Using the Archived Logs interface

The Archived Logs interface presents a detailed inventory of Log Management data moved from the Elasticsearch database to the archive location configured in Log Management Settings. The information displayed includes:

Tip: Hovering over the Status column or the Index column displays historical information about the archive such as when it was created and when it was restored to Elasticsearch.

Tip: Hovering over a section of the snapshot displays the log count for that severity level.

Additional information may be displayed by hovering over any column header, clicking the icon that appears, then selecting from the options shown in the Columns sub-menu. These options include:

Clicking the column header icon also allows you to sort column data. The date range for data displayed can be adjusted using the calendar drop-down menu in the upper-right corner of the grid.

To restore logs contained inside an archived file to Elasticsearch (to allow for research on logs contained in that archive, for example), select the applicable checkbox at the left of the grid, then click Restore. Restore requests are queued to the WhatsUp Gold system task that restores logs from archives. Depending on the size of the archive and the performance of the Elasticsearch instance the restore operation could take some time to complete the request. Once restore finishes, the status shows as Restored. If any errors occurred during restoration (e.g., if the archive was tempered after its creation, which disqualifies it from being restored to Elasticsearch), they are displayed under Message in the grid as well as in applicable logs in WhatsUp Gold.

To remove from Elasticsearch logs previously restored from an archived file, select the applicable checkbox at the left of the grid, then click Remove.

Important: Logs from archives that are in the status Restored remain in Elasticsearch until the user removes them by selecting the archives and clicks Remove. They are not subject to WhatsUp Gold's automatic deletion based on the online log retention policy or log deletion when disk space is low on Elasticsearch. Therefore, it is advised to remove restored logs as soon as they are no longer needed in Elasticsearch.

Note: Enable the Include Deleted control to display archive files previously removed from the archive location. While deleted archive file records can be displayed in the Archived Logs interface, the actual files cannot be restored once they have been deleted.

See Also

Log Management

About Log Management

Configure a Log Source

Log Management Settings

Creating filters

Configuring a Log Management Filter Frequency Threshold

Log Management Dashboard

Log Viewer (Full Page Report)

About Log Management data archiving