Hi
I have configured the log forwarding on isim (beats) but when searching for the word error (Kibana) you get hits [some duplicates] hits and when you want to review these messages in the contents of the log file , even when using surrounding search option, you are not able to ty all the entries for the error together.
I have opened a case with IBM { now routing it to level 3) and thought I'll post it here as well.
Some Questions :
- How did the developers forsee to restructure the logs after it is in ELP. Elp allows us to search for text or error codes but then one looses the context of the whole entry as per log file on the appliance. there is nothing in the logs tying it together. Beat send all the updates of the logfiles as it updates and hence one cannot use the "surrounding" option in ELp to reconstruct the full log message
- Same errors/messages get logged into different files with maybe different sentences [ example when a user failed to log into the appliance] so which log files should we concentrate on for which messages. Appliance messages will go into its own messages , then there are the Liberty system files and cluster files , then there are SIB messgaes and then application messaged , there are exception files , some write in different files some dont. What is the guidelines / best practices?
- Are there ELP Dashboards developed by IBM we can use as default or to enhance our own ?
- Are there specific items we need to alert on from within the ELP based on the log files?
Regards
------------------------------
Danie Weideman
------------------------------