Log Insight features built-in machine learning capabilities. One of these capabilities is event types. In Log Insight 3.0 a subtle, but important enhancement has been made. Read on to learn more!
By default, the Interactive Analytics (IA) page displays events:
In addition to this option you can also view event types:
Event types serve two primary functions today:
- Event summarization: Groups events that are identical except for a few variables (e.g. hostname, some value, etc)
- Schema discovery: Provides a few to name and chart variables (e.g. hostname, some value, etc)
The limitation with event types is that they can only be seen on the Event Types tab of the IA page — note that event types can be used on filters and grouped by on any tab. This is a limitation because the Event Types tab displays information based on event summarization. The end result is that you cannot view event types in context — similar to view events in context features.
In Log Insight 3.0, event types can now be viewed in context! To see this, navigate to the IA page and the Events tab. Next to any event, select the gear icon to the left:
You will see two new options:
- Highlight Events Like This: This option will highlight all events that match the event type you are currently on. For example:
- Colorize Event Types: This option will colorize all event types so you can see event types on context. For example:
As well as in the View event in context:
Similar to the view events in context features, event type highlighting and colorization makes it easier to perform troubleshooting and root cause analysis. The feature makes it easy to see when a specific event types occurs with or without the context of other event types. If looking at a single device you can now see what happen before and after a particular event type. You could also determine rare event types and what happen before or after them.
Event types can now be viewed in context within the events tab of the IA page. Individual event type highlighting as well as colorization of all event types is possible. How do you use this new feature to perform troubleshooting?
© 2015, Steve Flanders. All rights reserved.