Logs Widget
The Logs widget provides the capability to view logs in SevOne Data Insight.
General
The General tab enables you to select resources for which you want to view the logs.
Perform the following steps to set the widget settings for General tab.
Both SPLUNK and ELK datasources can read ~40 MB/minute or ~50 GB/day of logs.
SPLUNK
- Click the Log Datasource drop-down and select the SPLUNK datasource to retrieve its logs.
- Enable Use Aliases to allow the query on the alias.
- By default, Advanced mode is enabled to use resource select mode, configure a device name mapping in the datasource settings.
- Enter <a search query> in field Query. For example, * or host=* or severity_id* or host=* severity_id=*
- Click Run - it will search for any log that contains the search query entered in field
Query.Note: Run button is only available when one or more fields are changed in the General tab.
- Disable Advanced mode.Important: To disable the Advanced Mode, configure a device name mapping in the datasource settings.
- Click the Datasource drop-down and select the SevOne NMS cluster or appliance.
- From the Resource Type drop-down, select Device to choose one or more devices. Or, select Device group to choose one or more devices that belong to it.
- Click Run to generate a Log report based on the configuration.Note: Run button is only available when one or more fields are changed in the General tab.
Example
- When the following fields are configured, the log report dynamically refreshes based on the
change made.
- By default, timespan / time zone selected is Past 7 days New_York. Click the button to
change the timespan / timezone. Select one of the following options:
- Past <n> hours, days, weeks, months, quarter, year to display data from hours, days, weeks, months, quarter, or year ago until now.
- Today - to display data from 12:00am today until now.
- Yesterday - to display data from 12:00am yesterday until 12:00am today.
- Last week, month, quarter, year - to display data from 12:00am on the first day of the last completed week, month, quarter, or year to 11:59pm on the last day of the last completed week, month, quarter, or year.
- This week, month, quarter, year - to display data from 12:00am on the first day of the week, month, quarter, or year until now.
- Customize the time span with From and To date / time.
- Click Select button to choose the modified timespan / time zone.
- In the Result limit field, enter the number of results to display.Important: Result limit must be between 1 to 10,000. Limits greater than 200 can impact performance.
- Select the check boxes under Mapped columns to display as data columns in the table. The
names in the second column are the names for the columns that appear in the report. You may modify
the names in the second column to your choice. Currently, mapping can only be done with
Device, Severity, or Timestamp (which are not within the SPLUNK
instance).Note: Click on a device in the Device column and it allows you to choose a report to link to.
Severity column shows the severity badges such as, Info, Error, Notice, etc. similar to SevOne Data Insight Alert widgets. - Select the check boxes under Raw columns to display as data columns in the table. The names in the second column are the names for the columns that appear in the report. You may modify the names in the second column to your choice.
- By default, timespan / time zone selected is Past 7 days New_York. Click the button to
change the timespan / timezone. Select one of the following options:
ELK
- Click the Log Datasource drop-down and select the ELK datasource to retrieve its logs.
- Click Index drop-down to select the index to search on. For example, staging-nms.
- Enable Use Aliases to allow the query on the alias.
- Enable Advanced mode to enter a custom query. When enabled, widget linking and chaining
interactions are not available.
- Enter <a search query> in field Query. For example, * or host=* or severity_id=* or host=* severity_id=*
- Click Run - it will search for any log that contains the search query entered in field
Query.Note: Run button is only available when one or more fields are changed in the General tab.
- Disable Advanced Mode.Important: To disable the Advanced Mode, configure a device name mapping in the datasource settings.
- Click the Datasource drop-down and select the SevOne NMS cluster or appliance.
- From the Resource Type drop-down, select Device to choose one or more devices. Or, select Device group to choose one or more devices that belong to it.
- Click Run to generate a Log report based on the configuration.Note: Run button is only available when one or more fields are changed in the General tab.
- When the following fields are configured, the log report dynamically refreshes based on the
change made.
- By default, timespan / time zone selected is Past 7 days New_York. Click the button to
change the timespan / timezone. Select one of the following options:
- Past <n> hours, days, weeks, months, quarter, year to display data from hours, days, weeks, months, quarter, or year ago until now.
- Today - to display data from 12:00am today until now.
- Yesterday - to display data from 12:00am yesterday until 12:00am today.
- Last week, month, quarter, year - to display data from 12:00am on the first day of the last completed week, month, quarter, or year to 11:59pm on the last day of the last completed week, month, quarter, or year.
- This week, month, quarter, year - to display data from 12:00am on the first day of the week, month, quarter, or year until now.
- Customize the time span with From and To date / time.
- Click Select button to choose the modified timespan / time zone.
- In the Result limit field, enter the number of results to display.Important: Result limit must be between 1 to 10,000. Limits greater than 200 can impact performance.
- Select the check boxes under Mapped columns to display as data columns in the table. The
names in the second column are the names for the columns that appear in the report. You may modify
the names in the second column to your choice. Currently, mapping can only be done with
Device, Severity, or Timestamp (which are not within the ELK
instance).Note: Click on a device in the Device column and it allows you to choose a report to link to.
Severity column shows the severity badges such as, Info, Error, Notice, etc. similar to SevOne Data Insight Alert widgets.
- Select the check boxes under Raw columns to display as data columns in the table. The names in the second column are the names for the columns that appear in the report. You may modify the names in the second column to your choice.
- By default, timespan / time zone selected is Past 7 days New_York. Click the button to
change the timespan / timezone. Select one of the following options:
Linking
The Linking tab enables you to select a data element and link it to a related report or report template. Perform the following steps to add, delete, and edit links.
Perform the following steps to set the widget settings for Linking tab.
- Include report links allows report consumers to click on a data element such as, device name, and link it to the related report. Enable to include the report link that you configure. If you want to prevent the report link from being included, disable it. Continue with the steps below to configure the report link.
- By default, Report Link 1 is enabled.Note: If you wish to exclude the report link, disable Report Link 1.
- The Clicking on drop-down has only one possible data item - Device. When report linking is enabled, clicking on this data item will link to the report or report template that you specify below.
- Click the Links to report drop-down and select one or more reports or report templates to display when you click on the data item that you specified in the previous step.
- To remove the report link, click .
- If the report link has been deleted, you may click to add.
Example: SPLUNK
When you click on a device, for example, Attleboro-R1, as show in this example, you are seeing Alert Drill Down Report in the list. Alert Drill Down Report is a Global Report Link on device, Attleboro-R1. You may obtain the information on which report(s) device Attleboro-R1 is linked to from left navigation bar > Configure > Report Linking.
Now, link device, Attleboro-R1, to report Device Summary. You will now see that device Attleboro-R1 contains Alert Drill Down Report and Device Summary in the list.
If you click on Device Summary in the list, device, Attleboro-R1, is passed to the report and it will gather all the device summary for Attleboro-R1.
Charts
The Charts tab enables you to define how you want to display the report data.
Visualizations
The charts provide 3 visualizations for SPLUNK and ELK.
Table
The Table visualization displays the data as a table. Perform the following steps to set the widget settings for the Table visualization.
- Select the Table visualization by clicking .
- STYLES
- Enable Show title to enter the title name in the text field provided and display it in report. Else, disable it.
- Enable Show subtitle to enter the sub-title name in the text field provided and display it in the report. Else, disable it.
- Enable Allow column reordering to allow the columns that display in the report to be reordered. Else, disable it.
- Enable Allow showing/hiding columns to allow columns in the report to be hidden and unhidden. If you choose, you may disable it.
- Enable Wrap cell content to wrap long text in a data row so that all text displays. Disable it to display as much text as fits into the cell with ellipses to indicate there is more text.
- By enabling Show search bar, the search capability is available to perform a search in
the table. Disable it if you do not want the search capability. If Show search bar is
enabled, you may click
to allow Search by column.
Pie
The Pie visualization displays the data as a pie graph. Perform the following steps to set the widget settings for the Pie visualization.
- Select the Pie visualization by clicking .
- PIE CHART TITLE
- Enable Show title to enter the title name in the text field provided and display it in report. Else, disable it.
- Enable Show subtitle to enter the sub-title name in the text field provided and display it in the report. Else, disable it.
- PIE VISUALIZATIONS
- It provides 3 different visualizations.
- Donut
- Pie
- Nightingale
- Donut
- Under Radius, extend the bar to the right to increase the radius or shorten the bar to decrease the radius.
- Enable Show labels to display labels for the device name, object name, indicator name, and percentage of the pie graph. Else, disable it.
- Enable Enable "Others" to add a slice called Others that rolls up values below the percentage value entered in field Percentage.
- Under Group by, click the drop-down to choose mapped or raw options from
the list.Important: Selecting options with too many unique values (such as, a timestamp) may freeze your browser.
- It provides 3 different visualizations.
- LEGEND
- Enable Enable legend to display a legend for the graph. Else, disable it. Select one of
the following options.
- Standard - to display legend in the standard format.
- Click the Position drop-down to specify where you would like the legend to appear in relation to the graph. The position is set to Bottom by default. Other options include Top, Left, and Right.
- Table - to display the legend in table format.
- Standard - to display legend in the standard format.
- Enable Enable legend to display a legend for the graph. Else, disable it. Select one of
the following options.
Bar
The Bar Chart visualization displays a graph of qualitative independent variables. Perform the following steps to set the widget settings for the Bar visualization.
- Select the Bar Chart visualization by clicking .
- BAR CHART TITLE
- Enable Show title to enter the title name in the text field provided and display it in report. Else, disable it.
- Enable Show subtitle to enter the sub-title name in the text field provided and display it in the report. Else, disable it.
- BAR VISUALIZATIONS
- Click Aggregate by drop-down to aggregate data automatically by selecting Auto. Or, you may aggregate by Minute, Hour, Day, Week, or Month.
- Enable Stack to stack the results based on the option chosen from Stack by
drop-down field.Important: Selecting options with too many unique values (such as, a timestamp) may freeze your browser.
-
LEGEND
- Enable Enable legend to display a legend for the graph. Else, disable it.
- Select one of the following options:
- Standard - to display legend in the standard format.
- Click the Position drop-down to specify where you would like the legend to appear in relation to the graph. The position is set to Bottom by default. Other options include Top, Left, and Right.
- Table - to display the legend in table format.
- Standard - to display legend in the standard format.