Support Center Home


Reviewing Logs and Log Anomalies

LogicMonitor performs anomaly detection on log events after they are ingested and mapped to a monitored resource.  Log anomalies represent log events that are new, or seen for the first time on the monitored resource it’s associated with. Any events that cannot be associated with an existing resource in LogicMonitor will be dropped.

Log anomalies are displayed in two places: (1) the Logs page, where you can review raw logs and investigate log anomalies across your entire infrastructure and (2) the Graphs tab for Alerts, where they are displayed contextually with metric alerts to help speed troubleshooting.

Logs page

Logs page filtered over a custom time range.

The Logs page enables you to see raw logs and log anomalies across your entire environment as well search and filter for specific logs.

  • Search logs: Use keywords to search for log events based on matches in the contents of the log messages.
  • Filter for Resources and Groups: Select to display only logs from specified Resources or Groups.
  • Anomalies filter: Click to show only anomalies. By default, raw logs are included with the log anomalies. 
  • Log severity filters: Click to show only logs that match an alert condition based on the severity level: Critical, Error, Warning. See Log alert conditions.
  • Change the time range: Select from a list of time ranges or manually define a time range to review. The default time range is set to 15 min. You can also change the time range by dragging and selecting within the graph. Click the “Exit graph zoom” icon to revert to your last time range.
  • More actions: For each log event line in the list, clicking on the Resource will provide options to view the Resource page or filter the Logs page on the Resource. Clicking on the side menu will provide options to “Copy log message” or “Create log alert”.
  • Details panel: Click on a log row to open a panel with more detailed information, including the full log event and its metadata.

Graphs tab for Alerts

When you get alerted for an issue with a monitored resource, you can troubleshoot why the issue happened with log anomalies as additional context. 

If there are log anomalies related to a metric Alert, you can investigate them in the Graphs tab:

  • The log anomalies graph and table displays log anomaly occurrences and log messages over the time period of the alert.
  • The red line in the graphs indicate when the alert was triggered in relation to the log anomalies and graphed time series data.

In the log anomalies graph, you can open the dropdown menu and select “View Logs” to switch to the Logs page for further investigation. The Logs page will open with filters pre-selected on the Resource and the time period of the alert to display related log anomalies.

In This Article