Skylar Automated RCA is a great tool to help with application troubleshooting. There is no need to analyse thousands of logs lines. Skylar RCA will do that for you using AI technologies. In this article, I will share some tips on how to get started with log analysis with the Open Telemetry (OTel) collector. OTel is an open-source vendor-agnostic software to receive, process and export telemetry data including metrics, trace data, and logs.
This article assumes you already have a Skylar RCA account. If not, please contact your CSM for a 30-day trial of the product.
Step 1:
Contact ScienceLogic support to obtain a copy of the OTel collector.
Step 2:
Install the OTel collector as per installation steps (see the references section below)
Step 3:
Update the OTel configuration file. This is the otelcol.yaml file in otelcol-sciencelogic-zebrium_x86_64 directory. The following fields will need to be updated
- Include attribute in filelog block to match the log file location(s)
- regex in operators > type block. This needs to match the log file format. As a best practice, use a regular expression checker (for example, https://regex101.com/ , to check your regular expression before updating the configuration file
- endpoint and ze_token sections in the exporters block. These need to be copied from your Skylar RCA instance
Step 4:
Before sending logs to Skylar, it is recommended configuration is tested with local debugging. This can be achieved by using exporters: [debug] in the service: pipelines: logs: section of the otelcol.yaml config file. Also, in the receivers: filelog: section, add the line start_at: beginning to force the collector to read logs from the beginning. This will generate a log file in the logs sub-directory.
Step 5:
Restart the SciencelogicZebriumOpenTelemetryCollector service.
Step 6:
Once you are happy with the debug output, modify the config file so that logs will be sent to Skylar RCA. Remember to Restart the SciencelogicZebriumOpenTelemetryCollector service.
Step 7:
After a few minutes, check the Ingest History on the Skylar UI (in Ingest-history) to verify data is being received. Also, Diagnostics menu can provide useful information about how many log lines were received in the last 4 hours. Go to the Diagnostics menu and click on ‘Run Now’ button.
References:
Skylar Automated RCA documentation:
https://docs.sciencelogic.com/latest/Content/Web_Zebrium/home_RCA.htm
Windows OTel collector:
https://docs.sciencelogic.com/latest/Content/Web_Zebrium/03_Log_Collectors_Uploads/Windows_OTel.html
Employee