Symptomatic event visualizer, Part 3: A visual tour of the Log and Trace Analyzer for Java Desktop

Document options Document options requiring JavaScript are not displayed Discuss Rate this page Help us improve this content

Level: Introductory

Abdi Salahshour (abdis@us.ibm.com), Problem Determination Architect, IBM　
Kalpana Doraisamy (kdoraisa@in.ibm.com), Staff Software Engineer, IBM
Ajay G Rengasayee, Software engineer, Freelance

07 Aug 2007

This four-part series is a comprehensive usage guide that gives you an overview of the Log and Trace Analyzer for Java™Desktop, instructs you in the installation process and teaches you to configure the tool correctly. The series includes performance-enhancing tips, integration and hands-on scenarios, as well as data on the IBM Tivoli Monitoring 6.1 Events Tool. Discover how your data can be more consumable from start to finish and learn how to reduce your problem determination and maintenance costs. In part three, go on a visual tour of the technology (a screenshot is worth a thousand words), gain troubleshooting tips, and learn how to get the best performance out of the LTA-JD.

Read all the articles in this series Challenges in data collection Meet the Log and Trace Analyzer for Java Desktop A visual tour of LTA-JD The Events Tool view of LTA-JD

The purpose of this series of articles is to have, in a single place, a number of resources related to helping you make your data more consumable from start to finish and to helping you reduce your problem determination and maintenance costs.

The first article in the series discusses the current obstacles to effective data collection:

• The complexity of e-business systems. Today's business systems are a collection of distributed and heterogeneous software and hardware components.
• The variety of data and collectors/adapters. Because of the variety of collectors and the vastness of the data collected, there are several problems that are created. These include: how to consume and publish proprietary data formats; how to make differing design and standards co-exist; how to integrate ad hoc and product-specific code; how to integrate the different skill sets required to configure, maintain, and tune the various systems; and how to overcome the difficulty in correlating for enterprise-to-enterprise problem diagnostics.
• Overcoming instrumentation differences. Instrumentation differences include topics such as standards compliance, customer inconvenience and cost of ownership. In addition, when standardization is lacking, Management Tools (the consumers) need to be instrumented for every Managed Resource (the producers) with which they interact; the same is true in reverse. This is both costly and inefficient.

In part two, you got an overview of the LTA-JD, viewed an installation and configuration guide for the tool, and saw a table of the main functions of the tool.

In part four, dive into the IBM Tivoli Monitoring Events Tool view of the LTA-JD.

In this article, go on a visual tour of the LTA-JD.

A grand tour

The tour helps familiarize you with the functions, look, and feel of the tool. It covers:

• LTA-JD Viewer Screen.
• Dialogs: Choose from available event source types.
• Dialogs: Choose filters per event source that has precedence over the filter defined for all event sources.
• Events from multiple sources sorted by Creation Time.
• Employing and building filters.
• The Viewer highlighter function.
• Simple XPath Rule Builder.
• How potential events play a part in the symptoms defined by the Highlighter Rules.
• Slicing and dicing highlighter events views.
• Importing Symptoms Catalogs compliance.
• Analyzing and visualizing events against the selected Symptom Catalogs.

In essence, this article provides details of the major functionality tools of the LTA-JD, as listed in Table 1 of part two.

LTA-JD Viewer Screen

Figure 1 is the LTA-JD Viewer Screen.

Follow these steps:

1. If the drive letter of the log files shown in the Event sources box does not match the actual source of your logs, go on to step 2; otherwise, proceed to step 3.
2. From the Menu Bar, select File, Add/Remove Event Source.
   • From the Add/Remove Event Source dialog click on Select All. All logs will be highlighted.
   • Click Remove. All selected logs will be removed from the list.
   • Click Browse.
   • From the Browse dialog, click Up One Level. This will take you to the root directory, C: or D:, depending on your machine configuration. You may import event source files from an http or FTP server by providing the full URI or FTP path to the file.
   • Locate the PDLogs folder then single click on it. PDLogs will appear in the File name entry field.
   • Click on Select. The Add/Remove Event Source dialog will appear containing four log files.
   • Click OK and answer Yes to the Confirm remove of File/URL question. The Summary/Results area is now populated with log events. You may proceed to the next screen.
3. Click Reset and Filter. This is not necessary if you performed step 2. The Summary/Results area is now populated with log events.

Dialogs: Choose from available event source types

Figure 2 depicts dialogs related to importing events from event sources (such as WebSphere Application Server, DB2, and Windows).

You may choose from available event source types (which correspond to available GLA event converter to CBE adapter) to import your event source. As you notice, each event type may require different parameters to be presents for import, such as server name, user ID, and so on. To observe individual event details, select the desired event from the Results/Summary area (any field.) The results are displayed in the Events detail area. To navigate through the Events detail area, select the tabs along the top of that area.

Dialogs: Choose filters per event source ...

Figure 3 depicts dialogs related to importing events from event sources.

You may choose filters per event source that have precedence over the filter defined for all event sources. You may also adjust the time stamp of the Event Source to compensate for the clock time differences of the machine(s) that the event source was generated on.

Events from multiple sources sorted by Creation Time

Figure 4 depicts events from multiple sources sorted by Creation Time in ascending order.

Notice there are 7,205 valid Common Base Event event results and two invalid events. Typically when an error occurs, thousands of events are generated which makes the time to resolution very costly.

To sort the events by Creation Time, place the cursor on the Creation Time column and press your mouse select button. Press once to sort in ascending order, twice for descending order, and a third time to return to the order they were originally merged.

You may perform multi-level sort, for example, sorting by such attributes as Situation Category, Creation Time and Severity. After sorting by the first attribute, if you wish to do a simple multi-level sort for subsequent attributes: hold the CTL key down and select and click on the top of the corresponding column. You may repeat this for as many attributes as you wish.

To observe individual event details, select the desired event from the results/summary area (any field.) The results are displayed in the Events detail area. To navigate through the Events detail area, select the tabs along the top of that area.

Employing and building filters

Knowing the time frame when the error occurred enables you to focus on only those events that are meaningful -- by utilizing a filter, you can accomplish this. Figure 5 shows a filter by Creation Time.

The result we get is fantastic -- we went from more than 7,000 events down to 93.

So, how do you build a filter?

1. Select View from the menu bar.
2. Select Add and Remove Filters.
3. From the Add and Remove Filters dialog, the power-user can directly provide the rules using the New Filter button; novices can use the Rule Builder. The Rule Builder is not intended to be a full-fledged rule builder, but instead a simple function to assist those not familiar with XPath to compose filters quickly.
4. From the pull-down menu of the Property Name field, select the appropriate Common Base Event property for the intended filter.
5. Similarly provide Relational Operator and Value. For more complex filtering, try the Boolean Operator field.

Notice that as you enter your filter criteria, a filter statement, using XPath, is generated.

Next, look at a way to quickly visualize the problem events.

The Viewer highlighter function

Figure 6 shows off the Viewer highlighter function.

To further emphasize and improve virtualization of the events of interest, the Viewer highlighter function can highlight events using a spectrum of colors based on user-defined simple symptom rules. The highlighter rules commonly are provided, but not exclusively, by a product-knowledgeable person such as a subject matter expert (SME).

To define your own highlighters (simple symptom rules), take the following familiar steps:

1. Select View from the menu bar.
2. Select Add and Remove Highlighters.
3. From the Add and Remove Highlighters dialog, the power-user can directly provide the rules using the New Highlighter button and novices can use the Rule Builder
4. From the pull-down menu of the Property Name field select the appropriate Common Base Event property for the intended filter.
5. Similarly provide Relational Operator and Value. For more complex filtering, use the Boolean Operator field.

Notice that as you enter your filter criteria, a filter statement, using XPath, is generated.

Next, take a look at the problem.

Simple XPath Rule Builder

The simple XPath Rule Builder (Figure 7) provides a powerful composition dialog and still displays the full XPath syntax in case you're a power user that likes that. The Rule Builder is not intended to be a full-fledged rule builder, but a simple function to assist those not familiar with XPath with composing filters quickly.

Figure 8 demonstrates the XPath Rule Builder Event Property, Relational Operator, and Boolean Operator pulldown menus.

Now, discover how potential events play a part in the symptoms defined by the Highlighter Rules.

Symptoms defined by the Highlighter Rules

Figure 9 shows all the potential events that play a part in the symptoms defined by the Highlighter Rules and other events occurring around the same period of time.

Note that:

1. You can click on each individual event in the Result/Summary area and view the details in the Event Detail Area.
2. By placing your cursor on any highlighted event, you get a tool tip. These tool tips describe the symptom identified by the rule and/or the rules associated with that color.

Here are some thoughts about this function -- they correspond with the five numbered turquoise buttons in the figure:

• Event 1 indicates the start of the application, or PDWebApp. (There are other highlighted events in green that indicate the start of other applications.)
• Event 2 indicates the beginning of the application failure. It appears that the application may have tried to recover seven times.
• Event 3 are other events that were happening around the same time the application was experiencing the problem. Of specific interest is when the DB2 database was stopped (that may have be an innocent act of nature!).
• Event 4 indicates a communication error between the WebSphere Application Server and DB2.
• Event 5 indicates a Fatal communication failure between the WebSphere Application Server and DB2.

By analyzing the sequence of events, the problem appears to have been caused by the database being stopped inadvertently. If further analysis is required, these events may be selected and saved into a file. Tools such as IBM Autonomic Log and Trace Analyzer for Eclipse (LTA for Eclipse) can consume this file for deeper correlation analysis.

To save the events of interest:

1. Select the events.
2. From the menu bar, select Save selected events.
3. From the Save dialog, choose the file name and location you want to save to.

Slicing and dicing highlighter events views

The highlighter allows you to slice and dice the views, giving you a flexibility to show only what you want to see and filtering out the non-participating events (as shown in Figure 10).

Figure 11 shows you how you can further isolate and view only the highlighted events by:

• Selecting View from the menu bar.
• Selecting Show Highlighted events.

This reduces the number of events from 7207 to 16 making it much more manageable.

Importing Symptoms Catalogs compliance

Figure 12 depicts dialogs related to importing Symptom Catalogs Version 2 compliance:

You can import Symptom Catalogs from known FTP/HTTP sites, other known IBM symptom catalogs (such as WebSphere, DB2, HTTP Server, and so on), and from the local machine (customized/user-generated catalogs). You can also refresh as needed and order the sequence of the search.

Analyzing and visualizing events against Symptom Catalogs

Figures 13-15 cover analyzing and visualizing events against Symptoms Catalogs. In Figure 13, you may select the appropriate Analyze function by selecting and right-clicking on the event or form the View in the menu bar.

Figure 14 demonstrates how to associate events and visualize them for analysis.

And if you need more help (and LTA for Eclipse is installed), you may forward selected event(s) for further analysis as necessary.

Troubleshooting

So what if you have trouble with the LTA-JD? The article includes some tips for that score too.

The "Most Useful Resources" award goes to the Installation Guide and online help. Don't forget the Logging Configuration selection and dialog for troubleshooting, as seen in Figure 16:

or the Memory Monitor selection and dialog in Figure 17:

Remember, the LTA-JD can be used to analyze its own internal errors and exceptions log.

Performance tips

Share this... Digg this story Post to del.icio.us Slashdot it!

We'll keep this section short and sweet. The best ways we've found to increase the performance of this tool and get better results:

• Make your filters smarter.
• Use a bigger JVM heap.
• Use IBM JDK 1.5 (for an approximate 50 percent-plus performance boost!).

In conclusion

In the next article, dive into the IBM Tivoli Monitoring Events Tool view of the LTA-JD, discover how the ITM and LTA are integrated, learn how to set up the tool and learn details on how to customize it for optimum use.

Resources

• "Symptomatic event visualizer: Challenges in data collection" (developerWorks, June 2007) opens the door on this series by defining the current obstacles to effective data collection and introduces the tool to help you solve them -- LTA-JD.
  
  
• "Symptomatic event visualizer: Meet the Log and Trace Analyzer for Java Desktop" (developerWorks, July 2007) gives you an overview of the LTA-JD and exposes the architecture, provides an installation/configuration guide for the tool, and discusses overall functions.
  
  
• The developerWorks Autonomic computing zone has a nice "library" on system events (reporting and viewing) and using the Log and Trace Analyzer:
  • "Muse and WEF eases event reporting" (developerWorks, April 2007) details an implementation of WEF that lets you create, send, and receive WEF events using a simple Java API.
  • "Optimal message processing with WS-Notification filters" (developerWorks, May 2007) describes a way of filtering event notifications so that clients can specify a subset of a resource's notifications that they are truly interested in.
  • "Build a framework for problem determination triage" (developerWorks, March 2007) describes aspects of event visualization for triage problem determination that use concepts of autonomic computing (Log and Trace Analyzer for Java Desktop) and symptoms.
  • "Build a framework for problem determination triage, Part 2" (developerWorks, April 2007) walks you through a framework that uses event visualization and symptoms to effect problem determination.
  • "LTA for multievent software problem analysis" (developerWorks, February 2007) lets you explore a sample symptom catalog and related events that illustrate how the LTA can help you diagnose software problems when they span multiple systems.
  
  
• Get the scoop on the XPath in the W3C specification XML Path Language (XPath), Version 1.0.
  
  
• And for more on XPath and how it fits into the WS-* family of Web services standards, see the "Meet the specs" series:
  • "Meet the specs: Intro to WS-ResourceTransfer 1.0" (developerWorks, September 2006).
  • "Meet the specs: WS-RT 1.0 operations, Get" (developerWorks, November 2006).
  • "Meet the specs: WS-RT 1.0 operations, Create" (developerWorks, February 2007).
  • "Meet the specs: WS-RT 1.0 operations, fault handling" (developerWorks, March 2007).
  
  
• The developerWorks Autonomic computing zone has a nice "library" on the Common Base Event format:
  • "Common Base Event best practices: Getting it right the first time" (developerWorks, April 2006) introduces the manual, "Best Practices for the Common Base Event and Common Event Infrastructure."
  • "Common Base Event best practices: Properties and elements at a glance" (developerWorks, May 2006) is an interactive, at-a-glance properties and elements datasheet that links you to the appropriate section in the guide for more information.
  • "Log files in action: Convert z/OS logs in a snap" (developerWorks, April 2007) shows you step-by-step how to convert z/OS binary logs to the Common Base Event format for problem determination consumption.
  
  
• The developerWorks Symptoms deep dive series introduces the autonomic computing symptoms architecture and format, and details symptoms, including such information as how symptoms are represented, how to identify them, the advantages for using a standard symptom representation, and how to adopt them as part of your systems management strategy.
  
  
• Visit the developerWorks Autonomic computing zone for resources on WSDM, WEF, and cutting-edge information on other autonomic computing technologies.
  
  
• Browse the technology bookstore for books on these and other technical topics.
  
  

• Download the Log and Trace Analyzer for Java Desktop, available in Linux and Windows flavors.
  
  

• Participate in the discussion forum.
  
  
• Test drive a developerWorks community blog, join in a developerWorks forum, or listen to a developerWorks Podcast to keep up with the latest in cutting-edge technologies.

About the authors

		Abdi Salahshour is a Senior Software Engineer, problem determination architect, Master Inventor at IBM's Autonomic Computing Technology and Development, and is currently an architect for the Plug and Manage architecture. He began working for IBM in 1982 and served in many roles -- from design and development of database diagnostic tools to system management and self-healing architecture and enablement in heterogeneous and distributed environments. He was a member of IBM Problem Determination Council, is one of the authors of the IBM Common Base Event specification, one of the principal designers and implementers of the Generic Log Adapter, and the architect and designer of the Log and Trace Analyzer for Java Desktop.

		Kalpana Doraisamy is a Staff Software Engineer at IBM focusing currently on Lightweight Infrastructure for Systems Management. In her previous role she worked with the Log and Trace Analyzer for Autonomic Computing for more than two years. She was one of the senior developers of the Log and Trace Analyzer for Java Desktop. She holds a bachelor's degree in Computer Science and Engineering from Government College of Technology, Coimbatore, India.

		Ajay Rengasayee was a System Software Engineer at IBM India Software Lab, Autonomic Computing. He was a developer for Log and Trace Analyzer for Autonomic Computing and related technology for two years.He was one of the developers for Log and Trace Analyzer for Java Desktop.

Rate this page

Please take a moment to complete this form to help us better serve you. Did the information help you to achieve your goal? Yes No Don't know   Please provide us with comments to help improve this page:   How useful is the information? 1 2 3 4 5 Not useful Extremely useful

Back to top