Upload
dinhthuan
View
237
Download
7
Embed Size (px)
Citation preview
CA UIM Log Analytics
Gain Full Stack Visibility With Contextual Log Insights
Mark TukhPrincipal Presale Consultant CA Division @ NESS AT
2 © 2017 CA. ALL RIGHTS RESERVED.
Analytics is the New Battleground
> 50%large organizations globally will compete using advanced analytics & proprietary algorithms
40%enterprises' net-new analytics investment will go to predictive / prescriptive
75%technology-oriented business intelligence competency centers will evolve to focus on information insight generation
2
Source: Gartner
3 © 2017 CA. ALL RIGHTS RESERVED.
Analytics In Our DNA
ANALYTICS EMBEDDED THROUGHOUT CA PORTFOLIO
AGILE MANAGEMENT AGILE OPERATIONS DEVELOPER PRODUCTS
CONTINUOUS DELIVERY MAINFRAME SECURITY
3
API analyticsRelease management dashboard Access incident responseReal-time service status
4 © 2017 CA. ALL RIGHTS RESERVED.
Why Monitor Logs?
Lot of information ONLYavailable in logs – for networks, servers as well as apps
Provide additional context to identify root cause and bottlenecks
Can provide “canary in a coal mine” messages
User information from logs & performance & fault data together can help capacity planning
Perception that “unstructured” data cannot be monitored well
6 © 2017 CA. ALL RIGHTS RESERVED.
Rear-view focused Usually Stand-AloneLack guided, situation-aware
decision making
Log Analysis tools: burden of insight discovery on users
CAPEX: Challenging value/pricing model
OPEX: Extra integration & support effort
7 © 2017 CA. ALL RIGHTS RESERVED.
Lifting the Burden
ANALYTICS-DRIVEN APPLICATIONS*
ANALYTICAL PLATFORM & SKILLS
IN-HOUSE DATA SCIENCE
IN-HOUSE DOMAIN EXPERTISE
+
+
YOUR BURDEN OUR ALTERNATIVE
*Fueled by advanced analytics, algorithms, machine learning...
8 © 2017 CA. ALL RIGHTS RESERVED.
CA’s Approach To Log Analytics Provide Contextual Analytics for Superior Experience
LOG ANALYTICS
Infrastructure Performance.
NetOps
Context
RAPID ROOT CAUSE
OPTIMIZED IT RESOURCES
ANOMALY DETECTION App Performance
Our play is “Unified Monitoring”, not a standalone tool
PREDICTIVE IDENTIFICATION
9 © 2017 CA. ALL RIGHTS RESERVED.
CA Log Analytics add-onContextual Insights for rapid issue identification
Multi-source aggregation with out of the box dashboards and reports
Search and ad-hoc analysis
Correlation and contextual alerts
Scalable, cost-effective ELK storage
Unified, template based configuration via existing tools
Capabilities In Detail
11 © 2017 CA. ALL RIGHTS RESERVED.
Log Analytics CapabilitiesDrill Down into a Log Type for Detailed Analysis
▪ Normalization, analysis and rich visualization for various log types
▪ Supported types:
– Syslog & MS Windows event log
– Apache access and error
– Tomcat access and Catalina
– Microsoft IIS
– Java log4j
– Docker
– Oracle and Microsoft SQL Server
12 © 2017 CA. ALL RIGHTS RESERVED.
Log Analytics CapabilitiesOOTB dashboards identify key events, trends to keep an eye on
▪ Compare unstructured log and event data over time to identify patterns
▪ Correlation across diverse logs and data sets and CA Unified Infrastructure Management alarms
▪ Summary insights into key events to help you focus
13 © 2017 CA. ALL RIGHTS RESERVED.
Log Analytics CapabilitiesAd-Hoc Search for Proactive Resource Optimization and root cause analysis
▪ Easy search & extensibility across different log types
▪ Save queries or policies for future use and proactive correlation
14 © 2017 CA. ALL RIGHTS RESERVED.
Log Analytics CapabilitiesConfiguration through Templates Save Time
▪ Configure and deployment monitoring through the same monitoring configuration services in CA Unified Infrastructure Management
▪ Rapid monitoring deployment through templates across groups/devices
15 © 2017 CA. ALL RIGHTS RESERVED.
Log Analytics CapabilitiesAlarms Pushed for Proactive and Rapid Issue Resolution
▪ Relevant log event alarm pushed in to CA Unified Infrastructure Management for rapid issue resolution
▪ Ability to open Log Analytics dashboards in context
▪ Tightly integrated with CA Unified Infrastructure Management workflows
Analytics Platform & CA Log Analytics Architecture
17 © 2017 CA. ALL RIGHTS RESERVED.
CA Agile Operations tools (UIM+ Spectrum+ APM)
CA log agent
or
agent-less
K
A
F
K
A
ELK Datastoreand CA Analytics Platform services - with open, rich
APIs
Windows/Linux
Application Servers
Network Devices
Cloud
Third party/IOT
Log Analytics: The Big Picture
18 © 2017 CA. ALL RIGHTS RESERVED.
Elastic Stack
o Elasticsearch:o - Schema optional document oriented database
o - Distributed and highly available search engine.
o - APIs: HTTP RESTful API and Native Java API
o - (Near) Real Time Search and Analytics
▪ LogStash:▪ - Framework for managing Events and Logs
▪ - Collect, Parse and Enrich data
▪ - Modular design with Inputs, Outputs and Filters
▪ - Enhanced with custom grok patterns for Log Analytics
19 © 2017 CA. ALL RIGHTS RESERVED.
Elastic Stack
o Kibanao - Schema optional document oriented database
o - Distributed and highly available search engine.
o - APIs: HTTP RESTful API and Native Java API
o - (Near) Real Time Search and Analytics
20 © 2017 CA. ALL RIGHTS RESERVED.
▪ Log_forwarder:
A light-weight log collection agent that reads log files on the monitored servers/devices and publishes the data on UIM
Message Bus (default subject: LOG_ANALYTICS_LOGS)
▪ Axa_log_gateway:
Receives log data from UIM by listening to subject LOG_ANALYTICS_LOGS and writes the data to AXA Kafka topic
logAnalyticsLogs for processing by Log Parser
▪ Log_monitoring_Service: Queries Elastic data at predefined schedule and will provide the following output:
• Match_Count metric for the count of matches found
• Alarm if the match count exceeds a predefined threshold
• Alarms containing sample matched logs lines (number of sample lines configurable)
New UIM probes for Log Analytics
22 © 2017 CA. ALL RIGHTS RESERVED.
Overall Picture
© 2017 CA. ALL RIGHTS RESERVED.
Unified Visibility and Reporting
Application to Infrastructure
Correlation
Continuous Operational Insight
Proactive and Predictive Analytics
AO Analytics Platform (Elastic Search)
Logs and Traces Metrics and Alarms Topology
End User(Mobile, Web, IoT)
Business KPIs(SFDC, Social,… )
OpenRESTful
APIs
Custom Data Sources
APMTransactions & Metrics
Topology
UIMMetric, Alerts, Logs,
Topology
NetworkFault, Perf, Logs
Anomaly Detection Pattern Recognition Neural Networks
Operation Analytics Applications
Use Cases
24 © 2016 CA. ALL RIGHTS RESERVED.
25 © 2017 CA. ALL RIGHTS RESERVED.
Drill Down into alarm or event
Performance Dashboard
Sample Use Case - DockerContextual drill down for rapid issue resolution
Contextual launch of Log Analytics
26 © 2017 CA. ALL RIGHTS RESERVED.
Sample Use Case – Alarm EnrichmentSpeed issue resolution to delight today’s demanding users
Product search is slow Log Analytics
User drills down to the issue
IN CONTEXT LAUNCH
OF LOG ANALYTICS
System and log alarms in CA UIM
27 © 2017 CA. ALL RIGHTS RESERVED.
28 © 2017 CA. ALL RIGHTS RESERVED.
Use Case – Syslog enrichment for CA Spectrum
Network Infrastructure
Log Analytics
Richer context with Syslog
s
y
s
l
o
g
Root cause alarm based on syslog
Can apply to other tools for syslog or other logs too
29 © 2017 CA. ALL RIGHTS RESERVED.
Use Case - Alarm/Inventory Analytics
Third-Party Open Source Tools
First Phase – CA Spectrum, CA Unified Infrastructure Management, CA Performance Management
Inventory and alarms sent to CA Agile Operations Analytics
• Alarm inventory dashboards for availability, grouping by geo, branch, agency, et al
• Correlation to other related events like syslog
CA Agile Operations Analytics
CA Agile Operations Analytics
CA Agile Operations Analytics Dashboards
30 © 2016 CA. ALL RIGHTS RESERVED.
Principal Presale Consultant
Mark Tukh
www.linkedin.com/in/mark-tukh