Sections and cards on the Overview tab for a Log Analytics group

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Sections and cards on the Overview tab for a Log Analytics group

    The Overview tab in the Service Operations Workspace provides a consolidated view to help you understand and analyze Log Analytics groups. This tab presents key information about the alerts within a Log Analytics group, helping you quickly identify issues, their correlations, and impacted configuration items and services.

    Show full answer Show less

    Key Features

    • Identified Issue Card: Displays the issue that triggered the alert. This issue is prominently shown on the card and as the alert title, with additional alert details in the banner. You can select View correlations to explore related alerts linked by common characteristics.
    • Correlations List: Alerts are scored and grouped based on correlations in their log data. Correlation criteria include:
      • Time: Events occurring within a specific time window.
      • Metadata: Matching log-line metadata values such as host names.
      • Message text: Similar or identical log message content.
      • Trend: Similar trends in metric values or rates across alerts.
      The list details correlated alerts and the common log correlator that groups them, helping you understand the relationships between alerts.
    • Alerts in Group Card: Shows all Log Analytics alerts grouped under a specific Log Analytics alert. Selecting an alert reveals detailed information. You can view all alerts in the group via the View all option or through the Related records tab by selecting Alerts in group.
    • Impact Section: Provides insight into Configuration Items (CIs) and services affected by the alert, enabling you to assess the scope and potential business impact quickly.

    Practical Use for ServiceNow Customers

    By using the Overview tab, you can efficiently diagnose issues by viewing the root cause, examining correlated alerts to understand broader patterns, and identifying which assets and services are impacted. This facilitates faster incident response and more informed decision-making. Additionally, the ability to drill down into grouped alerts and view related records streamlines investigation workflows within the Service Operations Workspace.

    The Overview tab in the Service Operations Workspace helps you understand Log Analytics groups.

    For a detailed description of Log Analytics groups, see Types of Health Log Analytics alerts.

    Summary

    Identified issue

    This card describes the issue that led to the alert. The identified issue appears on the card and in the title for the alert. Information about the alert appears in the banner.

    Figure 1. Identified issue
    Identified issue appears here and in alert title.

    Select View correlations to view the list of correlations that relate the Log Analytics alerts.

    Correlations list

    During initial analysis, alerts are scored. Each correlation in the alert's log data with another alert contributes to the score. The higher the score, the more likely the alert is to be included as a Log Analytics alert in a Log Analytics group.

    The following kinds of data are considered when determining whether alerts are correlated:

    • Time: The events all occurred within a configured time interval.
    • Metadata: The alerts have matching values in log-line metadata. For example, all alerts involve the same host.
    • Message text: The message text in the log data is similar or identical between alerts.
    • Trend: The alerts show a similar tendency in values or rates. For example, a particular metric value is increasing in all alerts.
    Figure 2. Correlations
    Correlations lists log correlators and Log Analytics alerts per group.
    1. List of correlations: The first correlation in the list is expanded to show the individual Log Analytics alerts that are correlated and the log correlator that the alerts share.
    2. An individual log correlator: The identifier for a group of correlated Log Analytics alerts. The alerts are grouped by the log-line data or metadata that is common to the alerts (for example, IP address, host name, or user name). The number in the blue square indicates the number of correlated alerts.
    3. Log Analytics alerts that are correlated.
    Alerts in group

    For a Log Analytics alert, the Alerts in group card shows the Log Analytics alerts that are grouped under the Log Analytics alert. Select a Log Analytics alert to view its details.

    Figure 3. Alerts in group
    Select a Log Analytics alert to view its details.

    Select View all to the view the list of all Log Analytics alerts in the group and relevant information about them. You can also view the Alerts in group list by selecting the Related records tab and then selecting Alerts in group. For more information, see View the list of Log Analytics alerts in a Log Analytics group

    Impact

    Configuration Items
    This card provides information about the CIs that are impacted by the alert.
    Impacted services
    This card provides information about the services that are impacted by the alert.
    Figure 4. Impact section
    Impact section provides information on the impacted CIs and services.