This page describes the files produced by each export action in the LogRhythm Diagnostics Tool v3.1.0. Unlike earlier versions, v3.1.0 does not produce a single consolidated ZIP archive. Instead, each export action produces one or more discrete files targeted to the analysis type.
Export Logs (Per-Node ZIP Archives)
Initiated from the Export Logs tab. The Diagnostics Tool discovers all registered lr-diagnostics-agent instances via Consul/Service Registry and downloads a separate ZIP archive for each selected node.
Filename:lrdiag-export-<nodename>.zip
Characters that are invalid in Windows filenames (/ \ : * ? " < > |) in the node name are replaced with a hyphen (-).
ZIP Contents
Each per-node ZIP contains:
|
File/Folder |
Description |
|---|---|
|
Component log files |
LogRhythm application log files for the component(s) installed on that node. The specific logs vary by component type (PM, DP, AIE, DX, Web Console). |
|
|
JSON array listing all LogRhythm services on the node, including |
Platform Sizing Export
Initiated from the Download Report button on the Platform Sizing tab after a sizing run completes.
HTML Report
Filename: logmart-assessment-<YYYYMMDD-HHMMSS>.html
A self-contained HTML file with embedded styles and Chart.js charts. Sections include:
-
Sizing summary and recommendations
-
DP utilization (processing and archiving rates vs. licensed/sustained/peak)
-
AIE engine power assessment
-
DX cluster sizing assessment
-
N-1 redundancy analysis
-
(If selected) Top 20 log sources by volume
Excel Workbook
Filename: logmart-assessment-<YYYYMMDD-HHMMSS>.xlsx
A multi-sheet Excel workbook. Sheets include:
|
Sheet |
Contents |
|---|---|
|
Summary |
Deployment overview and sizing recommendations. |
|
DP Utilization |
Per-DP processing and archiving rate data. |
|
AIE Engine |
AI Engine processing rate data. |
|
DX Cluster |
Data Indexer cluster indexing rate data. |
|
N-1 Analysis |
Redundancy headroom per tier. |
|
Log Sources (optional) |
Top 20 log sources by volume (only present if the option was selected before running). |
Platform Health Export
Initiated from the Download Report button on the Platform Health tab.
Filename: health-report-<YYYYMMDD-HHMMSS>.html
A self-contained HTML file. Sections include:
-
SQL Server database sizes, free space, and utilization
-
LogRhythm database versions and last update timestamps
-
SQL maintenance job history
-
Database backup history
-
InfluxDB connectivity status
-
Per-component disk utilization
-
LogRhythm service status for each component node
AIE Performance Export
Initiated from the Download Report button on the AIE Performance tab.
Filename: aie-performance-<YYYYMMDD-HHMMSS>.html
A self-contained HTML file. Sections include:
-
Per-rule performance metrics (runtime cost, memory cost, event forwarding/feedback rates)
-
Per-block performance metrics
-
Rule change audit history
-
Workload configuration
-
Slow, costly, and noisy rule rankings
-
Stale block list
-
.dat spool time-series charts
MPE Performance Export
Initiated from the Download Report button on the MPE Performance tab. One file is generated per Data Processor.
Filename: mpe-performance-<hostname>-<YYYYMMDD-HHMMSS>.html
Characters that are invalid in Windows filenames (/ \ : * ? " < > |) in the hostname are replaced with an underscore (_).
A self-contained HTML file. Sections include:
-
Worst overall MPE rules by volume-weighted CPU cost
-
Worst no-match rules (highest wasted CPU)
-
Worst match rules (highest match CPU)
-
High-overhead policies
-
Rule ordering recommendations
-
Regex timeout occurrences (from
scmpe.logEVID=2052)
Deprecated Outputs
The following output files and folders from Diagnostics Tool v2.x are not produced by v3.1.0:
|
Old Artifact |
Notes |
|---|---|
|
|
Elasticsearch GET request JSON files are no longer collected |
|
|
EMDB bulk CSV exports (topology, log source types, AIE rules, alarm rules, GLPRs, etc.) are no longer collected |
|
|
Windows Performance Monitor counters are no longer collected |
|
|
Replaced by the Platform Sizing HTML/Excel export |
|
|
Diagnostics Tool internal logs are no longer bundled into exports |
|
|
Data collection log is no longer written into the export output |
|
Per-component nested ZIPs |
Replaced by flat per-node ZIPs from the Export Logs tab |