Viewing the logs for an alert on the Log viewer
Summarize
Summary of Viewing the logs for an alert on the Log viewer
The Log viewer tab in ServiceNow enables customers to browse, search, and analyze log data related to alerts. It displays a chart visualizing the frequency of anomalous log lines around the time of a Log Analytics alert and lists the associated log entries. This functionality helps customers identify important metrics and relationships in logs that can be used to create alert rules.
Show less
Key Features
- Log Browsing and Searching: Browse logs by timestamp or time range, and search for specific log text to locate relevant data quickly.
- Visualization: View a frequency chart of anomalous log lines one minute before and after a Log Analytics alert to understand event patterns.
- Detailed Log Information: The Log viewer table includes columns such as time, service instance, component, message, event level, host, and raw log message (optional).
- Customization: Filter search results to display only relevant data and customize the Log viewer table by adding or removing columns to suit your analysis needs.
- Saved Searches: Define, save, and share searches of log data to streamline repetitive analysis and collaborate effectively.
- Alert Rule Definition: Identify significant log metrics and define Log Analytics alert rules based on these insights to proactively monitor your environment.
Using the Log viewer Effectively
- View charts and associated log data to analyze alert causes.
- Modify and save search queries to refine investigations and retain useful search criteria for future use.
- Apply filters to narrow down log entries and focus on specific events or timeframes.
- Customize table columns to display the most relevant log details for your troubleshooting or monitoring workflow.
Important Notes
- The Raw message column is not shown by default but can be enabled via the Filters pane for deeper log content inspection.
- These features are supported in the Health Log Analytics and Health Log Analytics Viewer applications, versions from July 2021 onwards, available from the ServiceNow Store.
The Log viewer tab enables you to browse the logs by timestamp or time range, to search for particular log text, and to visualize the frequency of anomaly occurrences in a particular time period. If you discover an important metric in the log data, you can use it to define a Log Analytics alert rule.
The Log viewer displays a chart of the frequency of anomalous log lines during one minute before and one minute after the Log Analytics alert. In addition, the viewer lists the associated log lines.
| Column | Description |
|---|---|
| Time | Timestamp of the log line in the format that the source uses. If no value appears, then check the source type structure of the raw data. |
| Service instance | Service instance in which the metric was found. |
| Component | Logical component of the service instance that generated the event. Multiple CIs can sometimes perform the same function. |
| Message | Inner message of the raw log line that contains the text of the system-generated log message regarding the nature of the occurrence. |
| Level | Type
of event. The available values, in order of importance, are:
|
| Host | Host identifier from the log line that consists of the hostname or IP address of the endpoint. |
| Log message | The raw log message without the header. |
- Filter search results on the Log viewer to show only the data you want to view.
- Customize the Log viewer table by adding or removing columns.
As you analyze the logs for an alert, you can modify the search query to fine-tune the search, and save useful searches. For more information, see Define, save, and share a search of log data.
If you discover important relationships in the log data, you can define the type of alert that the data should trigger. For more information, see Add a Log Analytics alert rule.