This project hosts scripts and configuration files used to monitor the logs of IBM B2B Products.
To begin, you will need to install a monitoring server.
Once it's done, you will need to install Filebeat on every server that needs to be monitored.
Finally, you will need to install the monitoring configuration tied to the application you want monitored from the following available applications :
The Log Dashboard contains 3 views. Each of them counts the number of logs that were generated by application, by host and by the log level.
It can be reached by going on the "Dashboard" tab in Kibana and opening the "Log Dashboard".
Inclusion and exclusion filters can be created in Kibana by clicking on the desired field to filter (for example, clicking on the "ERROR" log level) and then by clicking on either of the magnifying glass icons. The "+" icon will ensure that all results must contain the desired field. The "-" icon will remove the specified value from the search results.
Once the filter is created, you can hover over the filter visual indicator and "Pin" it so that it will remain active as you move between the views in Kibana.
You can also enter queries in the search box by following the Kibana syntax.
For example, to get all the logs that contain the words "replication" and "failure", the query may look like this :
replication AND failure
You can also create negative filters. For example, the following filter removes any log that contains the words "replication" and "failure" :
-replication AND -failure
Note that queries can only filter one word at a time, it doesn't support sentences.
You can also specify specific fields to filter. For example, to filter the log level that contain the word "ERROR" :
logLevel: ERROR
Here is a list of example queries using different fields:
application: Cassandra
host: myhostname.mycompany.com
logLevel: INFO
loggerName: "IndexSummaryManager.java"
message: replication
shortHost : myhostname
source: "/home/svteam/IBM/GlobalMailbox/apache-cassandra/logs/system.log"
type: cassandra
The discover view is used to read details about the logs. It can be customized to show only the desired fields in the columns.
Hint : When creating filters, you can pin them so that you can switch between the "Discover" and "Dashboard" views. A typical workflow starts in the log Dashboard to narrow down the logs to investigate by applying filters to the time window, log level, application and host. Once the filters are in place and pinned, the "Discover" view will only show the remaining logs.