Event Log Management Tools in SQL Sentry
Event log management is simple and centralized in SQL Sentry. Events across all of your monitored servers come together in one tool, making management faster. For example, correlating SQL Server performance issues with items in Windows Event Logs is painless. "Outlook-style" Calendar views provide a familiar way of chronicling Windows and SQL Server events. As a result, it's easy to jump right into resolving your server issues.
First, I'll focus on handling the Windows Event Logs. Then I'll highlight managing SQL Server-specific events. Finally, I'll show you how to bring these items together in custom views.
Windows logs important incidents to the Windows Event Logs. SQL Sentry monitors and displays them in a highly configurable calendar view within the application. By default, SQL Sentry watches Application and System Logs. Optionally, you may activate the Security Log from the context menu in the Navigator pane.
SQL Sentry Navigator --> Event Manager --> Event Logs
SQL Sentry logs numerous events specific to SQL Server. Top SQL, Blocking, Deadlocks, and more display on the Event Calendar when you select a SQL Server node on the Navigator.
You control which days to view, how many at a time, and the level of detail (1 minute, 10 minutes, 1 hour, 4 hours, or 1 day). This is accomplished by using the menu or right-clicking and selecting "Zoom To" while on the calendar.
Calendar Viewing Options for Windows Event Log
For example, here are three days, side-by-side.
Calendar View of Windows Event Logs
View events as a calendar, list, or both (split). These options display the same events. Because list views allow for additional sorting and filtering by each column, they may be preferable in some cases.
Accessing Calendar Views from the SQL Sentry Menu
The "Split" option (shown below) offers the benefits of both styles.
Calendar View Styles - Showing Split
Would you like to see all of the event log management tools and more in SQL Sentry? Use this link to book a demo!
Custom Views bring event log management to another level. Defining a view allows the selection of instances, individual event objects, event sources, and filters. As a result, you have a view to correlate SQL Server and Windows Log Events together. In addition, grouping and viewing events specific to objects and sources is easy.
Start on the Navigator and add a new Local or Shared view.
Add New Event Calendar
Then, define what to include in the new Event Calendar.
Add New Event Calendar
As an example, here are items available under Logged Events:
Create Custom Views of Logged Events - Example of Event Sources
Next, save the new view.
Add New Event Calendar
Now, your view is part of the Navigator menu.
Since some incidents logged to the Windows Event Logs may be inconsequential, SQL Sentry provides filters for removing them. History Filters exclude events you don't want to view in SQL Sentry. First, navigate to Settings for the Event Manager node. Next, you'll see the Settings --> Windows Event Logs Source screen (shown below).
History Filter Windows Event Logs Source
Then, set "Inherit from Parent (Global)" to False to access the "History Filter" field. Finally, create simple or complex filters on items like Event ID, Level, Log, Message Text, and more. If you need a refresher on "AND/OR/NOR/NAND" logic, check out Custom Conditions: A Logical Choice.
There is an incredible amount of control for going outside of the default options and customizing to meet best your environment's needs. For example, when it comes to Top SQL, you may want to capture statements running under the default five seconds during a test to see queries that are running frequently, even if quickly.
|History Filter SQL Server Source||Top SQL Filter Options|
Various Filter Options for SQL Server Event Sources (Deadlocks, SQL Server Agent Logs, Agent Alerts Source, Top SQL Source, etc.)
Most noteworthy on Top SQL is that you may also wish to exclude events that do not meet your specific thresholds for CPU, reads, or writes. Similarly, History Filters on Settings such as Deadlocks Source allow the exclusion of events logged to the SQL Sentry database by Event Time or Message Text values.
Event log management is consolidated and highly adaptable to your monitoring requirements via SQL Sentry tools. SQL Sentry provides robust features for logging the SQL Server events that matter most to you. Finally, the custom calendar views provide a fusion between Windows and SQL Server events for more thorough management and investigation.
Test out SQL Sentry event log management for yourself with a free 15-day trial.