IBM Operations Analytics – Log Analysis is used to analyze large volumes and varieties of log files in free form text. Log files come from a number of sources:
- IT infrastructure such as servers, storage and network devices.
- From middleware such as webservers, application servers, databases and directory servers.
- From Applications and business processes.
Log files are written in different formats. For example,
- syslog generated by infrastructure devices has the following format.
Jun 7 04:05:42 cldegd60 syslogd 1.4.1: restart.
- Logs generated by IBM MQSeries have a different format.
9/11/2014 13:15:08 - Process(4852.3) User(mqmadmin) Program(runmqdnm.exe)
Insight Packs are individual pluggable components used to handle the differences in logs. What is in an Insight Pack:
- Extract relevant and useful information from the log files.
- Tag the extracted fields. For example tag the first field as timestamp.
- Search for content in a log file. For example search for AMQ8377.
- Use dynamic dashboards relevant for a specific log type.
- Access alerts generated for a specific log type.
Insight packs for IBM WebSphere Application Server, IBM DB2, Web server and Syslog are provided with Operations Analyics – Log Analysis. The product also provides a Generic Insight pack that can parse any logrecord containing a timestamp. Using the Generic insight pack is a good starting point to index your log files if you do not have specific insight packs for your solution.
Reference the IBM Operations Analytics Community Resources for additional Insight Packs from IBM and Business Partners: https://developer.ibm.com/itoa/resources/