New UI Impact Series - Datapoint & Log Analysis
LogicMonitor's new Datapoint Analysis and Log Analysis features are revolutionary tools designed to transform how IT professionals approach troubleshooting. These AI-powered features provide automated insights that significantly reduce the time and effort required to identify and resolve critical issues. By leveraging advanced correlation techniques and sentiment analysis, these tools offer a streamlined approach to problem-solving, allowing teams to quickly pinpoint the root cause of alerts and minimize downtime. Their user-friendly design ensures that even less experienced team members can use them effectively, empowering the entire team and boosting efficiency. Datapoint Analysis stands out with its ability to correlate metrics across various DataSources, creating a comprehensive correlation score. This score is calculated by: Other datapoints from the same instance The same datapoint on other instances within the same resource The same datapoint on other resources that share the same collector ID This comprehensive approach eliminates hours of manual investigation, instilling confidence in the analysis results. Log Analysis uses sentiment and keyword analysis to distill large volumes of log data into concise, actionable summaries. Its interactive visualizations allow for quick data refinement without complex queries, providing an intuitive interface for log exploration. So, what’s the impact for you? Datapoint and Log Analysis significantly reduce the MTTR for critical issues by offering rapid access to correlated metrics and summarized log insights. This reduction in resolution time not only improves system availability and performance but also relieves the stress and pressure on IT teams. These tools are seamlessly integrated throughout the LM Envision platform, accessible from alerts, dashboards, graphs, and the Resource Explorer, ensuring that users can leverage these powerful insights at any stage of their troubleshooting process. For organizations dealing with complex, distributed systems, these features represent a quantum leap in operational efficiency, enabling teams to maintain high system availability and performance with unprecedented ease and speed. Want to know more about Datapoint & Log Analysis? Check out these resources: Datapoint Analysis Datapoint Analysis Overview Datapoint Analysis Demonstration Video Log Analysis Accessing Log Analysis Log Analysis Overview Log Analysis Widgets Log Analysis Demonstration Video
Monitoring folders on Windows servers
I was recently asked by a customer if it was possible to monitor the size of a folder or the file count in a folder on a Windows server. Well there sure is, <whistles> YO UNC Monitor- come on down. UNC Monitor- is part of the Core DS, the DSs that are installed by default when LogicMonitor is first deployed. As seen on the UNC Monitor Description section: Great, there is a way to do this. Ok how do I do this? Hmm? Well looking at the next section of the DS, Technical Notes. Add an instance manually, oooohh k. But how do I perform this specific voodoo? Hmm maybe if I look further down on the DS? Ok there is the Groovy Script, what do I get when I run the Test Script? Ok so I do have 5 folders that contain 41 files using a total of 7,013 KB. Great that’s some info but still not what I need for a path and I still don’t know how to “add the instance manually” Maybe there is some documentation on how to do this? Oh yeah it’s right here Step 2 states “click the down arrow icon button located next to the manage button for that device. From this dropdown menu, select “Add Other Monitoring” So now I know the steps I need to take and I know that there are folders that are shared. How do I know what the shared folders are without having to log onto the server? That’s where the debug facility comes in for help. The easiest way to access debug is open any raw data screen and click on debug You will be presented with all the available commands. To assist in finding the available folder shared we will be using !wmi If you aren’t familiar with any command just type the command and you will be presented with information. In this case I want to show the shared folders on this server. With a bit of knowledge on Win32 Classes we can find this info. I’ll cover Win32 Classes in another post. Now I have everything I need to get this folder monitored through UNC, RIGHT?!? RIGHT?!? I’m looking at the device and there is no DS for UNC showing How do I add it manually if I don’t have DS ugggh. Since I have my handy dandy info from the documentation I know I need to: Once you click on that you get Add a name as you want it to show up on the instance list. Then you can add a path from the list that was obtained through leveraging the debug facility. Once both of those are filled in,hit save twice and tada you get And more importantly you now have alert tuning that you can perform on this specific UNC drive
A DataSource to Troubleshoot ERI Merging
One of the most common behaviours noticed in topology maps is ERI Merging. This is caused when two or more devices share the same identifier (ERI). The example I always like to give when I’m teaching Topology Mapping is the word “football”. To a European like myselfthis is a game played with your feet, however in other parts of the worldthis is an altogether different game. Now let’s imagine we have a Topology Map connecting various sports together; what would show up if the map connects “football” to “basketball” - would it be the kicking game or the throwing game? Well, in LogicMonitor, it would be effectively indeterministic to tell. The two games would merge into a single object in the map (they merge into one of the resources at “random”). A key indicator of merging is one device showing as another device in the topology map. Luckily, there are a few out of the boxways to overcome this merging - the topo.blacklistand topo.namespace properties. If you’re interested in finding out more about merging how these are used, I have created a LearningByte which you can watch for free in LM Academy here - you will need a free Academy account created first. https://academy.logicmonitor.com/topology-mapping-toponamespace-topoblacklist/1329206 In order to use the blacklist property, you must know which ERIs are being merged. This can be discovered in the UI through a manual comparison of ERIs between resources (you can export to excel and process there if you’d like), however this can be a cumbersome process and doesn’t reveal how many resources are merged. That’s where my new ERIMergeTroubleshooter comes in. Using the LogicMonitor API to run the !erimergelist and !erimergedetail collector debug commands, it creates one instance for each merged ERI and a subsequent instance level property listing which other resources merge with that ERI. For example, we can see that this “Router” resource has merged with a “Server” resource. Applying the troubleshooter DataSource, it immediately reveals which particular ERI has merged, and which resource it has merged with (this is a trivial example, although most situations are often more complex). If you’d like to try out this custom Logicmodule, it can be imported now from the LMExchange (locator: F26PEJ); it will be great to hear some feedback from real world testing! Caveats: By default, this applies to all resources in the portal, so users should modify the appliesto if they require testing on specific devices only The module has not been tested against or developed for chained ERI merging API credentials are to be added as device properties based on the technical notes Thanks!
Retrieving data from an external API via a Groovy Scripted module
1) Using Expert mode, define a resource as the hostname of the api in question, i.e. api.someapinamehere.com. For the purposes of this example, I'm going to make a call to worldtimeapi.org for data on the timezone America/Chicago to determine if daylight savings time is in effect. 2) Next, choose an available collector and group (optional) and click save. Note: normally you would also add your api user name (if any) and api token as properties, but in this case, it's not necessary. 2) Next, go to Settings -> LogicModules -> DataSources and click Add -> Datasource 3) Follow the steps below to adjust the DataSource: 4) Insert this script in the text box entitled Groovy Script under Collector Attributes import com.santaba.agent.groovyapi.expect.Expect; import com.santaba.agent.groovyapi.snmp.Snmp; import com.santaba.agent.groovyapi.http.*; import com.santaba.agent.groovyapi.jmx.*; import org.xbill.DNS.*; import groovy.json.*; //Defines host as the name of the resource added, in this case worldtimeapi.org def host = hostProps.get("system.hostname"); //Defines the path to endpoint def endpointUrl = "/api/timezone/America/Chicago" //Defines port. SSL would require 443. def port = 80 //Opens connection def httpClient = HTTP.open(host, port) //Get response def response = httpClient.get(endpointUrl) //Define status code def statusCode = httpClient.getStatusCode() //Close connection httpClient.close() //Extract values or handle error if(statusCode == 200){ response = new JsonSlurper().parseText(httpClient.getResponseBody()) if(response['dst'] == true){ status = 1 println("dstStatus=${status}") } else { status = 0 println("dstStatus=${status}") } } else { println("Your HTTP get request was not successful. StatusCode=${statusCode}") } 5) Add Normal datapoint named dstStatus 6) Save Module 7) You will see data painted in your portal for the device worldtimeapi.org under the name of the DataSource you created. You can learn more about this on this recently updated support doc: https://www.logicmonitor.com/support/terminology-syntax/scripting-support/access-a-website-from-groovy#
