Information on the Overview tab for a Log Analytics group

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Information on the Overview Tab for a Log Analytics Group

    The Overview tab in the Health Log Analytics section of IT Operations Management provides insights into Log Analytics groups. It allows users to analyze and understand correlations between alerts, enhancing incident response and operational awareness.

    Show full answer Show less

    Key Features

    • Correlations Banner: Displays alerts scored based on correlation data, including timing, metadata similarities, message text, and trends. Higher scores indicate greater relevance for Log Analytics alerts.
    • List of Correlations: Shows individual Log Analytics alerts that are correlated, with identifiers indicating the log correlator and the number of alerts associated.
    • Alerts in Group Section: Lists Log Analytics alerts grouped under a specific alert, allowing users to click for detailed views of each alert.
    • Configuration Items Tab: Provides detailed information regarding Configuration Items (CIs) related to alerts.
    • Impacted Services Tab: Offers insights into services affected by the alerts.

    Key Outcomes

    By using the Overview tab, ServiceNow customers can efficiently identify and assess related alerts, understand the impact of incidents on services and CIs, and improve their overall incident management processes. This enables quicker resolutions and enhances operational efficiency for IT teams.

    The alert Overview tab in Health Log Analytics helps you understand Log Analytics groups.

    Sections on the Overview tab for Log Analytics groups

    For a detailed description of Log Analytics groups, see Types of Health Log Analytics alerts.

    Correlations banner

    During initial analysis, alerts are scored. Each correlation in the alert's log data with another alert contributes to the score. The higher the score, the more likely the alert is to be included as a Log Analytics alert in a Log Analytics alert.

    The following kinds of data are considered when determining whether alerts are correlated:

    • Time: The events all occurred within a configured time interval.
    • Metadata: The alerts have matching values in log-line metadata. For example, all alerts involve the same host.
    • Message text: The message text in the log data is similar or identical between alerts.
    • Trend: The alerts show a similar tendency in values or rates. For example, a particular metric value is increasing in all alerts.
    Click the More info link on the Correlations banner to view the list of correlations that relate the Log Analytics alerts.
    Figure 1. Correlations banner
    Click More info to open the Correlations list.
    Figure 2. Correlations
    Correlations lists log correlators and Log Analytics alerts per group.
    1. List of correlations: The first correlation in the list is expanded to show the individual Log Analytics alerts that are correlated and the log correlator that the alerts share. The number in parentheses is the number of alerts in the correlation.
    2. An individual log correlator: The identifier for a group of correlated Log Analytics alerts. The alerts are grouped by the log-line data or metadata that is common to the alerts (for example, IP address, host name, or user name). The number in parentheses indicates the number of correlated alerts.
    3. Log Analytics alerts that are correlated.
    Alerts in group

    For a Log Analytics alert (Alert0010166 in the example), the Alerts in group section shows the Log Analytics alerts that are grouped under the Log Analytics alert.

    Click a Log Analytics alert to view its details. To view the full list of Log Analytics alerts, click View more or click the Alerts in group tab. See View the list of Log Analytics alerts in a Log Analytics group.

    Figure 3. Viewing alert details
    Click a Log Analytics alert to view its details.
    Configuration Items
    To view more detailed information on the CIs that are associated with the alerts, click the Configuration Items tab or click View more in the Configuration Items section. See Operator phase 1: Analyze and acknowledge an alert.
    Impacted services
    To view detailed information on the services that are impacted by the alerts, click the Impacted services tab. See Operator phase 1: Analyze and acknowledge an alert.