Q. How is OpsAnalytics different than Log Management?
A. Log Management is a part of OpsAnalytics. While data such as logs and machine data can give a lot of information about an issue after-the-fact so that you can debug easily, IT still needs to proactively continue to monitor the end to end environment and be able to predict and prevent problems before they even occur. They need to combine their existing monitoring strategies with log management, and predictive analytics and reporting. This combined approach is OpsAnalytics.
Q. Do I need to buy Logger to get OpsAnalytics
A. Logger is available as a free download from www.hp.com/go/opsanalytics. If you already have OMi, you can download Logger as well as the integration pack, and start using it right away.
Q. Who needs OpsAnalytics?
A. All modern data centers using hybrid delivery will be interested in this new solution. In particular, customers already using OMi, will see the advantage of linking Logger’s capabilities to assist IT Operators gain deeper insight into IT availability and performance by triggering events based on pattern matching and other analytics of the myriad of error and log files.
Q. I have OMi and I have Logger. Do I have OpsAnalytics?
A. To get the maximum benefit of Logger along with OMi, you’ll want to download the integration pack from www.hp.com/go/opsanalytics. This will allow the bi-directional flow of data between Logger and OMi.
Q. I already have OMi. How do I get Logger?
A. The free version of Logger is available for download to provide fast time to value and usable for a 6 month duration allowing storage of up to 750MB of logs / day and 500GB of uncompressed logs. More detailed configurations for increased coverage can be specified and tailored to suit customer needs.
Q. What version of OMi do I need?
A. OMi 9.20 and later
Q. What version of ArcSight Logger do I need?
A. Logger 5.3
Q. I can see things like debug messages in my logs. What is the added benefit of OMi in this case?
The integration of ArcSight Logger with HP OMi allows Logger to generate events in OMi providing IT with a single console of all IT events across their converged cloud environment.
Through the integration, critical information that is discovered by Logger can open an event in OMi so that IT can be notified immediately and start to take action to remediate the issue.
OMi consolidates events across both logger and other monitoring tools to be able to correlate issues that might be related, speeding the time to resolution.
The strong correlation capabilities of OMi make it much faster to drill down into the problem areas.
The cross launch capabilities from OMi into Logger provide an in context view to start a triage and troubleshooting shortening the time to get to the root cause.
Q. What are the search capabilities in Logger and how do they helps?
Logger provides powerfull natural language search capabilities across the unstructured data that has been collected.
OMi passes events into ArcSight Logger for long term storage allowing IT to easily be able to search historical events for similar events which may have happened before giving IT insights into commonly reoccurring issues. OMi’s events can be stored in Logger for long periods of time. So if the same issue occurs, IT can search through events to find commonalities. This can also be helpful in improving services, planning and deciding on the best approach that will most benefit IT and the business.
Q. Can you use an integration with other logging tools?
A. While HP Operational Analytics is provides a specific set of integrations and content for HP OMi and HP Arcsight Logger, it is possible to build an integration to other logging tools.
Q. From the HP OMi event, what event data are you using to launch into Logger and filter your Logger results because an HP event is not necessarily the same text from a monitored logfile
A. The cross launch is typically keyed off of the node in the event.
Q. Can you query all systems for a particular event ID
A. With Arcsight Logger you can collect the logs from all systems, and they run a query such as event ID across all of that data.
Q. Can I create custom log file collector for a home grown custom applications and point out where problem by correlating with other system logs.
A. Yes, HP Arcsight Logger provides the capability to create custom Logfile collection for home grown applications. Once the data is collected it is possible to run queries that correlate application logs with system logs to pinpoint problems.
Q. Can you define what is behind the word "environment"? Which OS? for example Is network part of the environment?
A. You can collect data from network devices, multiple OSes, applications etc.
Q. Is the logger continuously collecting performance metric related log data? have they got any relation with HP agents or do they work independently? where is logger data stored?
A. HP Arcsight Logger does not typically collect performance metric data, it is designed to collect unstructured data from Logfiles such as syslog, windows logs etc. There is no relationship between HP agents and Logger, they work independently. Logger has a high performance data store that provides excellent compression and retrieval performance.
Q. That alarm of performance is generated by SiteScope ???
A. Yes, and the event could have been generated by any other part of the HP BSM solution such as RUM, BPM, HP Agents, or 3rd party data collectors.
Q. Is HP Operational Analytics a part of OMi?
A. HP Operational Analytics is the combination of HP OMi and HP Arcsight Logger with some additional content and integrations that can be downloaded for free at www.hp.com/go/opsanalytics.
Q. What is the data compression rate when logger stored logs
A. It depends on the data, the rule of thumb is s 10 to 1.
__________________________________________________ Priya Kothari Director, Product Marketing HP BSM Solutions