Viewing the logs for an alert on the Log viewer
Summarize
Summary of Viewing the logs for an alert on the Log viewer
The Log viewer in the Service Operations Workspace allows ServiceNow customers to explore log data by timestamp or time range, search for specific log text, and visualize anomalies in log frequency. It supports detailed analysis around Log Analytics alerts by displaying charts of anomaly frequency and corresponding log lines within a critical time window. This functionality helps identify important metrics and relationships in logs that can drive alert rule creation.
Show less
Key Features
- Log Browsing and Searching: Browse logs based on timestamps or time ranges, and search for particular text within logs to pinpoint relevant events.
- Anomaly Visualization: View charts showing the frequency of anomalous log lines one minute before and after an alert, aiding in rapid anomaly detection.
- Detailed Log Information: The Log viewer table displays columns such as Time, Application Service, Component, Message, Level (severity), Host, and optionally the raw log message, providing comprehensive context for each log entry.
- Customization: Personalize the Log viewer by filtering search results to focus on relevant data and adding or removing columns to tailor the displayed information.
- Saved Searches: Define, save, modify, and share searches to efficiently analyze recurring log patterns and determine alert causes.
- Alert Rule Definition: Use insights gained from log analysis to define Log Analytics alert rules that trigger on specific log data conditions.
Practical Use for ServiceNow Customers
ServiceNow customers can leverage the Log viewer to quickly investigate alerts by correlating anomaly frequency with detailed log messages, streamlining root cause analysis. The ability to customize views and save searches enhances efficiency in monitoring and troubleshooting. Moreover, creating alert rules based on discovered metrics allows proactive management of system health and timely responses to operational issues.
The Log viewer in the Service Operations Workspace enables you to browse the logs by timestamp or time range, to search for particular log text, and to visualize the frequency of anomaly occurrences in a particular time period. If you discover an important metric in the log data, you can use it to define a Log Analytics alert rule.
The Log viewer displays a chart of the frequency of anomalous log lines during one minute before and one minute after the Log Analytics alert. In addition, the viewer lists the associated log lines.
| Column | Description |
|---|---|
| Time | Timestamp of the log line in the format that the source uses. If no value appears, then check the source type structure of the raw data. |
| Application service | Application service in which the metric was found. |
| Component | Logical component of the service instance that generated the event. Multiple CIs can sometimes perform the same function. |
| Message | Inner message of the raw log line that contains the text of the system-generated log message regarding the nature of the occurrence. |
| Level | Type of event. The available values, in order of importance, are:
|
| Host | Host identifier from the log line that consists of the hostname or IP address of the endpoint. |
| Log message | The raw log message without the header. |
- Filter search results on the Log viewer to show only the data you want to view.
- Customize the Log viewer table by adding or removing columns.
As you analyze the logs for an alert, you can modify the search query to fine-tune the search, and save useful searches. For more information, see Define, save, and share a search of log data.
If you discover important relationships in the log data, you can define the type of alert that the data should trigger. For more information, see Add a Log Analytics alert rule.