Information on the Overview tab for a Log Analytics group

  • Release version: Xanadu
  • Updated August 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Information on the Overview tab for a Log Analytics group

    The Overview tab in Health Log Analytics provides a comprehensive view of Log Analytics groups, helping you understand the relationships and details of alerts within a group. It is a key feature for analyzing alert correlations, associated configuration items (CIs), and impacted services.

    Show full answer Show less

    Key Features

    • Correlations banner: Alerts are scored based on correlations in their log data, which include matching time intervals, metadata (such as host or user name), message text similarity, and trends in metric values. Higher scores indicate stronger correlations, aiding in identifying related alerts.
    • Correlations list: Displays groups of correlated Log Analytics alerts, showing the number of alerts and common log correlators (e.g., IP address, host name). This helps you identify clusters of related alerts to address efficiently.
    • Alerts in group section: Lists the individual Log Analytics alerts within a group. Clicking on an alert allows you to view detailed information, enabling focused investigation and resolution.
    • Configuration Items (CIs): Provides access to detailed information about the CIs associated with the alerts. You can view this information via the Configuration Items tab or by selecting the View more option, facilitating deeper impact analysis on infrastructure components.
    • Impacted services: Shows detailed information on services affected by the alerts, accessible through the Impacted services tab. This helps prioritize remediation based on service impact.
    • Alerts in group tab: Offers a full list of all Log Analytics alerts within the group for comprehensive visibility and management.

    Practical Application for ServiceNow Customers

    This overview equips ServiceNow customers with a clear, organized interface to analyze alert correlations, understand which configuration items and services are impacted, and efficiently navigate through grouped Log Analytics alerts. It supports faster incident analysis and prioritization by highlighting correlated alerts and their common attributes.

    The alert Overview tab in Health Log Analytics helps you understand Log Analytics groups.

    Sections on the Overview tab for Log Analytics groups

    For a detailed description of Log Analytics groups, see Types of Health Log Analytics alerts.

    Correlations banner

    During initial analysis, alerts are scored. Each correlation in the alert's log data with another alert contributes to the score. The higher the score, the more likely the alert is to be included as a Log Analytics alert in a Log Analytics alert.

    The following kinds of data are considered when determining whether alerts are correlated:

    • Time: The events all occurred within a configured time interval.
    • Metadata: The alerts have matching values in log-line metadata. For example, all alerts involve the same host.
    • Message text: The message text in the log data is similar or identical between alerts.
    • Trend: The alerts show a similar tendency in values or rates. For example, a particular metric value is increasing in all alerts.
    Click the More info link on the Correlations banner to view the list of correlations that relate the Log Analytics alerts.
    Figure 1. Correlations banner
    Click More info to open the Correlations list.
    Figure 2. Correlations
    Correlations lists log correlators and Log Analytics alerts per group.
    1. List of correlations: The first correlation in the list is expanded to show the individual Log Analytics alerts that are correlated and the log correlator that the alerts share. The number in parentheses is the number of alerts in the correlation.
    2. An individual log correlator: The identifier for a group of correlated Log Analytics alerts. The alerts are grouped by the log-line data or metadata that is common to the alerts (for example, IP address, host name, or user name). The number in parentheses indicates the number of correlated alerts.
    3. Log Analytics alerts that are correlated.
    Alerts in group

    For a Log Analytics alert (Alert0010166 in the example), the Alerts in group section shows the Log Analytics alerts that are grouped under the Log Analytics alert.

    Click a Log Analytics alert to view its details. To view the full list of Log Analytics alerts, click View more or click the Alerts in group tab. See View the list of Log Analytics alerts in a Log Analytics group.

    Figure 3. Viewing alert details
    Click a Log Analytics alert to view its details.
    Configuration Items
    To view more detailed information on the CIs that are associated with the alerts, click the Configuration Items tab or click View more in the Configuration Items section. See Operator phase 1: Analyze and acknowledge an alert.
    Impacted services
    To view detailed information on the services that are impacted by the alerts, click the Impacted services tab. See Operator phase 1: Analyze and acknowledge an alert.