The ONTAP EMS logs that feed into NetApp Data Infrastructure Insights (DII) are a super valuable and powerful resource.
I really like the way DII graphs a count of logs, so, if you focus on something specific, you can see problems arising (usually problems start with infrequent log warnings, then escalate and you get many logs alerting about the same thing at the same time.)
An example below is where I am monitoring something specific to see whether they get resolved by support teams or not, and - ignoring the first and final bars - I can see that nothing much is going on from 23rd Dec to 4th Jan (i.e. these errors which need to be resolved keep popping up). Time to chase up Support!
Dashboard vs Log Query
Personally, if I'm going to create some kind of graphic to help Support Teams with troubleshooting, then I would use a Dashboard. Dashboard is - of course - a lot more powerful than simply using a Log Query display for a presentation. If I am simply setting up log alerts, then I would use Log Query (testing & basic analysis). The advantage with dashboard is that you can add extra widgets to your graphic display, like notes to say what it is we are actually trying to illustrate with our chart; and bring in other features too (being mindful the best dashboards are clear, simple, to the point and intuitive.)
logs.netapp.ems - Dashboard Template
I create a template dashboard called "logs.netapp.ems - template".
Note: Create the attributes after (2), then go back and edit (2) with the "Filter by Attribute" and variables.
Name = logs.netapp.ems - Template
The attributes at the top (click + Add Variable then Attribute):
- logs.netapp.ems.ems.ems_message_type
- logs.netapp.ems.message
- logs.netapp.ems.ems.cluster_name
- logs.netapp.ems.ems.node_name
This will allow me to filter on the message type, the message itself (perhaps a wildcard), cluster and node, which should be sufficient for the majority of scenarios.
Then 3 x widgets:
- Note Widget (Note)
- Title: Note
- Content: A clear and concise description of the dashboard.
- Time Series Graph Widget (Time Bar Chart)
- Title: Count of logs.netapp.ems by source
- Query Type: Log
- Chart Type: Time Bar Chart
- Log: logs.netapp.ems
- Display: (Dashboard Time)
- Filter by Attribute:
- ems.ems_message_type = $ems.ems_message_type
- message = $message
- ems.cluster_name = $ems.cluster_name
- ems.node_name = $ems.node_name
- Filter by Metric:
- Group by: source
- Show: Top 20 + Show Others (20 is the maximum)
- Table Widget
- Title: logs.netapp.ems
- Query Type: Log
- Log: logs.netapp.ems
- Display: (Dashboard Time)
- Filter by Attribute:
- ems.ems_message_type = $ems.ems_message_type
- ems.message = $message
- ems.ems_cluster_name = $ems.cluster_name
- ems.ems_node_name = $ems.node_name
- Filter by Metric:
- Group by: All
- Columns in this order:
- timestamp
- ems.cluster_name
- ems.node_name
- ems.ems_message_type
- message (default selection)
- Remove source as contains UUIDs and not useful.
- Note: message will be the widest column, so you might want to resize to give it the most width.
The Finished "logs.netapp.com - Template" dashboard:
The configuration of (2) - Time Series Graph Widget (Time Bar Chart):
The configuration of (3) - Table Widget
Comments
Post a Comment