Analytics Dashboard(Early Access) Troubleshooting

4 Likes
over 1 year ago

ACCESS MANAGER DASHBOARD TROUBLESHOOTING

 

Contents

 

Introduction   

1. Logstash Troubleshooting. 1

1.1.        Log Level Setting (With Restart) 1 

1.2.        Log Level Setting (Without Restart) 2

2.     Elasticsearch Troubleshooting. 3

2.1.        Log Level Setting (With Restart) 3

2.2.        Log Level Setting (Without Restart) 4

3.     Elasticsearch Queries For Troubleshooting. 4

3.1.        Get Elasticsearch Version. 4

3.2.        Retrieve Events Based On eventid. 4

3.3.        Retrieve Events Based On Time. 5

3.4.        Retrieve all Events other than given eventid. 5

3.5.        Retrieve Events Based On Eventid And Time. 6

3.6.        Retrieve Events Matching Any One Of The Eventid’s. 7

 

 Introduction

 
Analytics Dashboard Early Access is released as part of NetIQ Access Manager (NAM) v4.5.SP3 onwards. 
Intent of this document is to improve the troubleshooting techniques of Analytics Dashboard with sample elasticsearch queries which will be useful in debugging
 

1. LOGSTASH TROUBLESHOOTING

 
1.1.  LOG LEVEL SETTING (WITH RESTART)
 

You can set the log level for logstash to view the output in the respective log file location.

Ensure to restart the service after making any change.

 

             /etc/logstash/logstash.yml
 
     # ------------ Debugging Settings --------------
     #
     # Options for log.level: 
     # * fatal
     # * error
     # * warn
     # * info (default)
     # * debug
     # * trace
     #
     log.level: info
     path.logs: /var/opt/novell/nam/logs/logstash
     #
     # ------------ Other Settings --------------
     #
     # Where to find custom plugins

  # path.plugins: []

 
1.2.  LOG LEVEL SETTING (WITHOUT RESTART)
 

 

    You can dynamically update logging levels through the logging API. These settings are effective immediately and do not need a restart. Please ensure this has to run as curl command in linux terminal.



curl -XPUT 'localhost:9600/_node/logging?pretty' -H 'Content-Type: application/json' -d'
{
    "logger.logstash " : "DEBUG"
}'
 

 

 

2.    ELASTICSEARCH TROUBLESHOOTING

 
2.1.  LOG LEVEL SETTING (WITH RESTART)
 

        

You can set the log level for elasticsearch to view the output in the respective log file location. Ensure to restart the service after making any change.

 

   /etc/elasticsearch/log4j2.properties
 
   # log action execution errors for easier debugging
   logger.action.name = org.elasticsearch.action
   logger.action.level = debug
 
2.2.  LOG LEVEL SETTING (WITHOUT RESTART)
 

          

You can also dynamically update logging levels through API. These settings are effective immediately and do not need a restart.

 

PUT /_cluster/settings   
{
"transient": {
"<name of logging hierarchy>": "<level>"
}

For Example:

PUT /_cluster/settings
{ 
"transient": {
"logger.org.elasticsearch.action": "trace" 
}
}
 
Above log level will effectively dump all the logs related to any action in elasticsearch. Pertaining to Access Manager Dashboard, we are inserting to elasticsearch through logstash as Bulk Action. If we need only those insertion logs, we can set child level logger as below
PUT /_cluster/settings
{ 
"transient": {
"logger.org.elasticsearch.action.bulk.TransportShardBulkAction": "trace" 
}
}
You can revert this setting again by executing
PUT /_cluster/settings
{ 
"transient": {
"logger.org.elasticsearch.action.bulk.TransportShardBulkAction": null
}
}
 

3.    ELASTICSEARCH QUERIES FOR TROUBLESHOOTING                   

 
 Please ensure to run these queries in Dev Tools panel
1.     Log in to Analytics Dashboard
2 .    Click Dev Tools on left panel.
 
3.1.  GET ELASTICSEARCH VERSION
 
 To get elasticsearch version and other details, please make use of below
GET /
 
3.2.  RETRIEVE EVENTS BASED ON EVENTID
 
In case we want to retrieve data from elasticsearch on event id such as IDP login event, we can make use of below query
GET _index_name/_search
{ 
"query":
{"match": {
 
"eventID": "002E000A"
 
}}
}
NOTE:_index_name can be realtime(7 days of data) or historic(6 months of data)
 
3.3  RETRIEVE EVENTS BASED ON TIME
 
In case we want to retrieve data from elasticsearch based on time such as events inserted in last 15 minutes, we can make use of below query
GET _index_name/_search
{   
"query": {
       
"range" : {
 
"createDate": {
                
"gte" : "now-15m",
               
"lt" :  "now"
           
}
       
}
   
}
} 


NOTE:_index_name can be realtime(7 days of data) or historic(6 months of data)
 
3.4  RETRIEVE EVENTS OTHER THAN GIVEN EVENT ID
 
In case we want to retrieve all events except given event id, we can make use of below query
GET _index_name/_search
{  "query": {   
"bool": {
     
"must_not": {
       
"match": {
         
"eventID": "002E000A"
       
}
     
}
   
}
 
}
}
NOTE:_index_name can be realtime(7 days of data) or historic(6 months of data)
3.5  RETRIEVE EVENTS BASED ON EVENTID AND TIME
 
In case we want to retrieve IDP login event inserted in last 15 minutes, we can make use of below query
GET _index_name/_search
{  "query": {   
"bool": {
     
"must": [{
         
"match": {
           
"eventID": "002E000A"
         
}
       
},
       
{
         
"range": {
           
"createDate": {
             
"gte": "now-15m",
             
"lt": "now"
           
}
         
 }
       
}
     
]
   
}
 
}
}
NOTE:_index_name can be realtime(7 days of data) or historic(6 months of data)
 
3.6  RETRIEVE EVENTS MATCHING ANY ONE OF THE EVENTID’S
 
In case we want to retrieve matching any one of the eventid in the list, you can use below
GET _index_name/_search
{  "query": {   
"bool": {
    
"should" : [
       
{ "match" : { "eventID": "002E000A" } },
       
{ "match" : { "eventID": "002E000C" } }
     
]
   
}
 
}
}
NOTE:_index_name can be realtime(7 days of data) or historic(6 months of data)
 
 
 

Labels:

New Release-Feature
Comment List
Anonymous
Related Discussions
Recommended