XpoLog help - System Health
 

Select the 'Dashboard' component or the 'System Health' option in the top menu to enter XpoLog Dashboard. The dashboard displays a summary of your system’s health and allows navigation within the result. The dashboard screen is divided in 3: the upper pane, which displays general system health information, the main pane, which shows graphically the health of your system and the left pane, consisting of different slides for data generation and display settings.

  • The upper part of the dashboard screen displays general system health information: On the upper left side is the time window of the displayed dashboard data. Under the time window the number of total applications, folders and logs in your system is displayed. On the upper right side the entire system status is presented as a red, orange, yellow or green led. Red means a high level of risk/anomalies, and green means the health state of the system is very good. Orange and yellow are intermediate health state levels. Below the system status there are two graph: the left one shows the system’s risk level ('Predefined') and the right one shows the system’s anomaly level ('Anomalies'). Next to it is displayed the total number of risk events in the system. On the same pane there is a list box called 'display mode' which indicates the dashboard's monitor status (see Dashboard's Monitoring). If the online status is selected, the display on the main pane will be updated periodically according to the monitor's time settings. On the right side of the list box there's a display of the time left to the next screen refresh. Note: In case 'Time Rule' or 'Generate Data' are executed from the left pane while in online mode, the dashboard's monitor status automatically changes to offline.

  • The dashboard main pane displays your system’s health state. The data is displayed either in the context of a selected root (and this root's children) or in the context of correlated applications.
    The dashboard main pane consists of 4 dynamic tabs that correspond to 4 view modes: 'Totals Over Time', 'Risk Over Time', 'content' and 'Anomalies'. Selecting one of the tabs displays its corresponding graph over time and shows the corresponding graph over time for each of the entries in the table below. The main graph over time shows data in computed time intervals that correspond to the current dashboard’s display time frame. Each line in the graph corresponds, in case of selected root context, to one of root's children, or to one of the selected components (application, folder or log) in case of correlated context view. The lines are differentiated by colors. In case of 'Total Over Time' mode, each component is depicted by two lines: a solid one representing the component’s number of risk events and a dashed one representing the total number of events of that  component. Each of the points in the graph corresponds to the health data of that component in the time interval starting with that point. Hovering with the mouse over a point in the graph opens a detailed display of the data represented by that point. In case of adjacent points, a corresponding table is being displayed showing the data of these multiple points in a tabular form. Clicking on a point in the graph drills down to a smaller time interval: if the initial displays spans one month, then drilling down from any point on the graph will drill down to the day starting at that point, and in case other than 'Anomalies' one may further drill down to a selected hour. In case of 'Anomalies', a day is the smallest drill down resolution. To go back to larger time frames, click the small arrow left of the tabs (back).
    The pie next to the graph shows the distribution of the risk events among the root’s children, in case of a selected root context, or among the selected components, in case of correlated view context.
    The table below the graph shows the health information of the components depicted in the graph above. Clicking on the name of one of the entries in the table drills down to show that component’s health state – making this component the root. To go back to the upper most level of the health tree, click the "home" link above the graph.
    If no data is available for a component, it appears with a darker background. No drill down is then possible from that component.

    The table has the following columns:

    • Name – the name of the component. An icon representing the component’s type is displayed left of the name
    • Status – a computed health status based on the risk and the anomalies levels
    • Predefined – the risk level of the component, corresponding to the occurrence of predefined risk events
    • Content – the risk level of the component, corresponding to the occurrence of contents which indicate a certain level of hazard

    • Anomalies – the level of anomaly of that log in terms of number of events and number of occurrences of columns’ unique values with respect to computed averages
    • Predefined events – the total number of events to which a risk weight has been set (see Defining log risk)

    • Content events – the total number of events containing contents which indicate a certain level of hazard

    • Total events – the total number of events. In case of a log, this is the total number of events that occurred in the given time frame in the log. In case of a folder or an application, this is the sum of all total events of that component’s children
    • Sub – in case the component has children, this pie chart shows the distribution of the risk events among that component’s children
    • Over Time – the component’s graph over time (either total events, risk events or anomalies, depending on the selected view mode)

  • The left pane of the dashboard contains the following slides:
    • Select Applications: Displays the system's applications tree. Clicking on one of the entries in the tree changes to root context view, making the clicked component the selected root. To get a correlated view of different components, such as all the access logs of all the application and web servers in your system, click the desired logs’ checkboxes and press 'go'. To go back to the upper most level of the health tree, click the 'home' link above the graph.
    • Generate Data: use this slide to define the time frame and the applications to generate new dashboard data for. See Creating dashboard data for more information on how to generate data.
    • Time Rule: drilling down from a graph’s point is one mean of setting the time frame of the dashboard’s displayed data. Using the 'Time Rule' slide allows you to select any time interval for the displayed data. Setting a new time rule does not create new data – it simply shows the already available data that corresponds to that time frame selection. To create new data, use the 'Generate Data' slide.
    • Alerts: Each alert under this slide contains information of the alerts raised while dashboard was running. This information includes the application name for which the alert was raised, the start and end times of the data for which the alert was raised, the alert time and the alert's message.
    • Search: enter a search string and press 'go'. A new window will open displaying the search results.
    • Application Status: shows a summary of the upper most level in your system – the applications. Click on the arrow next to an application to get more a detailed information of its health state consisting of its risk, anomalies and sub graphs. Clicking an application’s name will make it the current root and will show its children in the main dashboard pane.