Visualizing System Logs with Blue Medora Content Packs

by bluemedora_editor on September 16, 2016

For some, gone are the days of native terminal searching and comparative log file analysis. Since 2001, I have been supporting customers and digging into log files, sometimes, 12 hours a day to get to a root cause. Now we have tools like vRealize Log Insight to help us get MTTR.

 

So where does Blue Medora fit in? We create software that hooks into leading cloud and application performance management solutions. We not only solve the sprawl in tooling, but also reduce the nuances of syslog analysis and mean time to innocence with seven different Content Packs for vRealize Log Insight. Even better, these content packs are entirely free! If you do not have vRealize Log Insight but you do have a licensed vCenter, you can get that here at no cost.

 

These packs are pre-configured to consume, organize, and collect the log messages of a specific system or application. They then display these log messages to the savvy admin through user-friendly dashboards. I will highlight two content packs that Blue Medora has carefully crafted and customized to ingest, organize, and aggregate the most common requests for administrators today. Let’s first take a look at the HP Server iLO Content Pack.

 

The iLO logs contain a number of events, including login/logout. Those include logging into the management interface (like in firefox or chrome) and also logging in through the API (like our management pack does). The iLO has to be configured to forward all logs to a Log Insight endpoint. It collects and performs an in-depth analysis of the logs forwarded by the HP iLO devices and displays them back to you in a series of 4 dashboards. Each dashboard includes a number of widgets (5 in Figure 1.0 below) that are customized to focus on specific events pertaining to each dashboard.

 

figure-1

Figure 1: HP Events Overview

 

Now, let’s say you are receiving complaints or maybe you just want to know when something has changed on your HP server. You can quickly pin this down at the “Browser Events” dashboard (Figure 2.0). Right from this dashboard, you can quickly see which unique hosts are taking part in browser events. This graph quickly identifies the trend of browser events, and where they are coming from using hostnames. Increased browser events may indicate changes to the environment or environmental issues, allowing you to identify a possible root cause.

 

figure-2

Figure 2: HP Browser Events

 

Let’s move on to the SolarWinds NPM Content Pack. It creates a simplified view into the SolarWinds core services to allow you to discover and diagnose issues as soon as they occur. Items such as expired licensing, core services failing, or SolarWinds alert notifications errors can immediately be raised to the proper personnel to ensure your monitoring solutions are fully operational. SolarWinds events are filtered into 6 convenient dashboards: (1) Overview (2) AlertingEngine Events, (3) SyslogService Events, (4) SWService Events, (5) TrapServiceEvents, and finally (6) BusinessLayer Events. Figure 3.0 below shows our SolarWinds overview dashboard. You can see events that have occurred over (any) period of time and quickly drill into them. You may also filter into specific events via hostname for even quicker analysis.

 

figure3-0

Figure 3: SolarWinds Overview Dashboard

 

For Example, in figure 4.0, 4.1 and 4.2 you may drill down from the SWServiceEvents dashboard and be taken into the Log Insight interactive analytics page for further analysis and drill downs. SWService covers several of SolarWinds services, such as Orion Improvement, Interfaces, and Device Studio services.

 

figure-4-0

Figure 4: SWService Events dashboard

 

figure4-1

Figure 4.1: SWService Events dashboard

 

figure-4-2-1

Figure 4.2: SWService Events Dashboard

 

And then there is the SWS AlertingEngine Events. The Alerting Engine is responsible for reporting all alerts inside of SolarWinds (Figure 5.0 below). From this view, you can see how you may maneuver into the analytics to further drill down when you hover over any specific graph.

 

figure-5-0

Figure 5: SWS AlertingEngine Events dashboard

 

Lastly, you may also clone any of these dashboards to create your own views and modifications specific to your needs. In the following 2 screenshots you can see how to do this. By selecting the wrench icon and simply clicking clone and naming it, you can work your magic.

 

figure6-0

Figure 6: Cloning a dashboard

 

figure7-0

Figure 6.1: Cloning a dashboard

 

This is just a taste of what you can accomplish with Blue Medora’s Content Packs for vRealize Log Insight. I suggest to try them out and get your feet wet. Each content pack is optimized for the specific product it monitors. Users can customize their experience by using the tool supplied by the content pack to create their own dashboards and queries. Whether it’s to troubleshoot a recurring problem, or to simply monitor the state of a system, Log Insight content packs are a great way to leverage the power of your log messages.

Get started

Try BindPlane for free. No credit card required.

Sign up
True Visibility
BindPlane for VMware vRealize Operations

True Visibility allows cloud management teams to use VMware vRealize’s powerful machine learning and capacity planning engine across their entire hybrid cloud environment.

Azure Monitor...everything
BindPlane for Microsoft Azure Monitor

Make Azure Monitor your first-pane-of-glass across your entire multi-cloud, multi-database or hybrid platform environment.

Thank you for contacting us. Your information was received. We'll be in touch shortly.