Log Management for IT Ops: 5 Best Practices
February 23, 2015

Jim Frey
Kentik

Share this

Log data may be many things, but one thing is for sure – it isn't sexy. In fact, in most cases, it's downright ugly, because there are really no standards out there for how log data should be structured. For decades, this fact has kept log data from being a practical source of information for anything beyond a few specific use cases, such as watching for important events (like system reboots or config changes), security monitoring (like firewall blockages), or deep troubleshooting.

Times have changed, and the most recent crop of log management vendors have taken advantage of the steady growth in processor capacity to overcome the complexity and scale challenges of harvesting and analyzing all of the log data that an IT infrastructure continuously throws off. Now there are practical ways for taking advantage of the unique perspective and insights that log data can provide on a much broader basis.

In my last post, I shared some key findings from an EMA research report published last fall that dove into the ways in which log analytics is being used to support network operations. Building on that, following are a couple of the recommendations that EMA is making on how best to think about log data as part of an integrated management architecture and strategy:

1. Think twice before planning to store all log data

While most organizations are gathering log data for analysis on a continuous, ongoing basis, only a third are storing all log entries all the time. Interesting, those organizations considering log data to be "strategic" are actually much less likely to be storing all log entries all the time than those who consider log data to be "tactical". Strategic log users prefer instead to be more surgical, looking for specific types of logs or storing all log data only when certain trigger situations occur.

2. Consolidate your log analysis tools

We find that an overwhelming majority of organizations are either currently using one centralized log analysis system or are planning to consolidate the multiple tools that they have into a single system. This makes tremendous sense if you are trying to get the most out of your log data either in support of integrated operations or simply for better collaboration and cross-team sharing.

3. Focus on fast and intuitive search capabilities

The number one challenge voiced with respect to analyzing log data is knowing what to look for. It's not surprising then that the most popular feature that IT pros look for in a log data analysis solution is fast search. The latest generation of tools have made quick and effective search a high priority, and if you don't have such capabilities in your current system, you should consider an upgrade or alternative.

4. Don't implement log data analysis as an island

Consistently, we find that organizations are getting the most value when log data collection and analysis is integrated with other data sets and analysis systems. This can be done either via log data collection/analysis tools incorporating non-log data themselves or by openly sharing log data with other management aggregation systems. Some of the strongest values are being achieved by connecting the insights available from streaming log data with other performance monitoring measures, to proactively recognize performance degradations and related root causes.

5. Log data is relevant for BSM/ITSM

EMA has found a very high usage rate of network log data for higher level BSM and ITSM type initiatives, such as service quality monitoring, unified IT operations, and CMDB. Such usages were particularly high among those who consider log data to be strategic rather than tactical. So even though log data may be ugly, don't overlook its importance in supporting your highest level management objectives.

There were a couple of surprising dichotomies uncovered in the research study as well. For instance, the top reason people value log data is that they consider it to be cost-effective, however the second greatest challenge was identified as cost of tools. Another example involves just how effective log data is. The second highest perceived value was faster time to resolution than other data sources, however the number one challenge was knowing what to look for.

Clearly there is great and growing value in collecting and analyzing log data for IT planning, operations, and security. And while there are still challenges to be faced, best practices are emerging to help everyone understand what to expect and how to get the most returns on investments into log data collection and analysis tools.

Jim Frey is VP of Strategic Alliances at Kentik
Share this

The Latest

September 21, 2018

The performance gap between customer experience leaders and runners-up is widening, with those on top being disproportionately rewarded. Gartner said organizations must ignore three myths in order to achieve a superior customer experience ...

September 19, 2018

This summer marked three years since Microsoft announced Windows 10, its first "Windows as a service" Operating System (OS). Windows 10 brought with it a new Software-as-a-Service-like approach to updates, moving Microsoft and the millions of environments that depend on it, more frequent, bundled updates. Whether you believe the shift was for better or worse, one thing is certain, this "as a service" model is a natural progression for today's operating systems. That is why Windows 10 is changing not only how frequently updates are pushed out, but inherently how technology is purchased, how people consume it, and perhaps most importantly, how IT is run. Let's take a look at how Windows 10 has impacted these three key areas over the past three years ...

September 18, 2018

To celebrate IT Professionals Day 2018 (this year on September 18), the SolarWinds IT Pro Day 2018: A World Powered by Tech Pros survey explores a "Tech PROactive" world where technology professionals have the time, resources, and ability to use their technology prowess to do absolutely anything ...

September 17, 2018

Are digital war rooms obsolete because they're just a place for managers of siloed business units to find someone else to blame for a critical IT event such as a security breach? Far from it. Enterprises find these emergency response teams just as important, if not more important, than ever ...

September 14, 2018

The goal of EMA's latest research was to look at how advanced IT analytics (AIA) — EMA's term for primarily what today is best known as "AIOps" — is being deployed. Here are the remaining four of my seven personal takeaways ...

September 13, 2018

OK, the data is in! The goal of EMA's latest research was to look at how advanced IT analytics (AIA) — or EMA's term for primarily what today is best known as "AIOps" — is being deployed. Here are seven of my own personal takeaways ...

September 12, 2018

By maximizing the knowledge of end-to-end quality of service (QoS) using virtualized network functions (VNFs), the SD-WAN (edge) gateway establishes a suitable connection with minimal latency and maximum performance so that entire organizations can make the most of the Office 365 application suite ...

September 11, 2018

Market exuberance for Office 365 has inspired business mandates to adopt the cloud-hosted collaboration and productivity suite without regards to the underlying chaos. While multi-location organizations are virtualizing, operating models haven’t necessarily changed. This partial transformation that excludes automation and simplification of the network puts Office 365 deployments (and other software-as-a-service offerings) in danger of failing ...

September 10, 2018

Most organizations are undergoing a digital transformation that directly impacts how they do business, yet 70 percent of employees have not mastered the skills they need for their jobs today, and 80 percent of employees do not have the skills needed for their current and future roles, according to Gartner ...

September 06, 2018

In a survey within the VMware User Group community, Blue Medora took a closer look at how various metric collection strategies and access to Dimensional Data impacts IT success. We started with one question: How important is your monitoring integration strategy? ...