March 2025 Logs for Lunch Recap: Catching Anomalies in the Cloud & Deeper Insights with Logs
Overview This month’s Logs for Lunch session brought together IT professionals to explore Catching Anomalies in the Cloud & Deeper Insights with Logs, highlighting how LM Logs can streamline troubleshooting and proactive monitoring. Our experts explored real-world use cases, demonstrating how logs provide deeper visibility into diagnosing an anomaly in your cloud storage permissions before it becomes a major problem! Register to watch the replay! Summary: Overview This webinar, hosted by Tom Chavez, introduces Logs for Lunch, a new webinar series for 2025. The session covers the importance of logs in troubleshooting and monitoring cloud and infrastructure issues, featuring two live demos by Nick Doane (Sr. Sales Engineer) and David Femino (Product Team). The discussion highlights LogicMonitor’s (LM) log analysis tools, their AI-powered anomaly detection, and their ability to streamline IT operations. Key Takeaways 1. Challenges in Log Management Logs are typically owned by security teams, making it difficult for operations teams to access them. Organizations often deal with log overload, multiple tools, and lack of a unified view. Querying logs across different tools requires expertise in various query languages. LM Logs simplifies log access and analysis by integrating with LM Envision. 2. How LM Logs Helps Unifies log data across cloud, on-prem, and network devices. Reduces troubleshooting time by up to 80% through centralized log analysis. AI-powered anomaly detection filters out noise and focuses on unusual patterns. Streamlined access for Ops teams—no need to rely on security teams for logs. Hot storage for all logs, ensuring quick and easy searches. Flexible retention options (7 days to a year) based on business needs. Demo 1: Troubleshooting Cloud Issues with LM Logs (Nick Doane) Nick demonstrates how LM Logs’ anomaly detection can quickly pinpoint and resolve issues: Scenario: A Frontend Application Failure A 404 error surge is detected in an Azure-based app. LM Logs automatically correlates error alerts with related log anomalies. AI filters 20M logs down to 71 anomalies, surfacing the most critical entries. A user, John Johnson, is identified as having made a change in Azure storage. The public network access setting was disabled, causing 404 errors. Resolution: Quick identification of who changed what using log analysis and anomaly detection. No need for query language expertise—LM Logs automates log filtering. Faster root cause identification without escalating to higher-level engineers. Demo 2: Advanced Log Querying & Aggregation (David Femino) David explores how to extract insights from logs using LM Logs’ built-in query features: Log Querying Simplified Type-ahead key-value filtering (e.g., resource:name). Automatic log metadata extraction (log levels, syslog facilities, etc.). Visual filtering—click-to-query without learning complex query languages. Advanced Log Analytics with Operators Count logs by resource to identify "top talkers." Aggregate log sizes, track storage usage over time. Time bucketing: Group log data into 24-hour windows for trends. Parsing log fields dynamically (e.g., extracting Access Keys from AWS logs). AI-powered anomaly detection reduces the need for manual data sifting. Final Notes & Upcoming Events Live Q&A: Attendees ask about log storage, AI filtering, and query best practices. Elevate User Conference: Dallas (April), Sydney (May), London (June) Includes demos, training, and networking. Next Webinar: Patrick Sites (Product Architect) will showcase new LM Logs features. Takeaway: LM Logs is built to simplify log analysis, provide quick insights, and enhance operational efficiency without requiring deep technical expertise in querying logs. Questions: Q: Will any portion of elevate be available online? A: Yes, all Elevate sessions will be recorded for playback for free. Q: Where can I find more info about advanced search operators? A: Advanced search operators are covered here: https://www.logicmonitor.com/support/advanced-search-operators Q: Any other resources? A: I also love this resource, the Logs Search Cheatsheet: https://www.logicmonitor.com/support/lm-logs/logs-query-language/logs-search-cheatsheet Example queries can be imported from our git repo as well. ehttps://github.com/logicmonitor/log-queries What’s Next? Next Logs for Lunch: Accelerating Troubleshooting with Logs April 9, 2025 12noon CT / 10am PT / 11am MT / 1pm ET Register and get more information here Elevate Community Conference: Join us in Dallas, TX (April 30), Sydney, AUS (May 29), and London, UK (June 25), to gain strategic insights, hands-on product experience, and exclusive networking opportunities. Elevate 2025 will showcase the latest innovations in AI-powered observability, empowering enterprises to optimize their modern data centers. Find more details and registration links here! What Came Before? Did you miss the Logs for Lunch presentations and demos from January and February? Catch up on the great topics covered earlier this year, including our opening meeting of 2025 in January with a LM Logs overview and demo of Troubleshooting a Tomcat app, and the second meeting in February focused on Network Observability and Wireless Connectivity.56Views2likes0CommentsFebruary 2025 Logs for Lunch Recap: Network Observability & Wireless Connectivity
Overview This month’s Logs for Lunch session brought together IT professionals to explore Network Observability & Wireless Connectivity, highlighting how LM Logs can streamline troubleshooting and proactive monitoring. Our experts explored real-world use cases, demonstrating how logs provide deeper visibility into network performance, security events, and infrastructure health. Whether managing a growing wireless network or optimizing log intelligence, this session was packed with actionable insights to elevate your monitoring strategy. The Demo Making Wireless Networks More Predictable: We explored how log intelligence can help identify and resolve connectivity issues before they impact users. Proactive Troubleshooting with LM Logs: Discover how to correlate logs with performance metrics for faster incident resolution and enhanced root cause analysis. Security & Compliance Insights: Learn how to leverage log data for better security monitoring, detecting anomalies in network behavior. Enhancing Network Observability: Unveiling best practices for visualizing wireless connectivity issues with logs and metrics in a single pane of glass. Customer Success Stories: Real-world applications showcasing how teams are using LM Logs to optimize network health and troubleshoot at scale. Q&A Q: How can LM Logs help with wireless troubleshooting? A: LM Logs provide real-time insights into network performance, helping to correlate log data with connectivity metrics, device health, and historical trends. Q: Can LM Logs be used for security monitoring? A: Absolutely! Logs can highlight unexpected login attempts, firewall policy violations, and network anomalies, making them a key tool for security and compliance teams. Q: How do I integrate LM Logs with my current monitoring setup? A: LM Logs work seamlessly with existing dashboards and alerting workflows, allowing you to combine performance metrics, topology maps, and log data in one place. Q: What’s the best way to filter and analyze large volumes of logs? A: Utilize log search, filters, and anomaly detection features to pinpoint the most relevant data, reducing noise and making troubleshooting more efficient. Customer Call-outs “The ability to see connectivity issues correlated with logs in real-time is a game-changer.” “Security monitoring with logs is something we’ve needed, and this session really showed us how to implement it.” “We’ve been struggling with intermittent wireless issues, and now we have a solid strategy to tackle them.” What’s Next? Virtual User Groups: Join us for our first LM Community Virtual User Group series, where you'll hear from fellow LogicMonitor customers about their hybrid observability journey. Register for your preferred region below! LM User Group | AMER East - Mar 20 LM User Group | AMER West - Mar 20 LM User Group | APAC - Mar 27 LM User Group | EMEA - Mar 27 Elevate Community Conference: Join us in Dallas, TX, Sydney, AUS, and London, UK, to gain strategic insights, hands-on product experience, and exclusive networking opportunities. Elevate 2025 will showcase the latest innovations in AI-powered observability, empowering enterprises to optimize their modern data centers. Find more details and registration links here! Stay tuned for more insights and opportunities to enhance your monitoring capabilities with LM Logs. Missed this session? Watch the full recording below ⤵️84Views3likes0CommentsJanuary 2025 Logs for Lunch Recap: Transforming Log Intelligence
We launched our 2025 Logs for Lunch series with a bang, diving deep into how LM Logs is transforming how teams tackle troubleshooting. If you missed it, don't worry - here's a quick recap. Making Log Troubleshooting Less Painful Most of us don't exactly jump for joy when we have to dig through logs. But LogicMonitor is changing that game. The standout feature? An AI-powered system that spots unusual patterns automatically - no complex queries needed. This innovative approach has helped organizations reduce their troubleshooting time by up to 80%, significantly improving operational efficiency. The Demo The technical demonstration showcased real-world applications, featuring: Streamlined alert-to-resolution workflow "Show Patterns" feature for identifying recurring issues Automated alert creation based on log patterns Seamless integration between metrics and logs The demo walked through diagnosing a web server issue, illustrating how complex problems can be resolved with minimal clicks and without extensive logging expertise. Q&A People had questions, and we got answers! Here are the ones that got everyone's attention: Q: I'm new to this - where should I start? A: Start with what you know - if you're already monitoring network devices or Windows servers in LogicMonitor, that's your sweet spot. These are usually the easiest to set up and start getting value from right away. Q: How does pricing work? A: LM Logs is an add-on to LM Envision, and it's pretty straightforward: you pay based on how much data you're logging and how long you want to keep it. Whether you need 7 days or a full year of retention, they've got you covered. Q: How do I keep track of usage? A: There's a neat dashboard that shows your monthly usage, trends, and even which systems are your "top talkers" - super helpful for keeping things under control. What's Next? Mark your calendar for the next Logs for Lunch session on February 12th, 2025, at 12 pm CT, where we're tackling troubleshooting wireless networks. Save your spot by registering today. Keep an eye out in the Community for upcoming exciting product launches! Check out our official LM Logs page here for a deeper dive into logs.364Views4likes0CommentsWebhook Event Collection & Cisco Meraki
As a Cisco Meraki Strategic Technology Partner, we are always looking for ways to make our integration the best that it can be, so you can get the most out of your investments with Cisco and LogicMonitor. So, today we kicked off R&D planning for [safe harbor statement] the ability to collect webhook events from Cisco Meraki with the following objectives. Mitigate Cisco Meraki Dashboard API rate limiting. Enable [near] real-time alerts for things like camera motion, IoT sensor measurement threshold breach (or automation button press), power supply failure... Facilite sending webhook events from Cisco Meraki to LogicMonitor I have the following assumptions. Customers want to be alerted on most, but not all webhook events. Customers want to have multiple inbound webhook configurations, i.e. for different tenants/customers or different Cisco Meraki organizations. Cisco Meraki is the first but not the only platform that customers will want to use to send webhook events to LogicMonitor. If you had a magic wand and could make such an integration do exactly what you wanted, what would be your number one ask? Thank you!78Views3likes0CommentsHow to redirect the output of the groovy script to the collector log file using groovy script?
In my groovy script, I want to redirect the output from the groovy script into the collectors log file? What should be the groovy code, to redirect the output to the collectors log file? Can anyone help me here?61Views5likes1Commentsending Windows syslogs to Logicmonitor
I know this is going to be a duh moment. But back in our Proof of Concept we setup 2-3 widows boxes to send logs to Logicmonitor so they can be parsed int he Logs section of the GUI. I cannot for the life of me find in the documentation or remember how we set it up. The only thing i can see is that we have System.pushmodules = logusage. It wont let you add that property manually so I’m guessing its just hidden somewhere else in the GUI.Solved118Views15likes2Comments☁️ Monitor Azure Resource Events with LogicMonitor Logs
I have a strong preference for Microsoft Azure due to its exceptional capabilities! I recently wrote a blog post showcasing how to bring your resource events to the LogicMonitor platform. This way, you can set up alerts for critical business operations, such as when a new user is added to your Active Directory (Entra), or when a file is deleted from your blob storage. I hope you find it as helpful as I did! Monitor Azure Resource Events with LogicMonitor Logs Do you use LogicMonitor or any other monitoring platform to address unique use cases? Share your stories with us!86Views13likes0CommentsCan I monitor a JSON file? Example included.
Hi, We have a script that runs and creates an output like the file attached. We need to be able to parse this file and look at the “replication” and “counts_match” fields and alert if we don’t find certain criteria. Can LM do that? I think that LM can only access files directly if they are on a collector, so we’d make sure this file ends up there. Thanks. I guess I can’t attach a file so here’s what it looks like: { "replication": [ { "db_name": "db1 ", "replication": "running ", "local_count": "12054251", "remote_count": "8951389", "counts_match": "false" }, { "db_name": "db2 ", "replication": "running ", "local_count": "0", "remote_count": "0", "counts_match": "true" }, { "db_name": "db3 ", "replication": "running ", "local_count": "0", "remote_count": "0", "counts_match": "true" }, { "db_name": "db4 ", "replication": "running ", "local_count": "97", "remote_count": "97", "counts_match": "true" }, { "db_name": "db5 ", "replication": "running ", "local_count": "0", "remote_count": "0", "counts_match": "true" } ] }Solved466Views12likes5CommentsLM Logs parser conditional formatting operator
Submitted to LM Feedback under the title “LM Logs parser colorization based on criteria” As an engineer who is trying to see how certain logs relate to other logs, it would be helpful if I could highlight specific logs in context with other logs by using an advanced search operator to colorize certain logs that meet a certain criterion. For example, I run this query often: "PagerDuty Ticket Creation" | parse /(.*) (SUMMARY|ERROR|INFO|DEBUG): (.*)/ as Script, Severity, Msg One of the fields I parse is the Severity, which as you can see can have values of SUMMARY, ERROR, INFO, or DEBUG. It would be nice if I could add an operator to the query that would let me colorize rows based on the value of the parsed Severity column (Severity just in this case; for the general case, any expression on any column). For example, I'd like to run the query: "PagerDuty Ticket Creation" | parse /(.*) (SUMMARY|ERROR|INFO|DEBUG): (.*)/ as Script, Severity, Msg | colorize Severity == "ERROR" as orange | colorize Severity ~ /SUMMARY|INFO/ as green The result would be that rows in the table that have a value of "ERROR" would have a background color of orange (a muted orange) and rows in the table that have a value of "SUMMARY" or "INFO" would be colored green. Since the DEBUG logs don't match any colorization operator, they would have the default color of white. It might be handy if one *or* two colors could be passed, allowing me to change the color of the text and the background, or just the background. It would be ok if I could only choose from a set list of colors, but it would be great if I could specify an RGBA color.43Views12likes0Comments