On-Demand Upload (ODU), can help with use cases such as testing parsers by uploading different log types, or if you just want to do one-time analysis on some logs.
In this short post we’ll look at an example on how to upload logs in OCI Logging Analytics using ODU from the graphical wizard.
This example is based on a real use case where a sysadmin realized a node (server42) did not join the RAC clustered filesystem after a reboot, and how the admin uploaded logs into Logging Analytics for quick analysis to find the root cause. This also gave the admin a chance to check if any parser tuning was needed.
If you want to follow the example, I’ve uploaded the log and redacted all sensitive information here.
Step 1. Have Logging Analytics on-demand policies in place so that you can upload / delete logs.
Step 2. Create a log group. Log groups can be used to control user access to logs in that group.
A. From the hamburger menu in OCI, select Observability & Management, under Logging Analytics select Administration.
B. Select Uploads from the left on the next screen and click Upload Files.
C. On the Uploads File screen, provide an Upload Name a Compartment and the Log Group (created in step 2). Click Select Files and upload the log. Once the file has been selected, click Next.
D. From the Set Properties page, tick the uploaded File Name and select Set Properties. On the right, pick out the Source for the logs. Click Save Changes and then Next.
E. Review the information provided and click Upload
F. Wait for the process to complete and Close the window when Submission Status is Success.
G. The next screen summaries the files which have been uploaded and allows you to view and analyze in Log Explorer or Delete them. Click on View In Log Explorer.
H. We can now see the uploaded logs based on the timestamps in the log.
To conclude the use case, the sysadmin used Cluster Analysis to help identify any potential issues.
From the results, the sysadmin identified there was one count indicating “FATAL: Module ocfs2_stackglue not found”.
This indicates that on server42 the boot strapping process started under a kernel which does not have the ocfs2 modules. Rebooting the node with the correct kernel fixed the issue quickly.
In the case of our sysadmin, the root cause was identified quickly, and the issue resolved. As a proactive measure - and never wanting to be in that situation again - the sysadmin decided to use Logging Analytics to continuously ingest logs from all nodes setting up Alerting based on findings.
Hopefully, these steps give you an idea on how easy it is to upload logs and use the power of Logging Analytics to become more proactive.