Related Tips & Info

Analytics Dashboard(Early Access) Troubleshooting

Ramanathan
Micro Focus Employee
4 Likes

ACCESS MANAGER DASHBOARD TROUBLESHOOTING

 

Contents

 

Introduction   

1. Logstash Troubleshooting. 1

1.1.        Log Level Setting (With Restart) 1 

1.2.        Log Level Setting (Without Restart) 2

2.     Elasticsearch Troubleshooting. 3

2.1.        Log Level Setting (With Restart) 3

2.2.        Log Level Setting (Without Restart) 4

3.     Elasticsearch Queries For Troubleshooting. 4

3.1.        Get Elasticsearch Version. 4

3.2.        Retrieve Events Based On eventid. 4

3.3.        Retrieve Events Based On Time. 5

3.4.        Retrieve all Events other than given eventid. 5

3.5.        Retrieve Events Based On Eventid And Time. 6

3.6.        Retrieve Events Matching Any One Of The Eventid’s. 7

 

 Introduction

 
Analytics Dashboard Early Access is released as part of NetIQ Access Manager (NAM) v4.5.SP3 onwards. 
Intent of this document is to improve the troubleshooting techniques of Analytics Dashboard with sample elasticsearch queries which will be useful in debugging
 

1. LOGSTASH TROUBLESHOOTING

 
1.1.  LOG LEVEL SETTING (WITH RESTART)
 

You can set the log level for logstash to view the output in the respective log file location.

Ensure to restart the service after making any change.

 

             /etc/logstash/logstash.yml
 
     # ------------ Debugging Settings --------------
     #
     # Options for log.level: 
     # * fatal
     # * error
     # * warn
     # * info (default)
     # * debug
     # * trace
     #
     log.level: info
     path.logs: /var/opt/novell/nam/logs/logstash
     #
     # ------------ Other Settings --------------
     #
     # Where to find custom plugins

  # path.plugins: []

 
1.2.  LOG LEVEL SETTING (WITHOUT RESTART)
 

 

    You can dynamically update logging levels through the logging API. These settings are effective immediately and do not need a restart. Please ensure this has to run as curl command in linux terminal.



curl -XPUT 'localhost:9600/_node/logging?pretty' -H 'Content-Type: application/json' -d'
{
    "logger.logstash " : "DEBUG"
}'
 

 

 

2.    ELASTICSEARCH TROUBLESHOOTING

 
2.1.  LOG LEVEL SETTING (WITH RESTART)
 

        

You can set the log level for elasticsearch to view the output in the respective log file location. Ensure to restart the service after making any change.

 

   /etc/elasticsearch/log4j2.properties
 
   # log action execution errors for easier debugging
   logger.action.name = org.elasticsearch.action
   logger.action.level = debug
 
2.2.  LOG LEVEL SETTING (WITHOUT RESTART)
 

          

You can also dynamically update logging levels through API. These settings are effective immediately and do not need a restart.

 

PUT /_cluster/settings   
{
   "transient": {
        "<name of logging hierarchy>": "<level>"
   }

For Example:

PUT /_cluster/settings
{  
"transient": { 
     "logger.org.elasticsearch.action": "trace"  
}
}
 
Above log level will effectively dump all the logs related to any action in elasticsearch. Pertaining to Access Manager Dashboard, we are inserting to elasticsearch through logstash as Bulk Action. If we need only those insertion logs, we can set child level logger as below
PUT /_cluster/settings
{  
"transient": { 
"logger.org.elasticsearch.action.bulk.TransportShardBulkAction": "trace"  
}
}
You can revert this setting again by executing
PUT /_cluster/settings
{  
"transient": { 
"logger.org.elasticsearch.action.bulk.TransportShardBulkAction": null 
}
}
 

3.    ELASTICSEARCH QUERIES FOR TROUBLESHOOTING                   

 
 Please ensure to run these queries in Dev Tools panel
1.     Log in to Analytics Dashboard
2 .    Click Dev Tools on left panel.
 
3.1.  GET ELASTICSEARCH VERSION
 
 To get elasticsearch version and other details, please make use of below
GET /
 
3.2.  RETRIEVE EVENTS BASED ON EVENTID
 
In case we want to retrieve data from elasticsearch on event id such as IDP login event, we can make use of below query
GET _index_name/_search
{  
"query":
 {"match": { 
"eventID": "002E000A"  
}}
}
NOTE:_index_name can be realtime(7 days of data) or historic(6 months of data)
 
3.3  RETRIEVE EVENTS BASED ON TIME
 
In case we want to retrieve data from elasticsearch based on time such as events inserted in last 15 minutes, we can make use of below query
GET _index_name/_search
{   
 "query": {        
     "range" : { 
        "createDate": {                
                "gte" : "now-15m",                
                 "lt" :  "now"            
                  }        
               }   
          }
    } 


NOTE:_index_name can be realtime(7 days of data) or historic(6 months of data)
 
3.4  RETRIEVE EVENTS OTHER THAN GIVEN EVENT ID
 
In case we want to retrieve all events except given event id, we can make use of below query
GET _index_name/_search
{  "query": {    
       "bool": {      
        "must_not": {       
           "match": {          
             "eventID": "002E000A"        
                 }      
               }    
            }  
          }
}
NOTE:_index_name can be realtime(7 days of data) or historic(6 months of data)
3.5  RETRIEVE EVENTS BASED ON EVENTID AND TIME
 
In case we want to retrieve IDP login event inserted in last 15 minutes, we can make use of below query
GET _index_name/_search
{  "query": {    
      "bool": {      
        "must": [{          
          "match": {           
             "eventID": "002E000A"          
           }       
         },       
        {          
         "range": {            
            "createDate": {              
                "gte": "now-15m",             
                "lt": "now"            
              }         
          }        
        }      
      ]   
 } 
 }
}
NOTE:_index_name can be realtime(7 days of data) or historic(6 months of data)
 
3.6  RETRIEVE EVENTS MATCHING ANY ONE OF THE EVENTID’S
 
In case we want to retrieve matching any one of the eventid in the list, you can use below
GET _index_name/_search
{  "query": {    
      "bool": {     
        "should" : [        
           { "match" : { "eventID": "002E000A" } },        
           { "match" : { "eventID": "002E000C" } }     
          ]    
}       
 }
}
NOTE:_index_name can be realtime(7 days of data) or historic(6 months of data)
 
 
 

Labels:

New Release-Feature
Comment List
Anonymous
Related Discussions
Recommended

Resources

Support
Documentation
Training
CyberRes Academy
Partner Portal
Contact us
Compliance
Help
Company
Privacy Policy
Terms of Use
Accessibility
Anti-Slavery Statement
Support
How To Buy
Careers
Investor Relations
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.