Reviewing the logs that are connected with an alert on the Log Viewer in Health Log Analytics

  • Release version: Zurich
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Reviewing the logs that are connected with an alert on the Log Viewer in Health Log Analytics

    The Log Viewer in Health Log Analytics for ServiceNow Zurich release enables you to explore logs linked to alerts by timestamp or time range, visualize anomaly frequency, and customize data views. This tool helps you understand the context of anomalies, facilitating faster root cause analysis by providing detailed log data and anomaly trends immediately before and after an alert.

    Show full answer Show less

    Key Features

    • Log Browsing: View all log data associated with a Log Analytics alert, including the query, selected component, and time filters.
    • Data Customization: Personalize displayed data by adding or removing filters and adjusting time ranges independently of other settings.
    • Anomaly Frequency Visualization: See a chart showing the frequency of anomalous log lines one minute before and after an alert to identify trends.
    • Search Management: Modify search queries to fine-tune investigation, save useful searches, and share them with team members.
    • Saved Search Utilization: Use and edit your saved searches to streamline repeated analysis tasks.
    • Table Customization: Add or remove columns in the log data table to focus on relevant metrics.

    Key Outcomes

    • Improved ability to analyze logs around anomalies, providing essential context to identify the root cause of alerts.
    • Enhanced flexibility in filtering and visualizing log data, supporting more efficient troubleshooting.
    • Capability to define new custom Log Analytics alert rules based on important metrics discovered during log analysis.

    The Log Viewer tab lets you browse the logs for an alert by timestamp or time range, and visualize anomaly frequency within a specific time period. Customizing the displayed data and adjusting time filters enables you to better understand the framework in which the anomaly occurred, helping you find the root cause faster.

    The Log Viewer presents all data connected with the Log Analytics alert. It shows the query that relates to the anomaly, the selected component, and the appropriate time filter. You can personalize the displayed data, and manually adjust the time range without affecting the other settings. The applied filters appear in the Filters pane. You can add or remove filters as needed to show only the data you want to view.

    The Log Viewer displays a chart of the frequency of anomalous log lines during one minute before and one minute after the Log Analytics alert and lists the associated log data. This information helps you identify trends leading up to and following the event, providing context for root cause analysis.

    As you analyze the logs for an alert on the Log Viewer, you can modify the query to fine-tune the search, save useful searches, and share them with others. For a description of the information displayed in the Log Viewer table, see Log Viewer table fields.

    You can perform the following tasks on the Log Viewer:

    If you discover an important metric in the log data, you can use it to define a new Log Analytics alert rule. For more information, see Define a custom Log Analytics alert rule in Health Log Analytics.