Page | 1 Tutorial

Transcription

Page | 1 Tutorial

IT Operations Analytics Reimagined
Tutorial ......................................................................................................................................................................................... 3
Meet Stacy ............................................................................................................................................................................... 3
Getting Started............................................................................................................................................................................. 6
Dashboard FAQs........................................................................................................................................................................... 9
Third-Party License Acknowledgements .................................................................................................................................... 11
Copyright © 2015 CA. All rights reserved
Page | 1
This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the
“Documentation”) is for your informational purposes only and is subject to change or withdrawal by CA at any time. This
Documentation is proprietary information of CA and may not be copied, transferred, reproduced, disclosed, modified or duplicated, in
whole or in part, without the prior written consent of CA.
If you are a licensed user of the software product(s) addressed in the Documentation, you may print or otherwise make available a
reasonable number of copies of the Documentation for internal use by you and your employees in connection with that software,
provided that all CA copyright notices and legends are affixed to each reproduced copy.
The right to print or otherwise make available copies of the Documentation is limited to the period during which the applicable license
for such software remains in full force and effect. Should the license terminate for any reason, it is your responsibility to certify in
writing to CA that all copies and partial copies of the Documentation have been returned to CA or destroyed.
TO THE EXTENT PERMITTED BY APPLICABLE LAW, CA PROVIDES THIS DOCUMENTATION “AS IS” WITHOUT WARRANTY OF ANY
KIND, INCLUDING WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
PURPOSE, OR NONINFRINGEMENT. IN NO EVENT WILL CA BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY LOSS OR DAMAGE,
DIRECT OR INDIRECT, FROM THE USE OF THIS DOCUMENTATION, INCLUDING WITHOUT LIMITATION, LOST PROFITS, LOST INVESTMENT,
BUSINESS INTERRUPTION, GOODWILL, OR LOST DATA, EVEN IF CA IS EXPRESSLY ADVISED IN ADVANCE OF THE POSSIBILITY OF SUCH
LOSS OR DAMAGE.
The use of any software product referenced in the Documentation is governed by the applicable license agreement and such license
agreement is not modified in any way by the terms of this notice.
The manufacturer of this Documentation is CA.
Provided with “Restricted Rights.” Use, duplication or disclosure by the United States Government is subject to the restrictions set forth
in FAR Sections 12.212, 52.227-14, and 52.227-19(c)(1) - (2) and DFARS Section 252.227-7014(b)(3), as applicable, or their successors.
Copyright © 2015 CA. All rights reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their
respective companies.
Page | 2
Stacy is an IT Operations analyst working with atoz Inc, an eCommerce company based out of
United States. She has been tasked with monitoring the atoz portal and identifying any security
threats, traffic bottlenecks, and any other anomalous events. She also wants to know high-traffic
time periods and geographies so that she can see if they have enough infrastructure to support the
traffic in the different geographies.
This tutorial explains how Stacy uses forty2.io in her day job to accomplish her goals.
Stacy fetches the latest Apache log from the Apache server that hosts the atoz portal. She wants to
run the log file through the forty2.io system to see what is going on:
Upload Log File and Create Dashboard
1. Log in to the Forty2.io instance.
Note: If you do not have a login yet, sign up for our beta program.
2. Click New Dashboard on the Home page.
3. Follow the instructions in the wizard to upload the log file and create the
dashboard in two easy steps.
Goals:



Upload log file
View the dashboard
Review anomalies
Your dashboard is ready. The following screenshot shows a sample dashboard:
Page | 3
Review Anomalies
As a first thing, Stacy looks at the alerts to see if there are any anomalies that she should attend to immediately. The
following screenshot shows a sample alert pane:
She observes that IP 211.12.205.134 has issued 2881 requests in just an hours’ time. She decides to investigate the issue
further as it looks suspicious.
Investigate the Request Spike
1. Expand the alert to view more details and options.
2. Click Show me to apply the IP and time filters to the charts and log lines.
The dashboard and the log viewer are filtered contextually for the selected
alert. This helps in identifying the root cause of the problem.
3. Review the filtered charts to gather additional insights into the issue. For
example, the IP is from Australia and the hits are from various pages from
example.com.
Goals:




Investigate issues
Take action on alerts
Dismiss alerts
Review charts and draw
action plan
After Stacy gathers enough information about the issue, she decides to notify the system administrator.
Take Action on Alerts
1. Expand the alert and click Actions.
2. Click Mail your admin.
3. Specify the email ID of the admin and explain the issue and the findings.
She knows that some alerts are not really anomalies. She decides to dismiss those alerts so that she does not see them
again. For example, she wants to dismiss the “Request spike to “-“” alert.
Dismiss Alerts
1. Hover over the alert and click “x”.
2. Click Yes to dismiss the alert.
Review Charts and Draw Action Plan
After she has handled the high severity alerts, she looks at the dashboard to do predictive analysis. She looks at the Geo
map and realizes that there is a spike in requests from India, though they don’t offer services in India. She notes down to
monitor the trend and see if there is a potential market in India.
Page | 4
She also sees the 403 Forbidden responses were from a particular region in North America. This is due to a sudden spurt in
the requests from that region. The servers in that region were not able to handle the increased load and hence resulted in
403 errors. She notes down to monitor the trend and see if there is a need to deploy additional servers in that region.
Stacy thus accomplishes her goals and is ready with her action plan to report to management.
Page | 5
Forty2.io is an analytics platform that analyzes the log files that are generated from your websites and
applications. Most often, such machine-generated data is high in volume, velocity, and variety. At the same
time, the data is highly valuable for the wealth of information and data points that it contains. The analysis of
such data helps in making timely and informed business decisions.
Forty2.io provides the following key features:
Helps gain insights into anomalous transactions and events, and helps identify the root cause.
Detects situations relating to inefficiencies, opportunities, and threats.
Takes advantage of pattern recognition and anomaly detection.
Provides actionable insights into IT operational data.
Get started with the analysis of your first log file.
Supported Browsers
Use Google Chrome to access the UI.
Supported Log File
Forty2.io supports Apache log files, both custom and combined formats.
Step 1: Upload the Log File and Create Dashboard
As a first step, upload your log file and let Forty2.io create a visual dashboard for you. Click New Dashboard on
the home page and follow the instructions in the wizard to create a dashboard. Consider the following factors:



Use a smaller file (less than 100 MB) to begin with.
As a trial user, you have an upload limit of 1 GB for an account. So, ensure that you have enough
space before you upload a file. If you do not have enough space, delete existing dashboards to
make more space.
You can select any layout while creating a dashboard. You can change the layout later.
Page | 6
The following screenshot shows a sample Apache dashboard:
Step 2: Review Alerts and Take Action
An alert indicates an anomalous event in the log file. For example, there could be an unusual spike in requests
from a particular IP address, which looks suspicious. This could be a potential threat and may need further
investigation. The alerts are sorted in the reverse chronological order of their occurrence, and then by their
severity. So, the most recent alert appears first in the list. Review the alerts to see whether there are any
anomalous events that need immediate action.
Follow these steps:
1. Open the dashboard for the log file.
2. Click the alerts icon to view the list of alerts. The following screenshot shows a sample alerts pane:
3. Hover over an alert and expand to view more details and other options.
4. Click Show Me to view the charts and log lines specific to the alert.
5. Click a chart segment to drill into the details. For example, if you are investigating "404" responses alert,
click the "404" segment in "Request Count for HTTP Responses" chart.
6. Click Actions to take an appropriate an action for the alert.
Note: The Actions button is enabled only for those alerts that have a recommendation. Currently, the
recommendations are available only for alerts related to IP address. For example, depending on the
severity of the alert, you are recommended to either block or monitor the IP.
Page | 7
Dismiss an Alert
An alert can be an anomaly that you have to deal with or simply a false positive or known issue. Dismissing an
alert lets the product know that you do not want to see that alert in the dashboard again. To dismiss an alert,
click the X button in the alert.
Note: The dismissal applies only for the current log file that you are visualizing. If you add
another file that has a similar alert, the alert would resurface in the dashboard. You can
dismiss the alert again.
Step 3: Review Charts and Investigate Issues
The dashboard includes charts that are derived by analyzing the logs from operational perspective. As a
business analyst, you can gain insights into the events and make informed decisions based on data. Click on a
particular segment in the chart or a time range to view the log lines and alerts specific to the selected segment.
Step 4: (Optional) Change the Layout
The initial dashboard layout is based on the layout that you chose at the time of creating the dashboard. You
can change the layout if you need more space for a chart, for example. Choose a layout that has wider tiles in
this case.
To change the dashboard layout, click the pencil icon at the upper-right corner of the dashboard.
Page | 8
Q1: Can multiple users log in to the product with the same login credentials?
Yes, the product supports multiple sessions for a user account. So, multiple users can log in to an account
simultaneously, upload files, create, and view dashboards.
Q2: How can I remove the chart filter?
When you click on a chart segment or the links on the alert, the remaining charts, alerts, and log lines are
filtered for the selected segment. The filter is added at the bottom of the alerts pane. Hover over the filter to
delete it and return to the previous state.
Q2. How are alerts generated?
An alert indicates an anomalous event in the log file. An anomaly can be a spike or drop in a value that is of
interest to you. The values are compared on an hourly interval to identify the anomaly. For example, a web
page receives 200-300 requests per hour, over a period of ten hours. However, in one particular hour, there
were 500 requests to the page. The latter is treated as an anomaly.
Q3: How are alerts sorted?
The alerts are first sorted by time, and then by their severity. So, the most recent alert appears first. Alerts that
occurred at the same interval are then sorted by their severity.
Q4: How can I mark an alert as a false positive so that it never appears in the dashboard again?
Hover over the alert and click "X" to dismiss the alert. The dismissal applies only for the dashboard that you are
currently visualizing. If you reupload the same file or you upload a similar data file to a different dashboard, the
alert resurfaces. You can dismiss the alert again.
Q5: Why do I not see the Actions button for some alerts?
The Actions button is available only for alerts that have a recommended action; not all alerts have
recommended actions.
Q7: How can I view the log lines specific to a particular segment in the chart?
Click the chart segment; notice that the log lines are automatically filtered for the selected segment.
Q8: How can I view the alerts specific to a particular segment in the chart?
Click the chart segment; notice that the alerts are automatically filtered for the selected segment.
Q9: How are the log files Analyzed?
1. The product analyzes the uploaded file, and identifies the fields and their data types.
Page | 9
2. The file type, field labels, and data types are then stored and processed using data science algorithms.
3. The data science component identifies the anomalies and the important features in the data file.The
important features are calculated based on the number of anomalous events for a particular field and
their severities.
4. The important features are then plotted on charts and the anomalies are raised as alerts in the
dashboard.
Page | 10
To view the software license information for any of the listed components that Forty2.io uses, download the
Third_Party_License_Acknowledgements.zip file from the forty2.io site.
Component
TPSR ID
boost 1.55.0
00000743_12
Bootstrap Tour 0.10.2
00001396_1
Python client for Elasticsearch 1.6.0
00001396_10
pandas 0.16.2
00001396_11
requests 2.7.0
00001396_12
colors.js 1.1.2
00001396_15
connect-ensure-login 0.1.1
00001396_16
connect-flash 0.1.1
00001396_17
expressjs/cookie-parser 1.4.0
00001396_18
mde/ejs 2.3.4
00001396_19
elasticsearch 1.7.2
00001396_2
express-session 1.11.3
00001396_20
passport 0.3.0
00001396_21
passport-local 1.0.0
00001396_22
body-parser 1.14.1
00001396_23
express 4.13.3
00001396_24
http-proxy 1.11.2
00001396_25
morgan 1.6.1
00001396_26
NPM 2.14.6
00001396_27
yargs 3.26.0
00001396_28
Here map JavaScipt API 2.5.3
00001396_29
Page | 11
winston logger 1.1.1
00001396_30
Logstash 1.5.4
00001396_3
scikit learn 0.17
00001396_31
Kafka 0.8.2.1
00001396_4
Kibana 4.1.0
00001396_5
OpenSSL 1.0.0g
00001396_6
JSON spirit 4.08
00001396_7
gridster 0.5.6
00001396_8
scipy 0.12.1-3.el7
00001396_9
Page | 12

Page | 1 Tutorial

Transcription

Similar documents

Signing up for MCU Account Alerts

HSS.net StyleGuide

Direct Alert Instructions

Status Solutions SARA eMessenger

SARA`s eMessenger Mobile`s Spec Sheet

HomeAware - Sonic Alert

Lead Manager Sell Sheet

Proactive Alerts Model Capability

Diapositiva 1

by Multiweb by Domatica