Skip to content

Commit

Permalink
Add 1st draft of auto-detection quickstart
Browse files Browse the repository at this point in the history
  • Loading branch information
dedemorton committed Jul 20, 2024
1 parent feb2d6a commit e10077d
Show file tree
Hide file tree
Showing 2 changed files with 62 additions and 1 deletion.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
63 changes: 62 additions & 1 deletion docs/en/serverless/quickstarts/auto-detect-logs-metrics.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -7,4 +7,65 @@ tags: [ 'serverless', 'observability', 'how-to' ]

{/* TODO: Make sure title matches the title used in the UI */}

Add intro here.
<p><DocBadge template="technical preview" /></p>

<DocCallOut title="Before you begin">
This quickstart has the following requirements and limitations:

- The **Admin** role or higher is required to onboard system logs and metrics. To learn more, refer to <DocLink slug="/serverless/general/assign-user-roles" />.
- Root privileges on the host are required to run the auto-detection script used in this quickstart.
- The auto-detection script currently scans for metrics and logs from Apache, Docker, Nginx, and the host system.
It also scans for custom log files.
- The auto-detection script works on Linux and MacOS only and requires support for the `lsof` command.
</DocCallOut>

{/* QUESTION: Akhilesh mentioned that some integrations that are part of this auto-detection based flow are only available for Linux. Need to find out from @thomheymann which ones. */}

In this quickstart guide, you'll learn how to scan your host to detect and collect logs and metrics,
then navigate to dashboards to further analyze and explore your observability data.
You'll also learn how to get value out of your observability data.

1. <DocLink slug="/serverless/observability/create-an-observability-project">Create a new ((observability)) project</DocLink>, or open an existing one.
1. In your ((observability)) project, go to **Add Data**.
1. Select **Collect and analyze logs**, and then select **Auto-detect logs and metrics**.
1. Copy the command that's shown. For example:
![Quick start showing command for running auto-detection](../images/quickstart-autodetection-command.png)
You'll run this command to download the auto-detection script and scan your system for observability data.
1. Open a terminal on the host you want to scan, and run the command.
1. Review the list of log files:
- Enter `Y` to ingest all the log files listed
- Enter `n` to either exclude log files or specify additional log paths. Enter `Y` to confirm your selections.

The script downloads and installs the software needed to collect observability data from the host and send it to Elastic.
When the script is done, you'll see a message like "((agent)) is configured and running."

There might be a slight delay before logs and other data are ingested.
Under **Visualize your data**, you'll see a list of dashboards that you can access to explore your ingested logs and metrics.

{/* QUESTION: What advice do we want to give users if they look at the dashboards and realize they've missed some logs they want to ingest.
Is there a way to re-run the auto-detection script and add new logs without having uninstall Elastic Agent and go through all the steps again?
Telling them to change add inputs to the yaml config is kind of throwing folks into the deep end.*/}

## Get value out of your data

After using the dashboards to examine your data and confirm you've ingested all the host logs and metrics you want to monitor,
you can use Elastic ((observability)) to gain deeper insight into your data.

For host monitoring, the following capabilities and features are recommended:

- In the <DocLink slug="/serverless/observability/infrastructure-monitoring">Infrastructure UI</DocLink>, analyze and compare data collected from your hosts.
You can also:
- <DocLink slug="/serverless/observability/detect-metric-anomalies">Detect anomalies</DocLink> for memory usage and network traffic on hosts.
- <DocLink slug="/serverless/observability/alerting">Create alerts</DocLink> that notify you when an anomaly is detected or a metric exceeds a given value.
- In the <DocLink slug="/serverless/observability/discover-and-explore-logs">Logs Explorer</DocLink>, search and filter your log data,
get information about the structure of log fields, and display your findings in a visualization.
You can also:
- <DocLink slug="/serverless/observability/monitor-datasets">Monitor log data set quality</DocLink> to find degraded documents.
- <DocLink slug="/serverless/observability/run-log-pattern-analysis">Run a pattern analysis</DocLink> to find patterns in unstructured log messages.
- <DocLink slug="/serverless/observability/alerting">Create alerts</DocLink> that notify you when an Observability data type reaches or exceeds a given value.
- Use <DocLink slug="/serverless/observability/aiops">AIOps features</DocLink> to apply predictive analytics and machine learning to your data:
- <DocLink slug="/serverless/observability/aiops-detect-anomalies">Detect anomalies</DocLink> by comparing real-time and historical data from different sources to look for unusual, problematic patterns.
- <DocLink slug="/serverless/observability/aiops-analyze-spikes">Analyze log spikes and drops</DocLink>.
- <DocLink slug="/serverless/observability/aiops-detect-change-points">Detect change points</DocLink> in your time series data.

Refer to <DocLink slug="/serverless/observability/serverless-observability-overview"/> for a description of other useful features.

0 comments on commit e10077d

Please sign in to comment.