CA UIM Log Analytics Gain Full Stack Visibility With Contextual Log Insights Mark Tukh Principal Presale Consultant CA Division @ NESS AT
Analytics is the New Battleground > 50% large organizations globally will compete using advanced analytics & proprietary algorithms 40% enterprises' net-new analytics investment will go to predictive / prescriptive 75% technology-oriented business intelligence competency centers will evolve to focus on information insight generation 2 2017 CA. ALL RIGHTS RESERVED. Source: Gartner
Analytics In Our DNA ANALYTICS EMBEDDED THROUGHOUT CA PORTFOLIO AGILE MANAGEMENT AGILE OPERATIONS DEVELOPER PRODUCTS CONTINUOUS DELIVERY MAINFRAME SECURITY Release management dashboard Real-time service status Access incident response API analytics 3 2017 CA. ALL RIGHTS RESERVED.
Why Monitor Logs? Lot of information ONLY available in logs for networks, servers as well as apps Provide additional context to identify root cause and bottlenecks Can provide canary in a coal mine messages User information from logs & performance & fault data together can help capacity planning Perception that unstructured data cannot be monitored well 4 2017 CA. ALL RIGHTS RESERVED.
Log Analysis tools: burden of insight discovery on users Rear-view focused Usually Stand-Alone Lack guided, situation-aware decision making CAPEX: Challenging value/pricing model OPEX: Extra integration & support effort 6 2017 CA. ALL RIGHTS RESERVED.
Lifting the Burden YOUR BURDEN ANALYTICAL PLATFORM & SKILLS + IN-HOUSE DATA SCIENCE + IN-HOUSE DOMAIN EXPERTISE ANALYTICS-DRIVEN APPLICATIONS* OUR ALTERNATIVE *Fueled by advanced analytics, algorithms, machine learning... 7 2017 CA. ALL RIGHTS RESERVED.
CA s Approach To Log Analytics Provide Contextual Analytics for Superior Experience RAPID ROOT CAUSE OPTIMIZED IT RESOURCES App Performance Infrastructure Performance. NetOps Context LOG ANALYTICS ANOMALY DETECTION PREDICTIVE IDENTIFICATION Our play is Unified Monitoring, not a standalone tool 8 2017 CA. ALL RIGHTS RESERVED.
CA Log Analytics add-on Contextual Insights for rapid issue identification Multi-source aggregation with out of the box dashboards and reports Search and ad-hoc analysis Correlation and contextual alerts Scalable, cost-effective ELK storage Unified, template based configuration via existing tools 9 2017 CA. ALL RIGHTS RESERVED.
Capabilities In Detail
Log Analytics Capabilities Drill Down into a Log Type for Detailed Analysis Normalization, analysis and rich visualization for various log types Supported types: Syslog & MS Windows event log Apache access and error Tomcat access and Catalina Microsoft IIS Java log4j Docker Oracle and Microsoft SQL Server 11 2017 CA. ALL RIGHTS RESERVED.
Log Analytics Capabilities OOTB dashboards identify key events, trends to keep an eye on Compare unstructured log and event data over time to identify patterns Correlation across diverse logs and data sets and CA Unified Infrastructure Management alarms Summary insights into key events to help you focus 12 2017 CA. ALL RIGHTS RESERVED.
Log Analytics Capabilities Ad-Hoc Search for Proactive Resource Optimization and root cause analysis Easy search & extensibility across different log types Save queries or policies for future use and proactive correlation 13 2017 CA. ALL RIGHTS RESERVED.
Log Analytics Capabilities Configuration through Templates Save Time Configure and deployment monitoring through the same monitoring configuration services in CA Unified Infrastructure Management Rapid monitoring deployment through templates across groups/devices 14 2017 CA. ALL RIGHTS RESERVED.
Log Analytics Capabilities Alarms Pushed for Proactive and Rapid Issue Resolution Relevant log event alarm pushed in to CA Unified Infrastructure Management for rapid issue resolution Ability to open Log Analytics dashboards in context Tightly integrated with CA Unified Infrastructure Management workflows 15 2017 CA. ALL RIGHTS RESERVED.
Analytics Platform & CA Log Analytics Architecture
Log Analytics: The Big Picture Windows/Linux Network Devices Cloud CA log agent or agentless K A F K A ELK Datastore and CA Analytics Platform services - with open, rich APIs Application Servers Third party/iot CA Agile Operations tools (UIM+ Spectrum+ APM) 17 2017 CA. ALL RIGHTS RESERVED.
Elastic Stack o Elasticsearch: o - Schema optional document oriented database o - Distributed and highly available search engine. o - APIs: HTTP RESTful API and Native Java API o - (Near) Real Time Search and Analytics LogStash: - Framework for managing Events and Logs - Collect, Parse and Enrich data - Modular design with Inputs, Outputs and Filters - Enhanced with custom grok patterns for Log Analytics 18 2017 CA. ALL RIGHTS RESERVED.
Elastic Stack o Kibana o - Schema optional document oriented database o - Distributed and highly available search engine. o - APIs: HTTP RESTful API and Native Java API o - (Near) Real Time Search and Analytics 19 2017 CA. ALL RIGHTS RESERVED.
New UIM probes for Log Analytics Log_forwarder: A light-weight log collection agent that reads log files on the monitored servers/devices and publishes the data on UIM Message Bus (default subject: LOG_ANALYTICS_LOGS) Axa_log_gateway: Receives log data from UIM by listening to subject LOG_ANALYTICS_LOGS and writes the data to AXA Kafka topic loganalyticslogs for processing by Log Parser Log_monitoring_Service: Queries Elastic data at predefined schedule and will provide the following output: Match_Count metric for the count of matches found Alarm if the match count exceeds a predefined threshold Alarms containing sample matched logs lines (number of sample lines configurable) 20 2017 CA. ALL RIGHTS RESERVED.
Overall Picture Operation Analytics Applications Unified Visibility and Reporting Application to Infrastructure Correlation Continuous Operational Insight Proactive and Predictive Analytics End User (Mobile, Web, IoT) Business KPIs (SFDC, Social, ) Anomaly Detection Pattern Recognition Neural Networks Logs and Traces Metrics and Alarms Topology AO Analytics Platform (Elastic Search) Open RESTful APIs Custom Data Sources APM Transactions & Metrics Topology UIM Metric, Alerts, Logs, Topology Network Fault, Perf, Logs 22 2017 CA. ALL RIGHTS RESERVED.
Use Cases
24 2016 CA. ALL RIGHTS RESERVED.
Sample Use Case - Docker Contextual drill down for rapid issue resolution Performance Dashboard Drill Down into alarm or event Contextual launch of Log Analytics 25 2017 CA. ALL RIGHTS RESERVED.
Sample Use Case Alarm Enrichment Speed issue resolution to delight today s demanding users Product search is slow System and log alarms in CA UIM IN CONTEXT LAUNCH OF LOG ANALYTICS Log Analytics User drills down to the issue 26 2017 CA. ALL RIGHTS RESERVED.
27 2017 CA. ALL RIGHTS RESERVED.
Use Case Syslog enrichment for CA Spectrum Log Analytics Richer context with Syslog s y s l o g Root cause alarm based on syslog Network Infrastructure Can apply to other tools for syslog or other logs too 28 2017 CA. ALL RIGHTS RESERVED.
Use Case - Alarm/Inventory Analytics CA Agile Operations Analytics First Phase CA Spectrum, CA Unified Infrastructure Management, CA Performance Management CA Agile Operations Analytics Dashboards Inventory and alarms sent to CA Agile Operations Analytics Alarm inventory dashboards for availability, grouping by geo, branch, agency, et al Correlation to other related events like syslog CA Agile Operations Analytics Third-Party Open Source Tools 29 2017 CA. ALL RIGHTS RESERVED.
Mark Tukh Principal Presale Consultant Mark.Tukh@ca.com 052-6626691 www.linkedin.com/in/mark-tukh 30 2016 CA. ALL RIGHTS RESERVED.