Related
Recommended

Event Log Management Tools in SQL Sentry

solarwinds_worldwide_llc
4 minute read time

Event log management is simple and centralized in SQL Sentry. Events across all of your monitored servers come together in one tool, making management faster. For example, correlating SQL Server performance issues with items in Windows Event Logs is painless. "Outlook-style" Calendar views provide a familiar way of chronicling Windows and SQL Server events. As a result, it's easy to jump right into resolving your server issues.

Event Log Management

First, I'll focus on handling the Windows Event Logs. Then I'll highlight managing SQL Server-specific events. Finally, I'll show you how to bring these items together in custom views.

Event Manager

Win Sentry Event Manager

Windows logs important incidents to the Windows Event Logs. SQL Sentry monitors and displays them in a highly configurable calendar view within the application. By default, SQL Sentry watches Application and System Logs. Optionally, you may activate the Security Log from the context menu in the Navigator pane.

SentryOne Event Log Management

SQL Sentry Navigator --> Event Manager --> Event Logs

SQL Sentry Event Calendar

SQL Sentry logs numerous events specific to SQL Server. Top SQL, Blocking, Deadlocks, and more display on the Event Calendar when you select a SQL Server node on the Navigator.

Calendar View

You control which days to view, how many at a time, and the level of detail (1 minute, 10 minutes, 1 hour, 4 hours, or 1 day). This is accomplished by using the menu or right-clicking and selecting "Zoom To" while on the calendar.

Calendar Viewing Options for Windows Event Log

Calendar Viewing Options for Windows Event Log

For example, here are three days, side-by-side.

Calendar View of Windows Event LogsCalendar View of Windows Event Logs

Calendar View Style

View events as a calendar, list, or both (split). These options display the same events. Because list views allow for additional sorting and filtering by each column, they may be preferable in some cases.

Calendar Views

Accessing Calendar Views from the SQL Sentry Menu

The "Split" option (shown below) offers the benefits of both styles.

Calendar View Styles - Showing SplitCalendar View Styles - Showing Split

Would you like to see all of the event log management tools and more in SQL Sentry? Use this link to book a demo!

Customizations

Custom Views

Custom Views bring event log management to another level. Defining a view allows the selection of instances, individual event objects, event sources, and filters. As a result, you have a view to correlate SQL Server and Windows Log Events together. In addition, grouping and viewing events specific to objects and sources is easy.

Start on the Navigator and add a new Local or Shared view.

Add New Event Calendar

Add New Event Calendar

Then, define what to include in the new Event Calendar.

Add New Event Calendar

Add New Event Calendar

As an example, here are items available under Logged Events:

Create Custom Views of Logged Events

Create Custom Views of Logged Events - Example of Event Sources

Next, save the new view.

Add New Event Calendar

Add New Event Calendar

Now, your view is part of the Navigator menu.

History Filter

Since some incidents logged to the Windows Event Logs may be inconsequential, SQL Sentry provides filters for removing them. History Filters exclude events you don't want to view in SQL Sentry. First, navigate to Settings for the Event Manager node. Next, you'll see the Settings --> Windows Event Logs Source screen (shown below).

History Filter Windows Event Logs Source

History Filter Windows Event Logs Source

Then, set "Inherit from Parent (Global)" to False to access the "History Filter" field. Finally, create simple or complex filters on items like Event ID, Level, Log, Message Text, and more. If you need a refresher on "AND/OR/NOR/NAND" logic, check out Custom Conditions: A Logical Choice.

SQLSentry Top SQL Filters

There is an incredible amount of control for going outside of the default options and customizing to meet best your environment's needs. For example, when it comes to Top SQL, you may want to capture statements running under the default five seconds during a test to see queries that are running frequently, even if quickly.

History Filter SQL Server Source Top SQL Filter Options
History Filter SQL Server Source Top SQL Filter Options

Various Filter Options for SQL Server Event Sources (Deadlocks, SQL Server Agent Logs, Agent Alerts Source, Top SQL Source, etc.)

Most noteworthy on Top SQL is that you may also wish to exclude events that do not meet your specific thresholds for CPU, reads, or writes. Similarly, History Filters on Settings such as Deadlocks Source allow the exclusion of events logged to the SQL Sentry database by Event Time or Message Text values.

Summary

Event log management is consolidated and highly adaptable to your monitoring requirements via SQL Sentry tools. SQL Sentry provides robust features for logging the SQL Server events that matter most to you. Finally, the custom calendar views provide a fusion between Windows and SQL Server events for more thorough management and investigation.

Test out SQL Sentry event log management for yourself with a free 15-day trial.

Thwack - Symbolize TM, R, and C

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 190,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification SolarWinds Lab Link Accounts
About THWACK Blogs Federal & Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2021 SolarWinds Worldwide, LLC. All Rights Reserved.