Reviewing the logs for an alert on the Log Viewer in Health Log Analytics

  • Release version: Zurich
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Reviewing the logs for an alert on the Log Viewer in Health Log Analytics

    The Log Viewer in Health Log Analytics provides a powerful interface for browsing and analyzing logs related to alerts. It enables ServiceNow customers to explore log data by timestamp or time range while visualizing the frequency of anomalies. This functionality helps users quickly understand the context around an alert and accelerates root cause analysis.

    Show full answer Show less

    Key Features

    • Log Data Display: Shows all data associated with a Log Analytics alert, including the anomaly query, selected components, and applied time filters.
    • Customizable Filters: Users can add or remove filters via the Filters pane to focus on specific data, tailoring the log view to their investigative needs.
    • Time Range Adjustment: The time filter is adjustable independently, allowing flexible examination of log data before and after the alert event without altering other settings.
    • Anomaly Frequency Chart: Displays a chart illustrating the frequency of anomalous log lines one minute before and after the alert, providing trend context.
    • Search Management: Users can define, fine-tune, save, and share custom searches of log data to isolate issues more effectively and collaborate with others.
    • Table Customization: The Log Viewer table can be personalized by adding or removing columns, enabling users to focus on the most relevant log metrics.
    • Saved Searches: Owners of saved searches can modify and update these searches to refine ongoing investigations.
    • Alert Rule Creation: Important metrics identified in the logs can be used to define new custom Log Analytics alert rules for proactive monitoring.

    Practical Use for ServiceNow Customers

    ServiceNow customers can leverage the Log Viewer to efficiently investigate Log Analytics alerts by:

    • Examining detailed log data and anomaly frequency trends surrounding an alert to understand its context.
    • Using customizable filters and time adjustments to isolate relevant information without disrupting other analysis settings.
    • Creating, saving, and sharing targeted log data searches to deepen diagnostic efforts and enable team collaboration.
    • Customizing the log data presentation to highlight key metrics and potentially convert findings into new alerting rules.

    This approach facilitates faster root cause identification and enhances the overall effectiveness of incident response within the Health Log Analytics framework.

    The Log Viewer tab lets you browse the logs for an alert by timestamp or time range, and visualize anomaly frequency within a specific time period. Customizing the displayed data and adjusting time filters enables you to better understand the framework in which the anomaly occurred, helping you find the root cause faster.

    The Log Viewer presents all data connected with the Log Analytics alert. It shows the query that relates to the anomaly, the selected component, and the appropriate time filter. You can personalize the displayed data, and manually adjust the time range without affecting the other settings. The applied filters appear in the Filters pane. You can add or remove filters as needed to show only the data you want to view.

    The Log Viewer displays a chart of the frequency of anomalous log lines during one minute before and one minute after the Log Analytics alert and lists the associated log data. This information helps you identify trends leading up to and following the event, providing context for root cause analysis.

    As you analyze the logs for an alert on the Log Viewer, you can modify the query to fine-tune the search, save useful searches, and share them with others. For a description of the information displayed in the Log Viewer table, see Log Viewer table fields.

    You can perform the following tasks on the Log Viewer:

    If you discover an important metric in the log data, you can use it to define a new Log Analytics alert rule. For more information, see Define a custom Log Analytics alert rule in Health Log Analytics.