top of page

View Troubleshooting Results

Introduction | Log Analysis List View | Root Cause and Remediation

IP Address NOT Found | Video | NOTE | Property 3.1 | Property 3.2


 

Introduction

 

All the results from a Troubleshooting are captured in the Log Analysis Table.

To view the Troubleshooting Results, click the { View Log Analysis } UI Action on the Troubleshooting Form.

The Log Analysis Table is the single table that consolidates and captures all the information used by Discovery Admin to derive the best recommendation to fix why something isn't being discovered.


 

Log Analysis List View

 

The Log Analysis List View displayed via the { View Log Analysis } UI Action on Troubleshooting Form shows ONLY actionable logs due to the following out-of-the-box default filters:

  • Troubleshooting: Limits the results to only one Troubleshooting Number.

  • IEC-IP Count = 1: Avoids duplicate records for IECs with the same IP Address.

  • Error Code does not contain QN.ALL.00: Filters out QN.ALL.00 (LINK) IECs.

  • Error Code does not contain Ignore: Filters out IECs that can be Ignored.

  • Incident Error Code does not contain Ignore: Filters out extended IECs that can be ignored.


The best way to dig deeper into the results in the Log Analysis List View is by grouping them by 'Incident Error Codes' to help visualize an exhaustive list of all applicable IECs. Each grouped section can then be individually expanded to see the details aligned with a single IEC.


UI action { Discovery Admin } at the bottom of Log Analysis List View navigates to Troubleshooting List View.


 

Root Cause and Remediation

 

To get the Root Cause and Remediation for the grouped Incident Error Codes on the Log Analysis List View, add the ‘Incident Description’ attribute to the List View.


To see the Root Cause and Remediation for a specific IP Address, search for it under the ‘Device IP Address’ column, open the record and scroll to the 'Incident Description' attribute on the Log Analysis Form.


 

IP Address NOT Found

 

If the IP Address is not found after doing a search on the Log Analysis Table, see the recommendations below:

  1. The Device on the IP Address is discovered successfully without any errors. As a result, it is not captured by Discovery Admin.

  2. There is no Device on the IP Address

  3. The Device on the IP Address can not be probed due to the standard ports being blocked.

  4. The Incident Error Code associated with the Device at the IP Address is pre-filtered by the Discovery Admin out-of-the-box default filter. To fix this, click on the TRBL Number in the Bread Crumb of the default filter.

  5. If the Device is a Network Device, additional configurations may need to be completed for ACLs on the Network Device and supporting updates to the Credentials and corresponding ServiceNow Discovery Schedules.


 

Video: How to navigate to and interpret the Log Analysis Form (4 mins :: 45 secs)

 


Time Stamps:


0:04 - Navigating to the specific Record to view the Troubleshooting results

  • To access the results of previous Troubleshooting(s), access the Discovery Status Module and select the { Discovery Admin } UI Action.

  • This will take you to a page displaying all previous Troubleshooting Records.

  • Open any Record from the List View by clicking on the Record, and the Troubleshooting Form corresponding to the specific Record will be displayed.

  • To view the results, click the { View Log Analysis } UI Action, which will display the results of the Troubleshooting.


0:55 - Top (Main) section of the Log Analysis Form

  • The Top (Main) section of the Log Analysis Form provides comprehensive information about the Incident Error Code.


1:19 - ServiceNow Discovery section of the Log Analysis Form

  • The ServiceNow Discovery section of the Log Analysis Form provides comprehensive information about the ServiceNow Discovery Schedule and the corresponding ServiceNow Discovery Status.


1:29 - Credential Affinity section of the Troubleshooting Form

  • The Credential Affinity section of the Log Analysis Form provides comprehensive information about the Credential Affinity for the IP Address.


1:43 - Root Cause and Remediation section of the Log Analysis Form

  • The Root Cause and Remediation section of the Log Analysis Form provides comprehensive information about the root cause and remediation associated with the Incident Error Code.


2:02 - CMDB Lookup section of the Log Analysis Form

  • The CMDB Lookup searches for the specified IP Address within the CMDB, and upon finding a match, retrieves the associated data.


2:55 - Sections of Other out-of-the-box tables from ServiceNow

  • These sections (Discovery Log, Device History, ECC Queue, Pattern Log History) on the Log Analysis Form display a copy of the corresponding out-of-the-box attributes to provide a consolidated view of these logs that are otherwise present in different tables in ServiceNow.


3:36 - Grouping of the results of the Troubleshooting by Incident Error Code

  • For grouping the results of the Troubleshooting by Incident Error Code, right-click the 'Incident Error Code' Header (on the Log Analysis List View) and click on 'Group By Incident Error Code'.


 

NOTE: Learn more about the Attributes on the Log Analysis Form

 

Explore Understand the Troubleshooting Results to further explore the Log Analysis Table and extend the capabilities of Discovery Admin.


 

Property 3.1: log_analysis.max_record_count

 


This property controls the maximum number of records in the Log Analysis Table and auto-purges any additional records (nightly), if the number of rows exceeds the configured value.

[v9.3] The default value of the property has been updated to 1 Million Records to control the length of the Log Analysis Table. This can be updated as needed to align with specific data retention requirements.


Discovery Admin Property 3.1 controls the size of the Log Analysis Table by the Number of Rows.


To control the size of the Log Analysis table by duration, use the ServiceNow out-of-the-box 'Table Cleanup' feature. This is similar to the configurations for other large tables like Discovery Log, ECC Queue, System Log, etc.


This can be configured by a ServiceNow Platform Administrator by referencing the following ServiceNow Documentation: https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0694151


To navigate to the Table Cleaner (sys_auto_flush):

  • Go to the Filter Navigator

  • Instance Scan > Table Cleanup

  • Click 'All' to remove filter.

On the List View, click 'New'  and populate following attributes:

  • Tablename: Log Analysis [x_qune_da_log_analysis]

  • Matchfield: sys_created_on

  • Age in Seconds: ENTER_SECONDS, for example:

    • 2,592,000 seconds = 1 month

    • 7,776,000 seconds = 3 months

    • 15,768,000 seconds = 6 months



IMPORTANT: Out-of-the-Box Table Rotation feature should NOT be used to control the size of Log Analysis table as it causes issues if the shards are not manually synchronized after after every upgrade due to any changes to the Log Analysis Table.

Take help of your Discovery Admin Point of Contact to move away from Table Roation, if configured for it in your instance.

We introduced Property 3.1 to complement the ServiceNow out-of-the-box functionality and manage the Log Analysis table by the number of rows vs the duration.

So, let’s assume, with each weekly Discovery Admin Troubleshooting, you are generating 100K new rows in the Log Analysis Table and your reports need to have data for the past two months (~8 weeks), we can configure the value in the property to be more than 800K (or say 1 Million to keep the buffer), so the Table only retains the most recent 1 Million rows.

In summary, use the OOB Table Rotation if you want to control the size of the Log Analysis Table by duration, and use the Discovery Property 3.1 if you want to control the size of the Log Analysis Table by the number of rows.

And make sure it doesn’t have a downstream impact on data retention policies including any impact on reporting / dashboards.


 

Property 3.2: log_analysis.sa_view_log

 


Creates the hyperlink to the Pattern Log, if Patterns were used in the Discovery of the IP Address. This hyperlink is captured in attribute: SA View Log


This property is disabled out-of-the-box as the Pattern Logs are auto-deleted at Customers Instance. As a result, the link may point to a deleted record after the auto-deletion has taken place.

It is recommended to keep this disabled unless needed for a specific time-boxed period to do detailed manual analysis.


bottom of page