Event Log Management Tools in SentryOne
Published On: March 6, 2017
Categories: Event Calendar, SentryOne, Windows 0
Event log management is simple and centralized in SentryOne. Events across all of your monitored servers come together in one tool, making management faster. For example, correlating SQL Server performance issues with items in Windows Event Logs is painless. "Outlook-style" Calendar views provide a familiar way of chronicling Windows and SQL Server events. As a result, it's easy to jump right into resolving your server issues.
Event Log Management
First, I'll focus on handling the Windows Event Logs. Then I'll highlight managing SQL Server-specific events. Finally, I'll show you how to bring these items together in custom views.
Win Sentry Event Manager
Windows logs important incidents to the Windows Event Logs. SentryOne monitors and displays them in a highly configurable calendar view within the application. By default, SentryOne watches Application and System Logs. Optionally, you may activate the Security Log from the context menu in the Navigator pane.
SentryOne Navigator --> Event Manager --> Event Logs
SQL Sentry Event Calendar
SQL Sentry logs numerous events specific to SQL Server. Top SQL, Blocking, Deadlocks, and more display on the Event Calendar when you select a SQL Server node on the Navigator.
You control which days to view, how many at a time, and the level of detail (1 minute, 10 minutes, 1 hour, 4 hours, or 1 day). This is accomplished by using the menu or right-clicking and selecting "Zoom To" while on the calendar.
Calendar Viewing Options for Windows Event Log
For example, here are three days, side-by-side.
Calendar View of Windows Event Logs
Calendar View Style
View events as a calendar, list, or both (split). These options display the same events. Because list views allow for additional sorting and filtering by each column, they may be preferable in some cases.
Accessing Calendar Views from the SentryOne Menu
The "Split" option (shown below) offers the benefits of both styles.
Calendar View Styles - Showing Split
Would you like to see all of the event log management tools and more in SentryOne? Use this link to book a demo!
Custom Views bring event log management to another level. Defining a view allows the selection of instances, individual event objects, event sources, and filters. As a result, you have a view to correlate SQL Server and Windows Log Events together. In addition, grouping and viewing events specific to objects and sources is easy.
Start on the Navigator and add a new Local or Shared view.
Then, define what to include in the new Event Calendar.
As an example, here are items available under Logged Events:
Create Custom Views of Logged Events - Example of Event Sources
Next, save the new view.
Now, your view is part of the Navigator menu.
Lori Edwards' (b|t) post, "Visualizing Jobs (and more!) in Event Manager" provides additional instructions for creating Custom Views.
Since some incidents logged to the Windows Event Logs may be inconsequential, SentryOne provides filters for removing them. History Filters exclude events you don't want to view in SentryOne. First, navigate to Settings for the Event Manager node. Next, you'll see the Settings --> Windows Event Logs Source screen (shown below).
History Filter Windows Event Logs Source
Then, set "Inherit from Parent (Global)" to False to access the "History Filter" field. Finally, create simple or complex filters on items like Event ID, Level, Log, Message Text, and more. If you need a refresher on "AND/OR/NOR/NAND" logic, check out my post on making logical choices in Advisory Conditions.
SQLSentry Top SQL Filters
There is an incredible amount of control for going outside of the default options and customizing to meet best your environment's needs. For example, When it comes to Top SQL, you may want to capture statements running under the default five seconds during a test to see queries that are running frequently, even if quickly.
|History Filter SQL Server Source||Top SQL Filter Options|
Various Filter Options for SQL Server Event Sources (Deadlocks, SQL Server Agent Logs, Agent Alerts Source, Top SQL Source, etc.)
Most noteworthy on Top SQL is that you may also wish to exclude events that do not meet your specific thresholds for CPU, reads, or writes. Similarly, History Filters on Settings such as Deadlocks Source allow the exclusion of events logged to the SentryOne database by Event Time or Message Text values.
Event log management is consolidated and highly adaptable to your monitoring requirements via SentryOne tools. Furthermore, the Windows Event Logs are accessible, sortable, and filterable with Win Sentry Event Manager. In addition, SQL Sentry provides robust features for logging the SQL Server events that matter most to you. Finally, the custom calendar views provide a fusion between Windows and SQL Server events for more thorough management and investigation.
Test out SentryOne event log management for yourself with a free 15-day trial.
Melissa is the Product Education Manager at SentryOne. Melissa has over a decade of experience with SQL Server through software performance and scalability testing, analysis and research projects, application development, and technical support.