understand the scale and tactics of the brute force attack.This insight accelerates the response time and helps in implementing necessary security measures.
Use Case 2: Outlier Detection in Critical Events
An organization's IT infrastructure is generating a massive volume of logs, including rare errors or critical events. Detecting outliers within this ocean of logs is essential to identify potential issues that may have a significant impact.
Solution with Pattern Correlation
- Pattern Identification
Motadata AIOps employs Log Pattern Matching to identify patterns associated with rare errors or critical events. Logs with similar patterns are grouped together, indicating potential outliers in the log data.
- Detection of Irregularities
You will be able to recognise patterns associated with rare events as outliers, as they occur infrequently compared to regular log patterns.
- Efficient Troubleshooting
IT operators can focus specifically on logs related to the identified outlier patterns, streamlining the troubleshooting process. By examining the logs identified as a outlier, teams can quickly identify and address critical issues that may impact the overall system.
- Reduced Noise
Log Pattern Matching filters out logs that do not match the identified outlier patterns, reducing noise and highlighting only the logs of interest. This ensures that IT teams prioritize their efforts on critical events rather than going through a vast amount of log data.
- Enhanced Visibility
IT administrators gain enhanced visibility into rare errors or critical events by analyzing logs with identified outlier patterns. This visibility enables proactive measures to be taken to prevent potential issues from escalating and impacting the organization's IT environment.
In the Log Pattern Matching tab, users can explore different patterns, each displaying the count of logs belonging to that pattern and the percentage of those logs out of the total logs ingested. This interface provides a comprehensive view of how logs are correlated and grouped based on their patterns, offering users valuable insights into their log data.