Question
Cognizant
US
Last activity: 12 Oct 2018 14:22 EDT
Analysis of PEGA rules and alerts in SPLUNK using AES queries.
We have to perform analysis of PEGA rules and alerts in SPLUNK using AES queries.
If any POC has been done before on this.Please share the document.
Kindly share the AES SQL queries for monitored node.
***Edited by Moderator Marissa to update platform capability tags***
Pegasystems Inc.
IN
Hi,
1) PLA - https://pdn.pega.com/community/pega-exchange/pegarules-log-analyzer. This provides excel export of pivoted data to work with once the log files are uploaded to it.
Hi,
1) PLA - https://pdn.pega.com/community/pega-exchange/pegarules-log-analyzer. This provides excel export of pivoted data to work with once the log files are uploaded to it.
2) AES / PDC - This can correlate the data and create cases for you and come up with your top issues in terms of performance and quality - https://pdn.pega.com/products/autonomic-event-services-enterprise-edition and https://collaborate.pega.com/discussion/pega-predictive-diagnostic-cloud-configuration-application
Alternatively, you can use your own log4j appender in prlogging.xml file to route to something like ELK or Splunk.
Pegasystems Inc.
US
A key challenge you will face in splunk is grouping alerts / exceptions by correlation so you can assess the unique issues that you face and frequency/cost of each issues. There is logic in AES to uniquely assess and persist the correlation string for each alert type.
Broader question - why do you want / need to recreate AES in splunk rather than simply using AES as-is -- or even simpler, just use the PDC service, since it frees you from the need to pay for AES infrastructure, gets new features / improved advice frequently and has a product manager who is happy to get feedback and make enhancements based on user input (yours truly).
Anthem
US
Hi Andy,
We have tried Anthem “tenant” on the PDC service but some of the tabs like System Summary, Stability and Improvement Plan & Enterprise are not working out (displaying blank screens).
Do we need any additional configuration on the monitored nodes ?
Pegasystems Inc.
US
I logged into the Anthem tenant and only see partial data (alerts but no health status) from one node. How many nodes should have been sending to PDC/AES? Are you using standard Pega7 logging configuration or has it been customized in any way?
On monitored node, enable debug logging for classes httpclient.wire.header and httpclient.wire.content to see what it is sending to PDC and whether it gets a proper http response code. Not uncommon for network admin assistance to be needed to open outgoing https to pdc-external.pegacloud.com
Anthem
US
Hi Andy,
Enterprise Health Tab @PDC service started working out well after removing the 3 "management" DSS settings @monitored node.
But DB Query Stats,DB Table Usage,DB current activity and Email notifications are not working out.
Please suggest.
Pegasystems Inc.
US
well, there is no real 'query list'. We do lots of queries depending on the report. The key point is that PDC has logic to recognize each alert type and define the proper way to correlate related alerts into a case, and we use that to create a correlation string and hash it for correlation ID. That way, when agents look at newly received alerts, they either match correlationID of an existing case or a new case gets created. We've also done work to ensure that the correlation relates to the root cause -- primarily with regard to assessing if a query comes from a report, and RDB method or an OBJ method.
We're going to now start adding logic to recognize certain exceptions and give prescriptive advice on how to fix them.