LM Logs OverviewLast updated on 10 March, 2023
LogicMonitor Logs offers a unique and unified approach to log analysis centered on algorithmic root-cause analysis. LM Logs analyzes log events from IT environments to identify normal patterns and deviations from these. Deviations are referred to as anomalies. Through anomaly detection teams can act on issues early, before they become more complex and expensive to resolve.
When setting up LM Logs, source devices and services are configured to forward data to one of various log ingestion methods. Most often this is a LogicMonitor Collector, but you can also use the Logs REST API to forward log events to LM. The following is an example architecture with log data collected through different methods from multiple resources.
You can explore log events and log anomalies in the Logs page.
To enable LM Logs for your LM solution you need to decide how to collect and send log data from monitored resources to LM Logs for ingestion. Data can come from different sources like networks, collectors, host machines, log servers, and cloud services.
Some ingestion methods are better suited for certain types of log data, and choosing the right ingestion method is important for the log processing. For an overview of available ingestion methods and data input options, see About Log Ingestion.
Recommendation: When setting up logs ingestion, ensure you use the available filtering options to remove logs that contain sensitive information so that they are not sent to LogicMonitor.
Note: Logs can be viewed in LM Logs even if the log is not associated with an LM-monitored resource. Even without resource mapping, or when there are resource mapping issues, logs are still available for viewing and searching.
Once logs are sent to LM Logs, they are mapped to monitored resources based on information sent to the API. Anomalies are detected automatically and displayed in the Logs page and contextually together with metric Alerts and topology information to help speed up investigation. Use keyword search and filtering for fast investigation and analysis. See Reviewing Logs and Log Anomalies.
Note: There are two offerings for LM Logs: Pro and Enterprise with different log retention limits. This will affect the time range of the logs you are able to search and review in the Logs page.
You can also configure log pipelines to define filters and other processing steps, such as alert conditions, on specific sets of logs to get notifications when issues occur. See Log Processing Pipelines and Log Alert Conditions.
If you are having issues setting up log ingestion or reviewing logs, check out the Troubleshooting guide for common issues. You can also find troubleshooting help for a specific integration in the configuration guide for each integration, see About Log Ingestion.