Log Analysis Table

Introduction | Report Creation | Additional Attributes | Notes

Introduction

The Log Analysis Table is the key Table in Discovery Admin that contains all the results of the analysis and is the main Table to be used for creating any actionable Reports and Dashboards.

Multiple Troubleshooting Records generated by Discovery Admin via Scheduled Troubleshooting provide the necessary data points which can be displayed via the Trending Report.

Report Creation

Follow the configurations below to create a simple trending report that can be added as a Widget to a new or existing Dashboard.

<Create a Report>

• Navigate to: Reports > Create a Report

<Data>

• Report name: _ENTER_REPORT_NAME_

• Source type: Table

• Table: Log Analysis [x_qune_da_log_analysis]

• Click Next

<Type>

• Type: Time Series > Spline

• Click Next

<Configure>

• Group by: Incident Error Code

• Trend by: Troubleshooting.Created (HINT: make sure to dot.walk)

• Calendar: Standard Calendar

• Per: Week

• Aggregation: Count

<Main Report Frame>

• Go to the Main Report Frame and click the 'Funnel' Icon to Configure the Filters below.

• Filters:

  • Consecutive Count | GREATER THAN OR IS | 1

  • IEC-IP Count | IS | 1

    • OR

  • IEC-IP Count | IS | EMPTY

  • Troubleshooting Initiated By | STARTS WITH | Scheduled Job: _VARIABLE_ (where _VARIABLE_ is the name of the already configured Recurring Scheduled Troubleshooting Job Name)

  • Troubleshooting.Created | RELATIVE | AFTER | _VARIABLE_ (where _VARIABLE_ is the rolling duration, for example: 60 Days ago)

  • Troubleshooting.Created | NOT ON | THIS WEEK

  • Troubleshooting.Status | IS ONE OF | Analysis Executed, Generating Incidents, Incidents Generated

  • Incident Error Code | DOES NOT CONTAIN | Ignore

  • Incident Error Code | STARTS WITH | _VARIABLE_ (where _VARIABLE_ corresponds to the Incident Error Codes in scope for this report)

  • ADD_ADDITIONAL_FILTERS_AS_REQUIRED_

• Click 'Save' to save the updates and view updated the results

IMPORTANT: Remember to Name the Report to make it intuitive for the End Users consuming the Report to understand what the Report contains.

<Screenshot>

Compare the screenshot below with your configuration to ensure the Trending Report is configured correctly. (Click on the image below to make it bigger)

Additional Attributes

Consider leveraging the following attributes in the Report Filters to further enhance the results of the Trending Report.

• Consecutive Count (consider changing the value in the filter)

• IEC-IP List

• Discovery Schedule Name

• Credential User Name

• CI Lookup

• CI Lookup Reference

• CI Lookup Attribute(s)

• IP Address Lookup CI Class

• Device IP Address Decimal

• ECC Queue Agent (MID Server)

• SA Pattern

In short, ANY attribute on the Log Analysis Table (or referenced by the Log Analysis Table) can be leveraged for Reporting.

To learn more about these attributes, see Understand Troubleshooting Results

Notes

A few things to consider while rolling out these reports to a larger audience:

• The last data point on the Trending Report may differ slightly across different zones due to the ‘relative’ filter

• Make sure the Trending Report contains an optimal number of Data Points to make it easier to read individually or when viewed in a Dashboard with other reports.

• Too many trending lines with differeing values makes the Trending Report hard to read and interprit. Select and limit the numnber of Incident Error Codes per Trending Report accordingly.

• Based on feedback from the Teams consuming these reports, add additional filters catered to specific teams by leveraging an existing report and doing an 'Insert and Stay'.

• See other Dashboard > Examples for insights into other types of reports that can be created.