This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Log Analyzer 2020.2 latest RC is here!

The latest release candidate for Log Analyzer (2020.2) is now available in your customer portal.

Each release candidate is a fully tested and supported version of the product and you can upgrade current production servers, while retaining your complete configuration and history.

If you're looking for release notes and other supporting documentation, please click the links below:

LA 2020.2 release notes

LA 2020.2 system requirements

Orion Platform 2020.2 release notes

Orion Platform 2020.2 release summary

What's new? A much anticipated new log source, flat log files! Now you can ingest and visualize data from flat application log files right alongside your other crucial log data when troubleshooting and monitoring your Orion nodes. In addition to the new feature we also invested in some improvements to the performance and responsiveness of the UI when dealing with larger data sets so there will be less waiting for results when working in the log viewer.

How does it work? Flat log file ingestion is accomplished using the same Orion agent that you were already using to collect Windows Events from nodes in Orion. (This initial version only supports Windows nodes) 

How do I get started? Simply create a profile and assign it to an agent based node... In the Orion console, go  to Settings -> All Settings -> Product Specific Settings -> Log and Event Settings and then select "Profiles" and click "Create" to start a profile that defines the attributes of the log file(s) you want to collect and the agent based nodes you want the profile to apply to. 

jvb_0-1585770263752.png jvb_1-1585770311552.png jvb_2-1585770549736.png jvb_3-1585770628209.png jvb_4-1585770726064.png jvb_5-1585770765572.png jvb_6-1585770817493.png

New Orion Platform Features

With this VMAN RC comes some fantastic new updates & enhancements to the Orion Platform which include:

  • Monitor up to 1,000,000 elements per Orion Platform instance.
    • For SAM components the limit is increased to be 550,000 components per SAM installation.
  • An Orion Map to Success! - Orion Maps improvements, such as creating and customizing text boxes, labels, or layouts, incorporating custom icons, adding shapes, dynamic backgrounds, bulk administration and all new Time Travel.
  • Performance enhancements
  • Dashboards, Dashboards, Get Your Dashboards! All New Custom Summary Dashboards
  • A Gateway To Your Fastest Upgrade Ever! - Upgrade improvements, such as pre-staging upgrades, upgrade plan reports, automating upgrades via Orion SDK
  • Enhanced volume status
  • 3rd Party Language Pack Support - scripts to extract UI texts from the Orion Web Console

Your Feedback Counts!

I'm incredibly interested in your feedback, and what's even better is that when you participate by downloading and installing the RC, you get thwack points. More importantly your feedback shapes our products. Post your thoughts, questions and concerns into the RC forum and not only will you be able to get some SolarWinds swag, but we the WPM team will be watching for input to make the product better and better. In addition, sometimes you'll come up with a brand new feature ideas that we would want to consider for a future version. The best place to capture those ideas would be Log Analyzer Feature Requests  and as you can see from our What We’re Working on for Log Analyzer   page, we take those inputs very seriously.

  • Based on the screenshots it looks like this reads and ingests the entire log file into log viewer. Presumably you can then set up filters to tag/alert on certain keywords found in the log file?

    I'd be interested in a feature that would read a file and only ingest entries based on a string/regex filter. I have a client where we have had to set up SAM application monitors using custom Powershell and Perl scripts based on the out-of-the-box log application monitors. However, we have found these have limits with the regex filters along with some other issues.

    This feature would be more suited to this client if it could do the above rather than ingest the entire file as some of these systems generate 10-20 GB of logs per day.

  •  You are correct. Currently it will ingest the entire log but you can use processing rules to discard or otherwise process the entry in the same way as any other log (syslog, traps, etc.) Doing pre-filtering on the agent prior to sending the log is something we are considering for a future release.

  •  Interesting, I read it as the entire file gets ingested regardless. With the rules we could get it to only keep the lines that are important. The system would still need to read/receive/process 20GB+ of log from each server though.

    Is there a rough guide to processing limit or is each line counted as an event?

    Scalability Options

    1000 events per second

    3.6 million events per hour

    Up to 90 million events per day

  • Each line would be counted as an event even if it is immediately discarded. Or put more simply, flat log files will contribute to your total events per second (EPS) just like any other source (syslog, traps etc.) So you still need to consider that in the big picture of what you choose to monitor just like you would with other devices / log sources.