We recently enabled "Premium" Log Analytics, and selected a specific log file type (windows application log) for ingestion. Having done that, any other log files now show a "start monitoring" link beside them. Can somebody clarify what "start monitoring" does? We still seem to be able to select and view the log files that are not being ingested so presumably the files are already "monitored". When I click "start monitoring" I get taken to the "Configuration of log sources" screen, so I presume that this operation simply adds the log file to the list of ingested files (?)
A related question is "where can I see a summary of files that are being ingested"? I had selected the Windows Application Log file on a number of servers for ingestion, but when I go back into the "Configuration of Log Sources" screen I do not see any way of viewing this info...
Solved! Go to Solution.
you understood correctly, "Start monitoring" adds the file to the list of files considered for ingestion.
All files considered for ingestion are visible here: You have to select "include the following log files". I have to apologize for the confusing UI, usability improvements are planned.
what would help us in order to improve our assistance to you would be the following information:
If you can confirm that no data was previously stored and you can still analyze files not intended for ingestion we have to follow-up with a supportcase
What I still am not clear on is how you would obtain a view of the files that have been selected for ingestion. When I enter the "Configuration of log sources" I see (as you note) all files that could be ingested... but I want to know what is currently configured / selected for ingestion.
When I initially turned on the Premium Log Analytics it was set, for a few minutes, with "Include all files"... I then realized that this was a mistake and changed the setting so that only the Windows Application Log files on specific servers are selected. When I enter the "Log files" screen, however, the GUI shows "159 Process Groups" and "174 hosts"... even though the Windows Application Log files would only relate to one process group on 57 servers... so it appears that some other files are bing ingested (or were ingested).
You asked some question... my answers are as follows:
What product version are you using?
-> We are on 1.168
How did you navigate to the file NOT intended for storage (via Host detail view, bookmark, URL,..)
-> I simply clicked on "Log files" from the main interface then selected a server + file... I am able to download/view files even
though the "Start monitoring" link is shown beside the file name.
If I followed correctly, you are stating that we should not be able to view/analyze any log file that is not selected for ingestion... is that correct?