cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

What does "Start Monitoring" do when log files when Log Analytics ("Premium") is enabled?

jeff_rowell
Organizer

We recently enabled "Premium" Log Analytics, and selected a specific log file type (windows application log) for ingestion. Having done that, any other log files now show a "start monitoring" link beside them. Can somebody clarify what "start monitoring" does? We still seem to be able to select and view the log files that are not being ingested so presumably the files are already "monitored". When I click "start monitoring" I get taken to the "Configuration of log sources" screen, so I presume that this operation simply adds the log file to the list of ingested files (?)

A related question is "where can I see a summary of files that are being ingested"? I had selected the Windows Application Log file on a number of servers for ingestion, but when I go back into the "Configuration of Log Sources" screen I do not see any way of viewing this info...



2 REPLIES 2

Hi,

you understood correctly, "Start monitoring" adds the file to the list of files considered for ingestion.

All files considered for ingestion are visible here: You have to select "include the following log files". I have to apologize for the confusing UI, usability improvements are planned.


what would help us in order to improve our assistance to you would be the following information:

  • What product version are you using?
  • Analyzing a file NOT considered for ingestion is actually possible if data was already ingested previously at some point in time and thus located at the central log storage.
  • How did you navigate to the file NOT intended for storage (via Host detail view, bookmark, URL,..)

If you can confirm that no data was previously stored and you can still analyze files not intended for ingestion we have to follow-up with a supportcase

Best,

Peter


Thanks Peter,

What I still am not clear on is how you would obtain a view of the files that have been selected for ingestion. When I enter the "Configuration of log sources" I see (as you note) all files that could be ingested... but I want to know what is currently configured / selected for ingestion.

When I initially turned on the Premium Log Analytics it was set, for a few minutes, with "Include all files"... I then realized that this was a mistake and changed the setting so that only the Windows Application Log files on specific servers are selected. When I enter the "Log files" screen, however, the GUI shows "159 Process Groups" and "174 hosts"... even though the Windows Application Log files would only relate to one process group on 57 servers... so it appears that some other files are bing ingested (or were ingested).

You asked some question... my answers are as follows:

What product version are you using?
-> We are on 1.168

How did you navigate to the file NOT intended for storage (via Host detail view, bookmark, URL,..)
-> I simply clicked on "Log files" from the main interface then selected a server + file... I am able to download/view files even
though the "Start monitoring" link is shown beside the file name.

If I followed correctly, you are stating that we should not be able to view/analyze any log file that is not selected for ingestion... is that correct?