Overview of analyzing and resolving a Log Analytics alert

As an Operator, you're responsible for analyzing and resolving the alerts that Health Log Analytics generates. When HLA creates an alert, you review the alert's severity, the affected configuration item (CI), the log data associated with the anomaly, and the impacted services. You try to identify the root cause by investigating the logs that surround the anomaly.

In the Express List, review alert details and use Now Assist to get an in-depth analysis of the alert and potential resolutions in straightforward, human-readable language. By drilling down into the alert, you can quickly identify the issue and proceed to resolve it before it affects your users.

Using the Log Viewer, you can browse the alert logs by timestamp or range for further investigation. You can visualize the frequency of anomalous log lines in a chart.

More detailed information on tasks and procedures for analyzing and resolving Log Analytics is available via the following links.

• Start remediation of a Log Analytics alert from the Overview tab

  Begin the remediation process of a Log Analytics alert from the alert Overview tab. This tab provides information on the alert, log data associated with the anomalous behavior, CIs associated with the alert, and services impacted by it.

• Analyzing the logs around an anomaly to help find the alert's root cause in Health Log Analytics

  Review the log lines surrounding the anomaly for clues about the state of faulting systems. This information can help you narrow down the root cause of the alert.

• Use log correlators to identify relationships in log data

  Identify relationships between alerts to help you determine whether an alert is part of a larger issue.

• Navigate to the Express List and select an alert from the Alerts list.Use Now Assist to get an in-depth analysis of the alert and potential resolutions. By drilling down into the alert, you can quickly identify the issue and proceed to resolve it.
• Reviewing the logs for an alert on the Log Viewer in Health Log Analytics

  For further investigation you can navigate to the Log Viewer to browse the alert logs by timestamp or time range, and visualize anomaly frequency within a time period for a comprehensive view of log data over a specified time range.

• Add a KB article to a Log Analytics alert

  When you have resolved an alert that Health Log Analytics generated, you can add a knowledge base (KB) article to it. For example, you can provide information that might help others resolve similar issues.

For a brief explanation of key terms and concepts used in HLA, see the Health Log Analytics terminology.

Use cases

Use Case: Proactive monitoring of your ServiceNow instance in Health Log Analytics - Use Health Log Analytics to detect and resolve emerging issues in your organization's ServiceNow instance before they affect platform users.