Categorized in: 

LogBook improves UIS system monitoring, issue detection, performance and reliability

The UIS Centralized Operational Information and Event Management service, known as LogBook, was released March 2019. The tool’s features allow UIS staff to more effectively monitor system health and detect potential issues.

What can centralized logging do for you?

Centralized logging allows for early problem detection with alerting on system health and critical events in near real-time. These logs are used almost exclusively for investigating customer-reported issues or system issues.

In distributed systems, it is sometimes difficult to identify a problem’s source system, but centralized logging allows for a wider view by searching or observing multiple sources at a time. LogBook provides UIS staff with Google-style plain language searching of logs, flexible data enrichment, quick log statistics as well as easy graphing and alerting. This improves collaborative troubleshooting across functional areas, allowing UIS to maintain reliability for systems that CU counts on.

This service has been running since October 2018 and was recently released for general availability to replace QRadar in March 2019. Several trainings taught UIS employees to use the tool with their specific systems.

Logbook replaces QRadar’s operational compliance requirements and adds the flexibility for potential new regulatory requirements. On QRadar, the department’s capacity to detect real-time activity and manage logs on its local systems was limited. By comparison, LogBook maintains a centralized logging repository for any services that connects their data to it.

UIS application owners take advantage of three primary components to simplify monitoring: Elasticsearch (datastore), Graylog (collection, search, and datastore management), and Grafana (dashboard).

  • Elasticsearch provides an open source search engine and datastore that is distributed, scalable and highly-available.
  • Graylog classifies and sorts all incoming data for storage in Elasticsearch. Graylog allows stakeholders to search, browse or track events from one or many sources.  Additionally, it maintains the data lifecycle and retention policy.
  • Grafana provides a metrics and analysis visualization suite where identified trends can be aggregated, monitored and configured for alerting. Dashboards are simple to build and allow steakholders to view service health and status at a glance. Additionally, the dashboard views pull in details from Graylog. In addition, Grafana alerts can be created simply by point-and-clicking a threshold and choosing an email address for delivery.

The Cross-Applications Middleware team within UIS will continue working with UIS application owners and developers get the most out of this new service. 

Tags: 

Add new comment