Log Monitoring

Cavisson NetForest is the next-generation log monitoring and analysis software that makes use of server logs to troubleshoot performance issues and understand user behavior. NetForest allows its users to slice and dice machine-generated Big Data for decision-making insights. Following are some of the key features of NetForest:

• Real-time collection of logs from various sources.
• Parse raw logs into meaningful fields.
• Powerful visualization of data in a meaningful, easy-to-consume format.
• Scalability – horizontally.
• Automatic replication of data in clusters, nodes, and shards.
• Fast and powerful search – millions of log lines within a couple of seconds in real-time.
• Support for multiple complex query struts comprising arithmetic, logical expressions, and regular expressions across multiple fields.
• Support of alert, monitoring, and reporting.

Capabilities

Cavisson NetForest is an enterprise-scale fully integrated software product for comprehensive log monitoring and analysis. NetForest’s ability to integrate seamlessly with other products including NetDiagnostics makes it unique to diagnose performance issues and optimize applications before it impacts customers or revenue.

Cavisson NetForest supports a wide range of commonly used application servers along with their log format and structure. The user-friendly intuitive graphical interface with reporting and analytical dashboard allows users to visualize data and get answers to the mysteries hidden within the raw log data.

Why NetForest?

• Full-text search and visualization product for log analysis.
• Powerful Big-data visualization with the use of aggregation capabilities.
• Clustering of nodes, data distribution, and replication for scaling and redundancy.
• Data correlation and diagnostics via seamless integration with Cavisson products e.g. NetDiagnostics and NetVision.

Features

The following key features complement the comprehensiveness in terms of log monitoring:

Indexing and Query Language Support

• Create an index on each term so that any term can be searched in a sub-second response time.
• Parse of any kind of log indexed with key fields, extracted into fields on which query/filtering can be done.
• Support Query language – simple syntax as well as a more powerful JSON-based syntax.

Data Aggregation and Powerful Visualization

• Easy aggregation of data as per visualization needs and presentation using various kinds of charts – line/bar/pie/geo/metric.
• Slice and dice data based on time window, any series/graph, or term – the same filter applies to all widgets on the dashboard.

Seamless Integration Capabilities

• Seamless tracking of web transactions over various tier servers and their logs for any problem analysis.
• Correlating data between NetDiagnostics and NetForest with single click operations.

Node Clustering and Load Distribution

• Auto discovery of clustering nodes, the addition of new nodes, and load redistribution.
• Data partitioning across shards and data replication across cluster nodes to provide redundancy in case of node failure.
• Indexing and search query load distribution and cumulative data compilation for fast query response.

Enhancements

• NetForest | NFAgent | Tag and Attributes support: Tags and attributes are two different things, in which Tags are labels used for organizing an entity’s metrics data time series, and attributes are key/value pairs used for defining extra information for entities.

Tags and Attributes Syntax: –

Tags=” key=<value>,key=<value>”

Attributes=” key=<value>, key=<value>”

value will be as follows: –

tags and attributes will be added to the document as like,

“tags”: {

         “MIN_SLEEP”: “20”,

         “UPPER_LIMIT”:”3600”

},

“attributes”: {

         “Tier”:” tier”,

         “Env”:” env

}

• Loki Support for MVCOMBINE Construct, NOMV Construct, and MVEXPAND Construct
• MVCombine Construct: This construct is used to group multiple events, which are identical except for the specified field, which contains a single value. The resultant of this operation is a single event in which the specified field becomes a multi-value field.

Syntax:

…|mvcombine <field_name>

• NOMV Construct: This construct is used to convert a multivalue field into a single value field.

   Syntax:

          …|nomv

           <field_name>

     Here <field_name> is a field, which is required to convert into a single value.

• Mvexpand Construct: This construct is used to expand values of a multi-value field into separate events, such that the result contains one event for each value in the multi-value field.

             Syntax:

              …|mvexpand <field_name>

• Support for creating log metric monitor by selecting strings from logs

This feature helps to create a log metric monitor from the Logs screen by selecting some string/text from the message or any other fields. The user selects some value/text from any fields and one popup menu opens for Log Monitor. The user clicks on the Log Monitor menu and it redirects to the log metric monitor configuration screen which displays the selected screen on the query box.

• Single maxdoc endpoint for all nfdb requests

With this feature, all the nfdb requests will be handled by a single endpoint making nfdb more flexible and reducing confusion regarding which endpoint to use for certain requests. Before this enhancement two endpoints were being used, one for processing 10,000 documents and another one to process greater than 10,000 documents.

• Implementation of aggregation Log Display for maxdoc flow

Display unique logs to users, so the user can easily see the last unique logs with their similar log count value or he can see similar logs for the particular unique log key as well. Until now this feature was implemented for msearch requests only. But now it can be used with maxdocs and large datasets also.

• Priority-based reading of environment variables from different files in nfforwarder

In windows, it reads the value of environment variables from the system environment and some other environment files in a set order of priority.

That is the value of a field will be taken from a higher-priority file instead of a lower-priority file if that field is declared in both files.

 This is the set order of priority -> system environment -> cmon.env -> jvm. options -> cmon. properties -> nf.env

• Confusion matrix is now giving results when the model produces NaN results.
• An option for the user to change the cert file (certification file) in nfdb for SaaSs registration is now available.
• Searched items will now get highlighted in documents/log lines.
• Saved search is now opening from the Logs section.

Integration with other Cavisson Products

Just like other Cavisson products, what makes NetForest unique is its ability to integrate with the rest of the Cavisson products for extensibility. This also results in achieving end-to-end enterprise monitoring capability.

With NetDiagnostics

• One can click on access from NF to the corresponding transaction dashboard in NDE.
• One can click access from NDE transaction dashboard to NF logs for the server in any tier.