LogicMonitor performs anomaly detection on log events after they are ingested and mapped to a monitored resource. Log anomalies represent log events that are new, or seen for the first time on the monitored resource it’s associated with. Any events that cannot be associated with an existing resource in LogicMonitor will be dropped.
Log anomalies are displayed in two places: (1) the Logs page, where you can review raw logs and investigate log anomalies across your entire infrastructure and (2) the Graphs tab for Alerts, where they are displayed contextually with metric alerts to help speed troubleshooting.
The Logs page enables you to see raw logs and log anomalies across your entire environment as well search and filter for specific logs.
- Search and filter logs: Use the query language to troubleshoot issues and summarize your logs for reports. For more information, see Query Language Overview.
- Fields panel: Browse the fields that exist in the events returned by the current filter. You can see the number of events that contain particular field values, and click to add fields and values to your filtering search.
- More actions: For each log event line in the list, clicking on the Resource will provide options to view the Resource page or filter the Logs page on the Resource. Clicking on the side menu will provide options to Copy log message or Create log alert.
- Details panel: Click on a log row to open a panel with more information, including the full log event and its metadata. You can also find quick links to add metadata fields to your query filter and run a new search for the selected field and value with a +/- one minute window.
Graphs tab for Alerts
When you get alerted for an issue with a monitored resource, you can troubleshoot why the issue happened with log anomalies as additional context.
If there are log anomalies related to a metric Alert, you can investigate them in the Graphs tab:
- The log anomalies graph and table displays log anomaly occurrences and log messages over the time period of the alert.
- The red line in the graphs indicate when the alert was triggered in relation to the log anomalies and graphed time series data.
In the log anomalies graph, you can open the dropdown menu and select “View Logs” to switch to the Logs page for further investigation. The Logs page will open with filters pre-selected on the Resource and the time period of the alert to display related log anomalies.