Being a Windows user and an ex-.Net developer, my very first thought on LogSense was whether or not it's capable of ingesting logs coming from the Microsoft environment. Frankly, I was quite surprised to find out how easy it was to start sending Windows Event Logs by simply following the instructions available on LogSense website. The whole set up took several minutes and allowed me to build some basic analytics around what is happening on my Windows machine. If you're looking for an easy way to better understand what's happening on your Windows machine, here's a quick tutorial:
Step 1: Send Logs to LogSense
Upon sign-up, I received my unique access token that I kept handy since it was required later on. Then I installed the client tool outlined in the instructions and followed the steps to configure it and update the config file with my access token.
I was ready to go. I launched the client and a few minutes later logged on to LogSense where I could see the logs coming. Since I already had logs from other data sources, I had to remember to filter by the `eventlog` tag that was set in the config file.
Step 2: Some Basic Analytics
I was keen to find out how many logs are coming from respective Windows Event Log channels (Application, Security, System) and what would be the breakdown of events (i.e., how many errors are logged vs other events). I created my first chart by right-clicking on logs.channel in the Logs view:
and selecting COUNT so I ended up with the following view:
In order to make it more visually appealing, I toggled the chart type and set it to horizontal bars:
Now, to add more granularity, I toggled back to the table view and dragged logs.event_type from Logs view to rows section:
Lastly, I applied sorting on the respective columns and ended up with a decent breakdown:
Thus, in just a few steps I was able to build a chart outlining the breakdown of my Windows Logs coming from respective channels, which is quite cool. I already liked the app and was keen to explore further!
Step 3: Getting Something Useful out of It
Since I had learned how to chart the breakdown already, I attempted to outline the most frequent application errors. Doing so was easy again and required a few simple steps:
- Update the filter in the search box to show only errors from the application channel
- Right-click on logs.description and select COUNT to toggle a chart
- Sort by COUNT field
- Rename the chart so it is more descriptive
Using the same approach, I built another view representing the most common logs in the Event Log. Since I was interested only in meaningful entries, I filtered out the blank descriptions as follows:
Step 4: Storing for Later
Finally, in order to reuse the chart, I saved it as an Overview (private or public) by clicking the `+` icon and selecting an option from the context menu:
Since I had created multiple overviews, I also added a category to group my Windows Logs charts and ended up with the following:
To sum it up, sending Windows Event Logs to LogSense and building custom charts around them turned out to be easier than I initially thought. In a future post, I will continue to explore the LogSense capabilities, including finding out how to leverage Log Patterns and where I can benefit from built-in Anomaly Detection.
If you are interested to see how LogSense can help with your Windows, Java and other apps, you can try it out today with no charge.