As network managers, engineers, and operators strive to protect the integrity and performance of enterprise networks, they are faced with an onslaught of data and metrics. They must wade quickly and carefully through this deluge in order to perform monitoring, troubleshooting, and planning. With recent trends moving technology toward software-defined and programmable infrastructure, as well as the parallel convergence of IT operations across multiple technology domains, network log data is being increasingly both used and appreciated. But proper and effective use of network log data is not without its challenges.
Enterprise Management Associates (EMA) released its latest research report entitled Log Analytics for Network Operations Management which takes a detailed look at the ways in which network log data is being harvested, analyzed, and used for network operations management. Based on the experiences and findings of over 190 enterprise practitioners, log analytics best practices are provided.
Some of the key findings in this study include:
■ 96% of participants indicated that network log data was of average importance or higher within their overall hierarchy of network management data sources, and 64% felt is “More important than most” or “Most important”.
■ 75% of shops are either currently using a central log analysis system or are planning to consolidate the multiple tools they have into a single system.
■ The biggest challenge most face when using network log data is “Knowing what to look for” and consequently the most highly valued feature for log analytics is “Fast search”.
■ Over 90% of organizations are applying one or more forms of advanced analytics in the processing of network log data, such as root cause analysis, proactive alerting, threat identification, and performance trending.
■ Over 80% of organizations are using network log data to support higher level BSM/ITSM initiatives, most particularly for IT service quality monitoring (61%).
EMA has been tracking the role that network log data plays in network management disciplines for years. What is most striking is that log data now outranks traditional network management data sources such as SNMP, NetFlow, and packet analysis as most heavily used and valued for multiple use cases. EMA recommends that networking professionals add log data to their portfolio of viewpoints while also seeking a means to closely integrate and align that viewpoint with others in order to get the most impactful results.