Management zones and ingested log data (Logs Classic)

Log Monitoring Classic

Management zones are an information-partitioning mechanism that allow you to focus on specific parts of your topology. You can customize a management zone to include a specific set of monitored entities via management-zone rules. Use one of these two methods to analyze logs generated by a management-zone entity.

If you use generic log ingestion via the Log Monitoring API v2, you can send an object representing a single event or an array of objects representing multiple events. The object must contain at least one of the following attribute keys, which define the entity types for which log data is ingested.

Log Monitoring Classic checks, in the order listed above, if the log event attribute value (and, therefore, the corresponding entity) belongs to a given management zone. At the first match, Log Monitoring Classic stops checking and assigns the log data to the management zone that the matched entity belongs to.

In the log viewer, select the Filter button in the menu bar to select a management zone. The log viewer displays log data for the entities matching the log-event attribute keys listed above.

The log viewer displays log data for up to 10,000 monitored entities per management zone. If your management zone contains more than 10,000 monitored entities, and you would like to see log data for all of your monitored entities, you can break your management zone into smaller zones of fewer than 10,000 monitored entities each.

If you need to filter logs by other attributes, you can add a rule for including log-based dimensional data in a management zone. Logs satisfying the conditions of such a rule are then displayed in the log viewer after selecting a management zone using the Filter button .