Learn where the application logs are and how to read them
We use SumoLogic to aggregate our application logs.
If you’re not familiar with SumoLogic, it’s a log management tool that can be used for searching, aggregating and managing your logs.
Why use a tool like SumoLogic?
I can remember in a past job, the task of searching for a particular log.
The process would go something like this:
- log on to the server
- browse to D:/logs - there’s a few log files in here
- run some command (find something grep something) to search each log file
- couldn’t find it? Oh there’s some log files in E:/logs too - browse there and repeat
- maybe it’s not on this box - there’s another server - browse to that server and repeat
- get frustrated and throw something
You get the picture?
Haphazard, clueless, searching for something that may or may not be there.
Of course, there’s some obvious breakdown in process that led me to be in that position - but a tool like SumoLogic would have removed so many of the headaches.
The power lies in SumoLogic being configured so that all log files (on all servers) are searchable in one go.
You can’t miss anything, you can’t get lost.
It works based on a query language, so that you can specify servers, strings to include (or not include) in your search, date time filters, and much more.
On top of that, there are a bunch of functions that help you reduce and clean up the logs to make it infinitely easier to find what you’re looking for.
Here’s a typical (fake) example.
_sourceCategory specifies the server I want to look at. I know I'm looking at test, not prod, so this narrows down the result set.
"itemnotfound" is the string I'm searching the logs for
parse looks for the string I've specified within the log messages, and pulls the wildcard(*) out as a separate column in my search results called ItemID - this makes scanning through the list of log results easier
logreduce groups similar log messages into a single item, much like a SQL 'group by' clause.
I’m not by any means an expert, but this sort of thing gets me what I need!
Once you become more adept, it can be used to build dashboards, create alerting, all sorts of stuff.
But my point is really this - a log aggregating tool like SumoLogic takes the pain out of searching through logs.
Can’t recommend it enough!