Automated Diagnostics Overview

You can use Automated Diagnostics to provide immediate insights into issues that are outside the coverage of automated alerts. Automated Diagnostics collects data and enables you to diagnose issues and analyze their root cause in your LogicMonitor portal. The real-time diagnostic data ensures faster issue resolution and improved system reliability.

You can manually configure DiagnosticSource modules and also import out-of-the-box DiagnosticSource modules. On the Resource Tree and Alert page, you can manually execute DiagnosticSource modules. You can create Diagnostic Rules to automatically run DiagnosticSource based on the alert conditions specified in the Diagnostic rule. After the DiagnosticSource is run, you can view the execution result and execution history of a resource.

DiagnosticSource Configuration

You can manually configure DiagnosticSource using Groovy or PowerShell diagnostics scripts that target specific issues such as high CPU utilization or increased memory usage. 
For more information, see DiagnosticSources Configuration.

In addition, you can import out-of-the-box DiagnosticSource modules. On the Modules Exchange page, you can access the following out-of-the-box DiagnosticSource modules for common use cases:

• Linux SSH Trace Route—Provides information about the route packets take to reach a network host on a Linux system.
• Linux SSH Top CPU and Memory—Provides information about running processes on a Linux system.
• Linux SSH IP Link—Provides information about network interfaces on a Linux system.
• Microsoft SQLServer Queries—Returns the top longest-running cached queries by total execution time.
• Microsoft SQLServer Blocked Processes—Returns blocking sessions in a Microsoft SQL Server instance.
• Microsoft Powershell – Network Interfaces—Provides information about network interfaces and their configuration on a Windows system.
• Microsoft Powershell – Top CPU and Memory—Provides information about running processes with highest CPU and memory usage on a Windows system.
• Microsoft Powershell – Top Event Logs—Displays the ten most recent critical and error events from the Windows Security, System, and Application Event logs for comprehensive system monitoring.
• Microsoft Powershell – User Privilege Change—Monitors and reports all user privilege escalations and security-related changes from the Windows Security Event logs over the last seven days for audit and compliance purposes.

For more information, see Importing a Module.

DiagnosticSource Management

You can manage DiagnosticSources to keep your modules up-to-date. Managing a DiagnosticSource involves the following:

• Editing a DiagnosticSource—Modify existing details of the DiagnosticSource.
• Viewing local history of a DiagnosticSource—View the history of versions of the module, including author, timestamp, and description of the change. This helps you understand how the DiagnosticSource evolved.
• Cloning a DiagnosticSource—Clone a DiagnosticSource to reuse the details of an existing DiagnosticSource.
• Exporting a DiagnosticSource—Export a DiagnosticSource in JSON file format.
• Deleting a DiagnosticSource—Delete a DiagnosticSource from My Module Toolbox.
• Reassigning module origin—Update the cloned out-of-the-box DiagnosticSource module to apply the latest updates from LM Exchange.
• Viewing associated resources—View resources associated with the DiagnosticSource module.
• Force resource match—Forcefully match resources that are added to AppliesTo criteria.

For more information, see Modules Management.

In addition, you can view audit logs for resources associated with the DiagnosticSource module. Audit logs provide insight into recent account activities, such as user logins and configuration changes made to resources in the account. For more information, see Audit Logs.

Diagnostic Rule Configuration and Management

You can configure Diagnostic rules to define conditions where an alert automatically runs a DiagnosticSource module and associate the results to the resource. For more information, see Diagnostic Rule Configuration.

You can manage Diagnostic rules to keep them up-to-date. Managing your Diagnostic rules involves editing, deleting, enabling and disabling rules, and creating duplicate copy of a Diagnostic rule. For more information, see Diagnostic Rule Management.

Manual and Automated Execution of DiagnosticSource

You can run manually configured DiagnosticSources and LogicMonitor supported out-of-the-box DiagnosticSource modules to collect data and find root cause of issues. LogicMonitor supports the following methods to run DiagnosticSource modules:

• Manual execution—From the Resources and Alerts page, you can manually execute the DiagnosticSource script for a resource to which DiagnosticSource is applied.
• Automated execution—On the Alerts page, for the alerts that have resources with DiagnosticSource module applied on them, automated execution is performed automatically by diagnostic rule when the defined conditions are met.

When the DiagnosticSource execution is complete, you can view the result of the diagnosis. You can view the execution history of a resource for a specific time range. The history of DiagnosticSource module provides details of the issues and the diagnosis performed to identify the root cause.

DiagnosticSource Output Format

You can get output after running the DiagnosticSource in JSON or plain text format. You can select the format that suits your needs. Details of the supported formats are as follows: 

• JSON format—In the JSON format, the rendered output is contained in a "data" field. Most LogicMonitor supported DiagnosticSource modules provide output in JSON format to avoid issues with special characters, multiple languages, and to allow potential for future metadata for specifying rendering (html, markdown, and so on). 
  The following displays an example output in JSON format:

{
  "format": "md",
  "data": "|%CPU|COMMAND|\n|----|-------|\n|4.0 |systemd|\n|1.0 |sshd   |"
}

• Plain text format—If the output is not a valid JSON in the "data" field, the output falls back to the plain text format.