Come join our live training webinar every other Wednesday at 11am PST and hear LogicMonitor experts explain best practices and answer common questions. We understand these are uncertain times, and we are here to help!
Unomaly is a monitoring appliance used for log analysis and anomaly detection. This Unomaly integration for LogicMonitor displays log anomalies and knowns collected by Unomaly and monitors the frequencies of events over time.
Unomaly works by learning the patterns of events produced by the systems and applications that make up IT infrastructures and identifying new events that don’t match previously established patterns.
As part of its event learning process, Unomaly tracks metrics (such as the counts of similar events and the frequency of their occurrence over time) and categorizes new events based on changes in structure, parameter values, and frequency. Users may also convert events into knowns to add contextual descriptions and classify their severity.
Read more about How Unomaly detects anomalies.
This Unomaly integration for LogicMonitor is compatible with:
LogicMonitor will test and extend coverage for newer versions of Unomaly.
The LogicModules in this integration collect data from the Unomaly appliance(s) that is configured to:
The LogicModules require access to the REST API endpoint on the Unomaly appliance. See the Unomaly REST API Reference.
Basic authentication is used to communicate with and access the Unomaly REST API. LogicMonitor needs to provide credentials for a Basic (API user) account that is enabled on the Unomaly appliance. See Configure basic authentication for API access.
For LogicMonitor to communicate with the Unomaly REST API, set the following properties on the monitored resource (or group) within your LogicMonitor portal. See Resource and instance properties.
The LogicModules package for this Unomaly integration are listed in the following table and described in more detail below. Import each LogicModule from the LogicMonitor Repository.
Unomaly Known Events
Unomaly Frequency Spikes
Unomaly New Anomalies
The Unomaly integration with LogicMonitor relies on the mapping between LogicMonitor devices and Unomaly systems to be correct. Metrics will only be collected for Unomaly systems that correspond to existing LogicMonitor devices. This mapping is accomplished with the Unomaly_DeviceInfo PropertySource.
Unomaly_DeviceInfo reconciles a Unomaly system ID with a LogicMonitor device by matching the hostname, IP address, or device name. If the LogicMonitor device matches a Unomaly system, it sets a auto.unomaly.systemid property on the LogicMonitor device.
It’s expected that a LogicMonitor device may relate to multiple Unomaly systems.
The Unomaly_Anomalies_Metrics DataSource monitors devices that map to Unomaly system(s) and returns the following metrics:
Knowns are learned events that have been annotated by the user with contextual information such as descriptions and tags to explain why the event happened and how to resolve it. User can also add a severity to the known events: Critical, Warning, Notice, Informational, and Ignored.
The Unomaly Known Events EventSource relays known events that have been classified with Critical or Warning. These events are displayed in LogicMonitor with an Error alert. Messages within the alert include full links to the known within Unomaly.
The Unomaly Frequency Spikes EventSource relays anomalous events that are defined as frequency spikes. Unomaly detects frequency spikes are small, medium, or large depending on how the change in rate of the event compares to historic patterns.
These events are displayed in LogicMonitor with a Warning alert. Messages within the alert include full links to the log anomaly within Unomaly.
The Unomaly New Anomalies EventSource relays events for two anomaly types:
In addition to the LogicModules, you may want to configure Unomaly to send OpsNotes to LogicMonitor and annotate metrics graphs with when log anomalies and known events are received.
In the Unomaly appliance, edit the following parameters in Settings | Advanced:
OpsNotes will only be sent for Unomaly systems that match a LogicMonitor device. Messages within the OpsNotes include full links to the log anomaly or known within Unomaly.
If you have issues with collecting data from the Unomaly appliance, you can perform the following steps:
Check that the PropertySource is working by confirming that the auto.unomaly.systemid is being set on LogicMonitor devices:
Read more about Using the Collector Debug Facility.
In This Article