Sections and cards on the Overview tab for a Log Analytics group

  • Release version: Xanadu
  • Updated August 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Sections and cards on the Overview tab for a Log Analytics group

    The Overview tab in the Service Operations Workspace provides a comprehensive view of Log Analytics groups, which are clusters of related Log Analytics alerts. This tab helps you quickly understand the issues identified, how alerts are correlated, and the impact on configuration items and services. It is designed to support efficient incident analysis and resolution by presenting relevant alert data in an organized manner.

    Show full answer Show less

    Key Features

    • Identified issue card: Displays the main issue triggering the alert, including a banner with alert information and a title reflecting the identified problem. You can select View correlations to see related alert correlations.
    • Correlations list: Shows how alerts are scored and grouped based on correlations in log data. Correlation criteria include:
      • Time: Events occurring within a configured interval
      • Metadata: Matching values in log-line metadata, such as the same host
      • Message text: Similar or identical log message content
      • Trend: Similar tendencies in values or rates, like increasing metrics
    • The first correlation expands to show individual correlated alerts and the log correlator identifier, which groups alerts by common log-line data (e.g., IP address, host name).
    • Alerts in group card: Lists all Log Analytics alerts within the group. You can select individual alerts for detailed views or choose View all to see the full list and relevant details. This list is also accessible via the Related records tab under Alerts in group.
    • Impact Configuration Items card: Provides information about the configuration items affected by the alerts.
    • Impacted services card: Shows which services are impacted by the alert group, helping prioritize response based on service criticality.

    Key Outcomes

    • Quick identification of the root cause of alerts through the identified issue and correlations.
    • Efficient grouping and analysis of related alerts using correlation scoring based on multiple log data attributes.
    • Clear visibility into the scope of impact on configuration items and services, enabling prioritized remediation.
    • Accessible and comprehensive alert details via the Overview and Related records tabs, facilitating faster incident investigation and resolution.

    The Overview tab in the Service Operations Workspace helps you understand Log Analytics groups.

    For a detailed description of Log Analytics groups, see Types of Health Log Analytics alerts.

    Summary

    Identified issue

    This card describes the issue that led to the alert. The identified issue appears on the card and in the title for the alert. Information about the alert appears in the banner.

    Figure 1. Identified issue
    Identified issue appears here and in alert title.

    Select View correlations to view the list of correlations that relate the Log Analytics alerts.

    Correlations list

    During initial analysis, alerts are scored. Each correlation in the alert's log data with another alert contributes to the score. The higher the score, the more likely the alert is to be included as a Log Analytics alert in a Log Analytics group.

    The following kinds of data are considered when determining whether alerts are correlated:

    • Time: The events all occurred within a configured time interval.
    • Metadata: The alerts have matching values in log-line metadata. For example, all alerts involve the same host.
    • Message text: The message text in the log data is similar or identical between alerts.
    • Trend: The alerts show a similar tendency in values or rates. For example, a particular metric value is increasing in all alerts.
    Figure 2. Correlations
    Correlations lists log correlators and Log Analytics alerts per group.
    1. List of correlations: The first correlation in the list is expanded to show the individual Log Analytics alerts that are correlated and the log correlator that the alerts share.
    2. An individual log correlator: The identifier for a group of correlated Log Analytics alerts. The alerts are grouped by the log-line data or metadata that is common to the alerts (for example, IP address, host name, or user name). The number in the blue square indicates the number of correlated alerts.
    3. Log Analytics alerts that are correlated.
    Alerts in group

    For a Log Analytics alert, the Alerts in group card shows the Log Analytics alerts that are grouped under the Log Analytics alert. Select a Log Analytics alert to view its details.

    Figure 3. Alerts in group
    Select a Log Analytics alert to view its details.

    Select View all to the view the list of all Log Analytics alerts in the group and relevant information about them. You can also view the Alerts in group list by selecting the Related records tab and then selecting Alerts in group. For more information, see View the list of Log Analytics alerts in a Log Analytics group

    Impact

    Configuration Items
    This card provides information about the CIs that are impacted by the alert.
    Impacted services
    This card provides information about the services that are impacted by the alert.
    Figure 4. Impact section
    Impact section provides information on the impacted CIs and services.