Information on the Overview tab for a Log Analytics alert

  • Release version: Xanadu
  • Updated August 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Information on the Overview tab for a Log Analytics alert

    The Overview tab in Health Log Analytics provides a comprehensive view to help ServiceNow customers understand Log Analytics alerts. It consolidates key information and visualizations related to the alert, enabling users to quickly assess the cause, impact, and related data to effectively analyze and respond to anomalies detected in logs.

    Show full answer Show less

    Key Features

    • Identified Issue: Displays the root cause of the alert prominently in the title and on a dedicated card. Users can click the information icon to understand how the issue was detected and view surrounding logs from one minute before and after the alert to gain context.
    • Configuration Items: Provides links to detailed data about the Configuration Item (CI) associated with the alert, allowing users to investigate affected infrastructure components. This information is accessible via the Configuration Items tab or the “View more” option in the section.
    • Impacted Services: Shows detailed insights into services affected by the alert, helping prioritize and assess the operational impact. This data can be accessed through the Impacted services tab.
    • Anomaly Card: Visualizes the anomalous log activity that triggered the alert. It includes a blue line representing recent anomaly data, shaded areas indicating expected baseline behavior, and comparisons with the same hour one day earlier (peach color) or the previous week (pink color). Users can click the info icon to understand anomaly detection methodology.
    • Meaningful Log Properties: Displays bar charts that represent the distribution of log property values contributing to the anomaly. This helps identify which specific log attributes are prominent in the anomalous behavior, with percentage-based color bars for easy interpretation.
    • Top Alerts: Summarizes data from Similar alerts and Repeated alerts tabs, showing combined results. Users can drill down further by accessing the Alert Insight Similar Alerts tab for detailed analysis.
    • Top Incidents: Summarizes incident data related to the CI and related CIs, providing a total count and links to more detailed incident information for root cause and impact assessment.

    Practical Benefits

    By utilizing the Overview tab, ServiceNow customers can quickly identify the cause and context of Log Analytics alerts, understand affected components and services, and analyze anomaly patterns. This facilitates faster incident response, better prioritization, and informed decision-making to maintain service health and operational stability.

    The alert Overview tab in Health Log Analytics helps you understand Log Analytics alerts.

    Sections and cards on the Overview tab for Log Analytics alerts

    For a detailed description of Log Analytics alerts , see Types of Health Log Analytics alerts.

    Identified issue

    The "identified issue" led to the alert. The issue appears in the title for the alert and on a card on the tab. Information about the alert appears in the banner.

    Figure 1. Identified issue
    Identified issue appears here and in alert title.
    • Click the information icon (Information icon.) to see how the issue was identified.
    • Click View surrounding logs to view the log lines that were generated one minute before and one minute after the alert. See Analyze log lines that surround an anomaly.
    Configuration Items
    To view more detailed information on the CI that is associated with the alert, click the Configuration Items tab or click View more in the Configuration Items section. See Operator phase 1: Analyze and acknowledge an alert.
    Impacted services
    To view detailed information on the services that are impacted by the alerts, click the Impacted services tab. See Operator phase 1: Analyze and acknowledge an alert.
    Anomaly
    The Anomaly card illustrates the anomalous activity that led to the alert.
    • The blue line shows the recent anomalous activity.
    • On some charts, the lightly shaded area indicates the expected (learned baseline) behavior.

      A peach-shaded area represents the baseline values for the same hour one day earlier. A pink-shaded area shows the values for the same period in the previous week.

    • Click the information icon to see how the anomaly was identified: Information icon.
    In this example, the peach-shaded area shows the same data for the same hour one day earlier. The spike in the metric value (events per minute) is clearly visible.
    Figure 2. Anomaly card
    Anomaly card identifies and illustrates anomalous behavior.
    In this example, the pink-shaded area represents the baseline values for the same hour in the previous week.
    Figure 3. Anomaly card with baseline values one week earlier
    Baseline values for same hour in previous week.

    For more information on the kinds of anomalies that you might encounter, see Types of anomalous behavior.

    Meaningful log properties
    On the Meaningful log properties card, each bar chart shows the distribution of values for a single log property that contributed to the anomaly. Each property value is associated with a color. The length of a color bar correlates to the percentage that the property value holds in comparison with all other values for the property. For the p_a5 property in the example, the value EUR appeared in 56.12% of log lines, GBP in 13.67%, and so on.
    Figure 4. Meaningful log properties
    Meaningful log properties shows the relative frequency of occurrence for property values.
    Top alerts

    The Top alerts card displays summaries of data from the Similar alerts and Repeated alerts tabs. The Total results value is the sum of the two values. Click More details to open the Alert Insight Similar Alerts tab. For details, see Information on the Alert Insight Similar Alerts tab.

    Figure 5. Top alerts
    Top alerts shows counts of total, similar, and repeated alerts.
    Top incidents

    The Top incidents card displays summaries of data from the Incidents on CI and Incidents on related CIs tabs. The Total results value is the sum of the two values. Click More details to open the Incidents on CI tab.

    Figure 6. Top incidents
    Top incidents shows counts of total results, incidents on CI, and incidents on related CIs.