Create Log Template in ISD UI

A log template is a type of template that is used for doing . In ISD UI, you can create a log Template on the Setup → Analysis Templates page. To create a log template follow the steps below:

Users can create a log template after creating an application. If you haven’t created an application already, click .

1. From the application dashboard, click "Setup" and click “Analysis Templates” and then click "+New Template" button. Refer to the image below.
2. After clicking “+New Template” button, two options appear for you to choose the type of template you want to create. Select the “Log Template” from the available options as shown in the below image.
3. The New Log Template window appears and it has three sections to update the necessary parameters as shown below:

   1. : Select the data source for analysis and provide relevant parameters

   2. : Strings that appear in logs with their characterization

   3. : Create custom tags based on business logic.

Log Provider

Select the data source for analysis and update the relevant parameters as per the below instructions.

• Log Template Name: Provide a unique name to the Log Template in the text box.

• Provider: Select the data source from the Provider drop-down. Based on the selection there will be new options added. In this section, we have selected Elastic Search as an example. Once selected, the new options appear as shown in the image below:
• Log Account: Select the Account of the Log provider from the “Log Account” drop-down. Refer Integrations tab under Setup for Log Account.

• Index Pattern: Index containing logs for processing.

• Query Filter Key: Unique Key which identifies logs to be processed in the index

• Response Keywords: Field name in the index containing logs to be processed

• Timestamp Key (Optional): Unique Key which identifies the timestamp for the log. By default, it is the timestamp for ElasticSearch and Graylog.

• Turn on/off toggle button:

  • Custom Regex: Custom Regular Expression to filter the logs.

  • Autobaseline: ML based learning of the baseline from historic analysis.

  • Contextual Cluster: Enable/disable cluster of unexpected events in similar context.

  • Info Cluster Scoring: Enabling this option will include INFO clusters in scoring.

• Sensitivity: Select the Level of Sensitivity from the drop-down. Sensitivity means the importance of warning or error. For example - If the sensitivity is high any error or warning will be considered as highly sensitive and the penalty in the final risk score will be more. If medium or low, the penalty in the risk score will be moderate or low respectively.

• Click Next to update the Log Topics section.

Log Topics

The Log Topics screen is where the intelligence is provided to the application. Here we have listed some of the most common errors in the industry and categorized them as Critical, Error, Warn and Ignore. The categorization has been done based on industry standards. For example - OutofMemoryError is a show stopper. We have also provided the option for you to change the category based on your requirements.

After updating the Log template section with the necessary parameters, the Log Topics screen appears as shown below:

In the above screen you can do the following:

1. Click the Characterization Topic drop-down to change the category of the error. So for example, you can set the OnOutOfMemoryError to WARN from CRITICAL. Refer to the image below:
2. Click the Delete icon to delete a string pattern as shown below:
3. Click the “+” icon to add a new log topic and a new row will be added. Update the string and set the category as you want and then click “Next” as shown below:

Log Tags

After you click Next, the Log Tags screen appears. As a user, you might want to give some business logic-related input to the analysis. The Log tags help you to do the same. In this screen, you can add the cluster tags. Issues like Infrastructure, build error, etc. you can pre-define in this screen. Refer to the image below:

To add a cluster tag, follow the steps below:

1. From the “LogTags” screen, click on the “+New Cluster Tag” button as shown below.
2. Enter the Cluster Tag string and give a name to the Cluster Tag. Refer to the image below:
3. Click “+New” button to add a new row of Cluster Tag and enter the Cluster Tag string and give a name to the Cluster Tag. In the same way you can create multiple Cluster Tags. Refer to the image below.
4. After adding the Cluster Tag click the “Submit” button. Refer to the image below.

After creating Log Template, it appears in the list for an application on the “Analysis Templates” page as shown below: