Platform

    Get real-time insights and automation for comprehensive, seamless monitoring with agentless architecture.

    Platform Overview
  • Infrastructure
    monitoring
  • Cloud monitoring
  • Digital experience
  • AIOPS

      • Solutions

      Whether you work in MSP, Enterprise IT or somewhere in between, the solution is clear.

      Solutions Overview
    By Initiative
    By Industry

      About us

      Get to know LogicMonitor and our team.

      About us
    Get to know us
    Connect
    Services

      Documentation

      Read through our documentation, check out our latest release notes, or submit a ticket to our world-class customer service team.

      View Resources
    Support

    Product Documentation

    Unomaly Monitoring

    Last updated on 20 June, 2020

    Overview

    Unomaly is a monitoring appliance used for log analysis and anomaly detection. This Unomaly integration for LogicMonitor displays log anomalies and knowns collected by Unomaly and monitors the frequencies of events over time.

    Background

    Unomaly works by learning the patterns of events produced by the systems and applications that make up IT infrastructures and identifying new events that don’t match previously established patterns.

    As part of its event learning process, Unomaly tracks metrics (such as the counts of similar events and the frequency of their occurrence over time) and categorizes new events based on changes in structure, parameter values, and frequency. Users may also convert events into knowns to add contextual descriptions and classify their severity.

    Read more about How Unomaly detects anomalies.

    Compatibility

    This Unomaly integration for LogicMonitor is compatible with:

    • Unomaly version 3.6.5 or newer

    LogicMonitor will test and extend coverage for newer versions of Unomaly.

    Setup Requirements

    The LogicModules in this integration collect data from the Unomaly appliance(s) that is configured to:

    • Receive and process logs from the systems you want to monitor.
    • Enable communication with the Unomaly REST API endpoint.

    Enable Unomaly API Access

    The LogicModules require access to the REST API endpoint on the Unomaly appliance. See the Unomaly REST API Reference.

                                   
    ProtocolPort Description
    HTTPS443 Used to communicate with and access the Unomaly REST API.

    Basic authentication is used to communicate with and access the Unomaly REST API. LogicMonitor needs to provide credentials for a Basic (API user) account that is enabled on the Unomaly appliance. See Configure basic authentication for API access.

                                   
    AuthenticationRole Description
    Basic (API user)Administrator This user has full Administrator capabilities on Unomaly. There may be multiple Basic accounts, but only one can be enabled at a time.

    Edit LogicMonitor Device Properties

    For LogicMonitor to communicate with the Unomaly REST API, set the following properties on the monitored resource (or group) within your LogicMonitor portal. See Resource and instance properties.

                                                                       
    PropertyValue Required?
    unomaly.usernameUnomaly Basic (API user) username Required
    unomaly.passwordUnomaly Basic (API user) password Required
    unomaly.hostHostname or IP address to Unomaly appliance Required
    unomaly.systemidList of possible device ID to use to match the LogicMonitor device to a Unomaly system ID Optional

    LogicModules in Package

    The LogicModules package for this Unomaly integration are listed in the following table and described in more detail below. Import each LogicModule from the LogicMonitor Repository.

                                                                            
    Display NameType Description
    Unomaly_DeviceInfoPropertySource Identifies if a device is being monitored in Unomaly and sets the auto.unomaly.systemid property on devices.
    Unomaly_Anomalies_MetricsDataSource Monitors anomalies metrics from Unomaly.
    Unomaly Known EventsEventSource Relays detected known events from Unomaly.
    Unomaly Frequency SpikesEventSource Relays detected frequency spikes from Unomaly.
    Unomaly New AnomaliesEventSource Relays detected new anomalies found by Unomaly.

    Unomaly DeviceInfo

    The Unomaly integration with LogicMonitor relies on the mapping between LogicMonitor devices and Unomaly systems to be correct. Metrics will only be collected for Unomaly systems that correspond to existing LogicMonitor devices. This mapping is accomplished with the Unomaly_DeviceInfo PropertySource.

    Unomaly_DeviceInfo reconciles a Unomaly system ID with a LogicMonitor device by matching the hostname, IP address, or device name. If the LogicMonitor device matches a Unomaly system, it sets a auto.unomaly.systemid property on the LogicMonitor device.

    It’s expected that a LogicMonitor device may relate to multiple Unomaly systems.

    Unomaly Anomalies Metrics

    The Unomaly_Anomalies_Metrics DataSource monitors devices that map to Unomaly system(s) and returns the following metrics:

    • Counts of the occurrence of the different types of anomalies that have been detected over time.

    Unomaly Known Events

    Knowns are learned events that have been annotated by the user with contextual information such as descriptions and tags to explain why the event happened and how to resolve it. User can also add a severity to the known events: Critical, Warning, Notice, Informational, and Ignored.

    The Unomaly Known Events EventSource relays known events that have been classified with Critical or Warning. These events are displayed in LogicMonitor with an Error alert. Messages within the alert include full links to the known within Unomaly.

    Unomaly Frequency Spikes

    The Unomaly Frequency Spikes EventSource relays anomalous events that are defined as frequency spikes. Unomaly detects frequency spikes are small, medium, or large depending on how the change in rate of the event compares to historic patterns.

    These events are displayed in LogicMonitor with a Warning alert. Messages within the alert include full links to the log anomaly within Unomaly.

    Unomaly New Anomalies

    The Unomaly New Anomalies EventSource relays events for two anomaly types:

    • Never before see, which are events that are new in the entire infrastructure
    • New in system, which are events that occurred for the first time on the system but has been detected in other systems

    These events are displayed in LogicMonitor with a Warning alert. Messages within the alert include full links to the log anomaly within Unomaly.

    OpsNotes Annotations

    In addition to the LogicModules, you may want to configure Unomaly to send OpsNotes to LogicMonitor and annotate metrics graphs with when log anomalies and known events are received.

    In the Unomaly appliance, edit the following parameters in Settings | Advanced:

                                                       
    PropertyValue Required?
    tad/TAD_ACCESSIDAccess ID for your LogicMonitor portal Required
    tad/TAD_ACCESSKEYAccess Key for your LogicMonitor portal Required
    tad/TAD_ACCOUNTCompany Account for your LogicMonitor portal Required

    OpsNotes will only be sent for Unomaly systems that match a LogicMonitor device. Messages within the OpsNotes include full links to the log anomaly or known within Unomaly.

    Troubleshooting

    If you have issues with collecting data from the Unomaly appliance, you can perform the following steps:

    Check that the PropertySource is working by confirming that the auto.unomaly.systemid is being set on LogicMonitor devices:

    • If not, then use the Collector Debug to find the exact error with the PropertySource.
    • If auto.unomaly.systemid is being set, but you don’t see any anomalies, use the Collector Debug to find the error with the EventSources or DataSource.

    Read more about Using the Collector Debug Facility.

    In This Article