Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Detailed overview on how to set up Syskit Insights to use HTTPS.
There are a couple of steps needed to set up the Syskit Insights Web Application to use HTTPS instead of HTTP. If there are multiple agents connected to the same database, the following steps need to be performed on all the servers where Syskit Insights is installed:
Set up Syskit Insights
Set up URL reservation
The first thing to do is to stop both Syskit Insights Agent and Syskit Insights Maintenance Job in the Windows Services window on a server where Syskit Insights is installed. After both services are stopped (Syskit Insights Agent can take some time to stop), the file at %ProgramData%/SysKit/Insights/Service/settings.xml has to be modified. Using any text editor, set tag “SslEnabled” to “true”. After modifying the file, there needs to be the following tag in the file:
This setting will configure Syskit Insights to serve its web application over HTTPS.
In order to set up Syskit Insights to serve content over HTTPS, users have to manually generate an SSL certificate. Using a self-signed certificate is not recommended and will not work on client machines unless those certificates are added to the trusted list of certificates on the client machines.
Once the certificate is obtained, it has to be installed to the Trusted Root Certification Authorities on the server that is hosting the Syskit Insights web application.
After the certificate is installed, users need to execute the following commands (the command prompt or PowerShell shell has to be open with the local administrator account):
Lastly, hostname in SyskitInsights database must be updated.
The following SQL query should be executed:
Note: When using HTTPS, Syskit Insights requires you to confirm the agent URL on each startup. If no changes were made, click the Set button, and you are good to go.
How to write search queries in Syskit Insights.
A search query consists of terms and operators. By default, the AND operator is utilized when constructing queries. Terms can be a single word or a phrase. A phrase is a group of words enclosed with double quotes.
Input your query in the searchbox, then press enter or the search button to start the search. Once you have a set of results, you can easily drill down by using the refiners on the left side of the screen or by clicking on various links in the result text.
By default, all fields are searched. To limit your term to a field, type the field name followed by a colon ":" and your term.
To get events from the SP2016WFE1 server, you would enter:
Server: SP2016WFE1
Some useful fields:
Server
Level
CorrelationID
Source
Category
Not all result types have the same fields. For a complete list of fields click here.
Single and multiple character wildcard queries are supported. Use "?" for a single character wildcard and "*" for a multiple character wildcard search.
Please note that searches with a starting wildcard are not supported. Use wildcard searches sparingly, they can be a performance killer.
You can combine your terms using logical operators. The supported operators are AND, OR, NOT and "-". Note that the operators must be UPPERCASED.
This is the default operator. The query: database error is equivalent to database AND error. Both terms must exist somewhere in the document. You can also use && instead of the word AND.
Use this operator when you want to match multiple terms. Server:Server1 OR Server:Server2 will return events from both Server1 and Server2. You can also use || instead of the word OR.
Used to exclude events from your search. Level:Critical NOT administration will return critical events that do not have the term administration. You can also use ! instead of the word NOT.
Similar results can be achieved by using the – operator. Level:critical – administration.
Use parentheses to form subqueries. (Server:Server1 OR Server:Server2) AND Level:Error will return all events with Level equal to errors from both Server1 and Server2.
You can also write your queries in the following way Server:(Server1 OR Server2)
Clause grouping is recommended when writing queries with more than two clauses and different logical operators. Ie. instead of test error OR Server:Server1 use the query: (test error) OR Server:Server1.
The following is a list of special character that are used in the query syntax.
&& || ! ( ) {}[ ] ^ " ~ * ? : \
If you wish to use these characters in your terms, you must escape them with a .
There are a couple of exceptions:
If you are searching for a url, everything is escaped automatically.
\ is escaped automatically.
: is escaped automatically unless used to denote a field.
Example 1: Query Level:Critical database will match events that contain the word "database" and that have a Level of Critical.</p>
Example 2: Query (Level:Exception OR Level:Critical) database will match events that contain the word "database" and that have a Level of Critical or Exception.
Example 3: Query Level:Critical "access the database" will match events that have a Level of Critical and that contain the words "access" "the" "database" in the exact order.
Example 4: Query Level:Critical admin* will match events that have a Level of Critical and contain a word that starts with "admin".
Example 5: Query Level:Critical Server:Server1 will match events that occurred on Server1 with a Level of Critical.</p>
Example 6: Query Level:Critical AND Server:Server1, same as example 5.
Example 7: Query Level:Critical AND Server:Server1– database will match events that occurred on Server1 with a Level of Critical that do not contain the word "database".
Example 8: Query database AND NOT (Level:Critical OR Level:Unexpected) will match events that contain the word "database" and not of a Level of Critical and are not of a Level of Unexpected.
Example 9: Query SPUpdatedConcurrencyException Source:"SharePoint Server Search" will match events that contain the word "SPUpdatedConcurrencyException" and have a source of SharePoint Server Search. Note the use of double quotations since the Source is comprised of multiple words.
Server
Level
Source
Category
EventID
CorrelationID
Message
Server
Source
Category
Level
UserName
Message
Server
Source
Message
To customize Syskit Insights settings click the Settings button located in the bottom left corner. 5. On the settings screen the available settings are divided into:
General settings
Farm settings scoped by each farm.
Agent settings scoped by each agent.
Email settings
A list of settings required to send email notifications when alert occurs.
Assigned agent
When the Syskit Insights Agent starts for the first time, it will be associated with all the farms in your Syskit database. If at some point you connect another farm to your Syskit database, it will be associated with the first free active agent.
If the agent associated by default is not satisfactory, change this option.
If for some reason you wish to stop monitoring a farm, just select None as the desired agent.
One agent can be assigned to multiple farms.
ULS collection configuration
Here you can change which ULS event levels you want to collect. You can choose from the standard SharePoint ULS levels.
All of the ULS categories and sources are preselected by default.
Windows Event Log collection configuration
Here you can change which Windows Event Levels and Logs you wish to monitor
Configure Windows event sources to monitor. By default SPDocKit, SharePoint and SQL are added.
SQL collection configuration
Enabled by default.
Performance monitoring
Enabled by default.
Intra-farm Latency Configuration
Enabled by default.
Ping response time threshold: 1ms by default
Ping rate above threshold tolerance: 0.1% by default
Enable/Disable data collection
Will stop/start data collection (log and performance data) from all farms associated with the selected Syskit Insights Agent.
Collection interval
How often to collect log data (default is 15 seconds).
Data retention period
How long do you wish to keep the data (default is 7 days for both Search and Performance).
Max index size
Data collection will stop when this limit is reached.
Performance data collection interval
How often to collect performance data (default is 60 seconds)
Remove agent - only supported for an inactive agent.
Uninstall the selected Syskit Insights Agent form the machine where it is located.
You can do so by uninstalling Syskit Insights completely.
Wait a couple of minutes for the agent to register as offline.
Remove the agent by using this option.
How to use Syskit Insights to monitor a SPO page.
If you do not have any on-premises farms and you want to monitor the performance of your SharePoint Online (SPO) pages only, this is what you need to do:
When you install and start the application, the farms tab will automatically open. Since you do not have any on-premises farms, click the button “Use Syskit Insights to monitor SharePoint Online.”
You will be automatically redirected to the add page screen of Page Performance.
Once there, simply input the URL of a page you want to monitor or import URLs from a file. When importing from a file, put each page on a separate line.
Click Import and the import check will start. A pop-up window will ask you to give consent and to provide your credentials. When prompted to “remember the login” make sure to click yes. The benefits are:
Credentials will be reused for all connections to the same tenant.
The credentials will be valid for more than 5 days.
After adding all the pages you wish, they will be shown on the Page Performance dashboard.
And that is it. For more general information on the Page Performance feature, please see this article.
Please note! This process of adding a SPO "farm" is required due to restrictions in how our application works. The pages you wish to monitor must "belong" to a farm. When importing pages, if you already have an on-premises farm, it is fine to "put them" into an existing on-premises farm. In this instance, the farm is merely an abstract container.
This section describes how to manage Syskit Insights Alerts.
Here you can manage the thresholds and the notification settings of every performance counter. They are divided into six categories or templates: General, IIS/ASP.NET, SQL/ SQL(Named), Disk, .NET and Search.
Raise alert for this counter - enable this if you wish to receive an alert when the counter reaches warning or critical threshold. Also, if any counter is either in critical or warning state, the entire server on Performance tab will bi marked accordingly.
Thresholds - most of the counters have a predefined value. However, these values are not "one size fits all" so you can change them to suit your needs.
Enabling the Threshold checkbox means that you will be alerted (Alerts tab in the application) when a given counter reaches its critical or warning limit.
Send to default email address will send a notification (email) to addresses given in Settings -> Email Settings.
Send to alternate email address - here you can define extra emails of people that you wish to receive the notification.
Opening the Events tab of Manage Alerts form will show you a list of all current Alerts as well as the time the alert was last sent on. To create a new alert click New Alert: 1. Enter the alert name. 1. Enter your search query choose if you wish to query only the ULS logs, Event or SQL logs. Naturally you can also search for every given type of log. 1. Filter by the farm and choose how often you wish to be notified.
If you wish to be notified about the alert via email check the Send to default email address checkbox. Also, you can send additional emails with selecting Send to alternate email address.
If you want to edit an already existing alert navigate to aforementioned list of alerts and on the right hand side click the edit icon for a given alert.
We will continuously ping the Central Administration site and notify you if it is not accessible. By default, you will receive an alert every 30 minutes.
Status of the SharePoint Timer Service is checked for every server in the farm. You will be alerted if the status is stopped or stopping. By default you will receive an alert every 30 minutes.
The status of the SharePoint Timer Service is checked for every server in the farm. You will be alerted if the status is stopped or stopping. By default, you will receive an alert every 30 minutes.
You will be alerted if the status is stopped or stopping. By default, you will receive an alert every 30 minutes. Note: The service is not available on SharePoint Server 2016.
Send to default email address will send a notification (email) to addresses given in Settings -> Email Settings.
Send to alternate email address - here you can define extra emails of people that you wish to receive the notification.
Here you can configure which metric to monitor in order to send alerts if received values exceed set thresholds.
Enable Page Performance Alerting - check this to enable the alerting.
SPRequestDuration - by default 150ms and OFF
SPIISLatency - by default 9ms and OFF
X-SPHealthScore - by default 4 and ON
Page Response Time - by default 5000ms and ON
File Size - default 2000kB and OFF
File Load Time - - default 2000ms and OFF
File Size - by default 2000kB and OFF
File Load Time - by default 2000ms and OFF
Send to default email address will send a notification (email) to addresses given in Settings -> Email Settings.
Send to alternate email address - here you can define extra emails of people that you wish to receive the notification.
If you wish to track additional services, this article explains how to add a custom Service alert into the application. Run the following script against the Syskit Insights database.
Replace the properties in curly brackets (AlertName and FarmName) and input the Service name you wish to start tracking. Most common request we have been receiving is to add a Workflow Manager Service. In that case you would input: WorkflowServiceBackend as that is the service name.
If you require more assistance with this issue, don't hesitate to
You will be notified when the observed latency exceeds values.
In case there is an instance or an entire hard drive you do not wish to track, here is how you can disable them.
To disable the entire hard drive, run the following scrip against the Syskit Insights database. Set the value of variable Enabled to 1 or 0 (0 = Disabled, 1 = Enabled). Also, input the Server and Disk name as they are seen in the application.
If there is an instance, for example - hard drive instance, that you do not wish to track, here is what you need to do in order to disable it. Run the following scrip against the Syskit Insights database.
Set the value to the variable Enabled to 1 or 0 (0 = Disabled, 1 = Enabled). Also, input the Server, Counter and Instance name as they are seen in the application.
If you require more assistance with this issue, don't hesitate to ask us.