This topic outlines the steps that you must complete to
create an Insight Pack.
Before you begin
Create a Data Source using
the IBM® Operations Analytics - Log Analysis Generic
Annotation to determine whether the default annotations provided by IBM Operations Analytics - Log Analysis are
sufficient to process your log file data. If the results are not sufficient
for your requirements, you can develop an Insight Pack for
your log file type by completing these steps:
Procedure
- Acquire a representative sample of log files. Choose log
files with as many different log record patterns as possible.
- If you are using the IBM Tivoli® Monitoring Log File Agent to
push data to IBM Operations Analytics - Log Analysis,
create IBM Tivoli Monitoring Log File Agent configuration
artifacts for the new data source.
- Identify the log file record boundaries, patterns, and
so on.
- Identify fields for annotation within logical record patterns.
- Use the Insight Pack tools
to:
- Create and test Annotation Query Language (AQL)
rules to split log file records and extract relevant pieces of data
that you want to index.
- (Optional), Create custom logic to perform the split
and annotate functions.
- Develop the index configuration which describes the
characteristics of fields to be indexed.
- Create the administrative configuration artifact definitions
that are installed with the Insight Pack.
- Generate the Insight Pack for
testing.
- Use IBM Operations Analytics - Log Analysis to
test that log records, from the log file type, are split, annotated,
and indexed correctly.
- Validate that the data is split, annotated, and indexed
and perform some searches on the indexed fields to verify the results.