Support Center Home

Reviewing Logs and Log Anomalies

LogicMonitor performs anomaly detection on log events after they are ingested and mapped to a monitored resource.  Log anomalies represent log events that are new, or seen for the first time on the monitored resource it’s associated with. Any events that cannot be associated with an existing resource in LogicMonitor will be dropped.

Log anomalies are displayed in two places: (1) the Logs page, where you can review raw logs and investigate log anomalies across your entire infrastructure and (2) the Graphs tab for Alerts, where they are displayed contextually with metric alerts to help speed troubleshooting.

Logs page

The Logs page enables you to see raw logs and log anomalies across your entire environment as well search and filter for specific logs.

  • Search log messages: Use keywords to search for log events based on matches in the contents of the log messages.
  • Filter for resources: Select to display only logs from specified devices.
  • Include raw logs: Toggle to exclude raw logs in the list. By default, raw logs are included with the log anomalies. 
  • Change the time range: Select from a list of time ranges or manually define a time range to review. The default time range is set to 15 min. You can also change the time range by dragging and selecting within the graph. Click the “Exit graph zoom” icon to revert to your last time range.
  • Log severity: A log event may have a severity level which is automatically assigned. Severity may be “anomaly”, if the log matches anomaly criteria, or an alert level (Critical, Error, Warning) if the log matches an alert condition. See Log alert conditions.
  • More actions: For each log event line in the list, you can click on the device to open its Resource page, “Copy log text” to your clipboard if needed for external investigation, and expand the view for long log messages.

Graphs tab for Alerts

When you get alerted for an issue with a monitored resource, you can troubleshoot why the issue happened with log anomalies as additional context. 

If there are log anomalies related to a metric Alert, you can investigate them in the Graphs tab:

  • The log anomalies graph and table displays log anomaly occurrences and log messages over the time period of the alert.
  • The red line in the graphs indicate when the alert was triggered in relation to the log anomalies and graphed time series data.

In the log anomalies graph, you can open the dropdown menu and select “View Logs” to switch to the Logs page for further investigation. The Logs page will open with filters pre-selected on the Resource and the time period of the alert to display related log anomalies.

In This Article