Guest Post by Shimrit Yacobi, Software Engineer and Naama Shwartzblat, Technical Marketing Manager
When working with complex IT systems, you can always rely on your logs to give you a clue about what went wrong. Logs can keep track of all of the interactions and events within your systems. The challenge for large IT systems is finding what you need when there are so many log files distributed over so many devices—some of which are not even accessible. Where do you start?
The solution is to use one centralized tool to collect the logs from your entire environment, store them, and provide smart search and data manipulation capabilities.
Today we’d like to highlight three key features of HP Operations Log Intelligence (“OLI”) to manage your logs! OLI can help remove the stress involved with maintaining and searching your logs and IT operations with:
Log data is increasing by the minute. Some tools have license models based on the volume of log data. Users have to keep track of how much data they have to ensure that their log management tool continues to function. Usually, when there is a major IT problem, log data increases exponentially (because it is keeping track of the additional error messaging). This can become really expensive under the data volume model or worse, it can cause your log management tool to fail at the time you need it most.
Operation Log intelligence has a license model that does not suffer from this issue. OLI is licensed on a per-node basis, so there are no restrictions on the amount of incoming log data.
Searching across log data sources can be very time consuming, especially in virtualized environments. Due to OLI’s natural language and fast text-based searching, domain experts are able to perform in-depth log analysis quickly and easily.
The OLI search tool includes an easy-to-use autocomplete search as well as search history, and examples of searches. It supports both simple and complex queries.
OLI leverages the ArcSight Common Event Format (CEF) that does not require any familiarity with source-specific log. OLI ships with a bundle of smart connectors for various log file sources, which handle the raw data and send to HP OLI messages fully indexed and available for fast searching and dash-boarding via a simple Google-like search interface. OLI provides interactive searches across all logs, a comprehensive drill-down dashboards, and real-time alerting.
The single console dashboard can search on multiple OLI’s. Each OLI instance can handle search rates of up to 100k events per second while maintaining high collection rates and storage efficiency. This allows you to collect and store all log data to support real-time incident management, compliance and other data retention requirements.
Interesting search patterns can easily be converted into real-time alerts via SMTP, SNMP, or syslog for fast detection and mitigation of IT operations issues.
OLI is based on HP’s well-proven ArcSight Logger technology and patents for efficient search and storage, customized specifically for IT Operational performance.
OLI offers multiple storage options and efficiently compresses log data at an average ratio of 10:1. All the highly compressed data is archived to provide fast returns on searches.
A single instance of HP OLI can capture raw logs at rates of up to 100,000 events per second, compress and store up to 42 TB of log data, and execute searches at millions of events per second.