Prerequisites

You must have Siemplify Integration downloaded and the Elastic Server Address configured with the Siemplify machine address in order to access Kibana logs.

Collecting Logs into EK

All logs generated by the Agent, the Publisher and Siemplify (Remote Execution related) are collected inside Elastic into a specific index that shows all remote activity logs.The logs are updated every X seconds (where x is configurable). The default is 60 seconds. The logs are collected using a Siemplify job called “log collector” and each job is created automatically when a new Publisher is configured to Siemplify.

The Siemplify analyst can filter and sort the logs in the index according to the fields that each log entry has.

How can I see Logs?

Publisher Logs
From the Settings > Advanced > Publishers screen, next to the required Publisher, click View Publisher Logs. These will show logs for the specified Publisher only

Agent Logs
From the Settings > Advanced > Remote Agents screen, click the i icon and then click View Agent Logs. These will show logs for the specified Agent only.

General Logs

  1. Enter into the Kibana platform with your machine address and with port 5601 at the end. (For example: 10.0.1.38:5601)
  2. Click Discover on the top right (this is denoted by the red square).
  3. In order to see logs which are not specific to an Agent or Publisher, type the following in the Filter field:
    fields.CustomFields.TaskType:”“.
    For example, type fields.CustomFields.TaskType:“PUBLISHER_CREATE_AGENT”

The following Task Types are supported:
PUBLISHER_INITIAL_CONNECTIVITY
PUBLISHER_CONNECTIVITY_STATUS
PUBLISHER_CREATE_AGENT
PUBLISHER_UPDATE_AGENT
PUBLISHER_UPLOAD_DEPENDENCIES
KILL_AGENT
PUBLISHER_UPLOAD_SLAVE_CONFIG
CONNECTIVITY_ACK
TEST_CONNECTOR
RUN_ACTION (Publisher)
CONNECTOR_EXECUTION (Start Agent)
AGENT_CREATION
TEST_CONNECTOR
AGENT_SEND_CASE
CONNECTOR_EXECUTION
ENABLE_AGENT
CASE_ACK
AGENT_DOWNLOAD
AGENT_PULLING_TASKS
AGENT_START_RUNNING
RUN_ACTION

*Log Record Entry *

Each log should have the same structure (fields):

  • Task ID – If the log entry is a Task, it will have the ID here. If the log entry is sending a case package, it will have the package ID here. Otherwise it will have a GUID.
  • Task Type – If the log entry is a Task, it will have the type here. Otherwise will put the type of the action done. For example: Agents sending (or re-transmitting) cases
  • Actor – Siemplify \ Agent \ Publisher
  • Actor Identifier – Unique ID to identify the specific Actor instance
  • Module – If the Actor is an Agent, will point the module of the Agent, otherwise will put “None”
  • Log Creation Time Unix (GMT)
  • Log Creation Time (GMT)
  • Log Creation Time Unix (Local)
  • Log Creation Time (Local)
  • Level – Info \ Warning etc.
  • Message – The log message for success or failure with detailed information about the action taken by the Actor (e.g. for sending case packages will include the package ID, count of cases in package etc.)

Feedback

Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Post Comment