log_monitoring_service (Log Monitoring Service) Release Notes

The log_monitoring_service probe periodically queries log data that is stored in CA Analytics Datastore (Jarvis) and raises notifications based on predefined queries. The Monitoring Service queries Jarvis at the predefined schedule and provides the following output:
uimpga-ga
log_monitoring_service_RN
The log_monitoring_service probe periodically queries log data that is stored in CA Analytics Datastore (Jarvis) and raises notifications based on predefined queries. The Monitoring Service queries Jarvis at the predefined schedule and provides the following output:
  • Match_Count metric for the count of matches found
  • Alarm if the match count exceeds a predefined threshold
  • Alarms containing sample matched logs lines (number of sample lines configurable)
You can create one or more profiles. Each profile includes a query to be executed for a particular log type and interval. For example, "response_time:[10 TO *] AND url:*ServiceDesk*" for apache access logs scheduled every 5 minutes. You can also forward the Log Monitoring Service alarms as email or SNMP notifications using the UIM Email Gateway (emailgtw) and SNMP Gateway (snmpgtw) probes respectively.
 Configuration through IM GUI is not supported.
This section provides the following information for the probe:
 
 
Revision History
This section describes the history of the revisions for the log monitoring service probe.
Version
Description
State
Date
1.20
 
What's New:
 
  • Added support to display the content from message and syslog_message (available in the syslog documents) fields for all the documents in Elasticsearch.
  • Added support to display ci_id and ci_type for both agent-based and agent-less logs.
GA
July 2018
1.10
  • Added support to configure the Tenant ID at the profile level.
GA
March 2018
1.02
  • Added support for metric configuration through Monitoring Configuration Service (MCS).
  • Compatibility with Agile Operations Analytics Base Platform 17.3. 
    Note:
     Backward compatibility with CA App Experience Analytics 16.x is not supported.
  • Provided configuration for customizing alarm message and alarm severity.
  • Added the
     time_window
     search criteria.
  • Added support for the following log types:
    • zos_syslog
    • nginx_access
    • spectrum_event
    • aws_cloudtrail
  • Introduced 
     
    Data Type
     
     and 
     
    Data Category
     
     configurations. The probe can now monitor data such as Alarms, Events, and Metrics.
  • Fixed the source mapping of the alarms when deployed on secondary hub issue.
GA
Dec 2017
1.01
  • Multi-tenancy is honored with the log_monitoring_service alarm origins.
  • Added match alarm when search string contains quotes.
  • Added match alarm on the ElasticSearch IP if unknown host is present in the ElasticSearch documents.
GA
March 2017
1.00
  • First release of the probe for CA UIM Log Analytics.
Beta
December 2016
Probe-Specific Hardware Requirements
Install this probe on systems with the following hardware resources: 
  •  
    Memory:
     2-GB - 4-GB RAM. The probe as shipped requires 256 MB of RAM.
  •  
    CPU:
     3-GHz dual-core processor, 32-bit, or 64-bit
Probe-Specific Software Requirements
This probe requires the following software environment:
  • CA Unified Infrastructure Management 8.5.1
  • Agile Operations Analytics Base Platform 17.3 
     CA App Experience Analytics 16.4 is not supported and you must install Agile Operations Analytics Base Platform 17.3. For more information, see  documentation.
  • Robot 7.80 or later (recommended)
  • Probe Provisioning Manager (PPM) probe version 3.36 or later (required for Admin Console)
  • Java JRE 7 or later (required for Admin Console)
  • glibc 2.5 or later (required for Linux platforms)
    This probe does not support AS/400, HP-UX, AIX, and z/Linux platforms.
Installation Considerations
Consider the following installation points for the probe:
  • A single instance of the Log Monitoring Service probe can be used to monitor the log data for a single Agile Operations Analytics Base Platform Tenant ID. You can deploy multiple instances of the probe on separate robots, if you have more than one tenant in Agile Operations Analytics Base Platform.
  • Deploy the probe preferably in the same region or site where the CA Analytics Datastore (Jarvis) is deployed. Ensure that the network connectivity with the Jarvis nodes is good as it queries data that is stored in Jarvis.
  • You can configure this probe either using Monitoring Configuration Service (MCS) or Admin Console (AC). However, use only one of the methods. For example, do not configure partially from MCS and partially from AC.