Log Insight 3.0 UI: Event Types

Log Insight features built-in machine learning capabilities. One of these capabilities is event types. In Log Insight 3.0 a subtle, but important enhancement has been made. Read on to learn more!

li-logo

Background

By default, the Interactive Analytics (IA) page displays events:

li-events

In addition to this option you can also view event types:

li-event-types

Event types serve two primary functions today:

  • Event summarization: Groups events that are identical except for a few variables (e.g. hostname, some value, etc)
  • Schema discovery: Provides a few to name and chart variables (e.g. hostname, some value, etc)

The limitation with event types is that they can only be seen on the Event Types tab of the IA page — note that event types can be used on filters and grouped by on any tab. This is a limitation because the Event Types tab displays information based on event summarization. The end result is that you cannot view event types in context — similar to view events in context features.

Event Highlighting

In Log Insight 3.0, event types can now be viewed in context! To see this, navigate to the IA page and the Events tab. Next to any event, select the gear icon to the left:

li-event-options

You will see two new options:

  • Highlight Events Like This: This option will highlight all events that match the event type you are currently on. For example:
    li-events-highlight
  • Colorize Event Types: This option will colorize all event types so you can see event types on context. For example:
    li-event-colorization

Note that both options can be used on the Event Types tab:
li-event-types-colorization

As well as in the View event in context:

li-context-highlighting

Use-Cases

Similar to the view events in context features, event type highlighting and colorization makes it easier to perform troubleshooting and root cause analysis. The feature makes it easy to see when a specific event types occurs with or without the context of other event types. If looking at a single device you can now see what happen before and after a particular event type. You could also determine rare event types and what happen before or after them.

Summary

Event types can now be viewed in context within the events tab of the IA page. Individual event type highlighting as well as colorization of all event types is possible. How do you use this new feature to perform troubleshooting?

© 2015, Steve Flanders. All rights reserved.

Leave a Reply