Explore system activities
Explore helps you to understand the state of your systems and the data that Unomaly has seen and processed. While Anomalies and Situations focus on what's different in your logs, Explore focuses on the running state of your infrastructure, whether it is normal or not.
You'll notice that some of the pages in Explore are labeled "beta". In upcoming releases, we will add more dynamic visualizations and experiments. The "beta" label will help you to see what is new or still under development. You can use the "Was this helpful?" button on the bottom right of the Explore page to send us your feedback.
Event profiles lets you explore all the types of events Unomaly has identified in your infrastructure. Similar to Anomalies and Situations, you can use filters to search for profiles and create knowns.
Use the filter bar to apply filter on systems, groups, or run a free-text search. You can select a time range to restrict your search and sort on the following values in the profiles list:
|Count||The total number of times this profile was seen.|
|First seen||Timestamp for the first occurrence of this profile.|
|Last seen||Timestamp for the most recent occurrence of this profile.|
|Periodicity||The mean time between events matching this profile.|
|Standard deviation of the periodicity||A very low standard deviation can indicate that a task is periodic. For example, it may be a cron job.|
Enable "Graphs for profiles" under Settings > General > Advanced to see a time series graph for the event rate (per second) of the profile. This graph displays when you expand a profile in the list. You can zoom in or out of the graph and select time presets to change the time range of the graph.
- These graphs are stored for 30 days or until they fill up to 10 GB of storage on disk.
- Enabling this feature may impact Unomaly's performance. If you have large numbers (thousands)of systems, you may turn this feature off to decrease the IO/CPU load.
Use the menu to the right of each profile line to "Add known" or "Copy log text".
- Add a known for the profiles you want to track and keep highlighting in Unomaly. See "Define knowns to highlight log events".
- Copy the full log message to your clipboard that you can use to search or investigate outside of Unomaly.
Infrastructure displays a realtime bubble chart visualization of the current state of your systems and groups and helps you quickly see which systems are currently behaving differently from others. You can use the filter bar to select and view different groups.
Each bubble represents a system. The diameter of a bubble is proportional to how many events per second this system is producing. A bubble is red if the system it represents has experienced anomalies within the last hour.
- Hover over a system bubble to see the count of events per second and the number of anomalies seen in the last hour.
- Click the center of the bubble to redirect you to the Anomalies page filtered on the system you selected.
- Click on other areas of the bubble to zoom in to the system.
Workflows are collections of log events that occur in a sequence. Reviewing these workflows help you to get insight about the common tasks your systems perform. You may also use workflows to review your logs and identify which workflows may produce errors.
Workflows are created by analyzing log events for each system. Workflows are regenerated every hour using log event data from the last 24 hours. The current maximum length of a workflow is limited to 10 log events.
Compare systems allows users to visually compare the profiles between two systems, A (purple) and B (green).
Check the boxes or click the parts of the Venn diagram to select the different combinations to show. The default result set is the union of the log events happening on A and B. You can also use free text search and select different time ranges to narrow the result set further.
The purple and green icons in the list indicate which system the profiles belong to so you can easily see what's unique to each system
The combinations you can choose to compare systems include: profiles that happen only on A, only on B, on both A and B, only on A and only on B (the symmetric difference), on A, on B, and everything on A and B (the union of the two systems).