Technical Resources
Educational Resources
APM Integrated Experience
Connect with Us
When you’re logging, you might come across different types of log data: database logs, network logs, API logs, front-end app logs, and security logs.
However, not every developer uses logging the same way. Some developers are verbose and try to log every action in their code, and others log only a single action per component. But what’s best?
This article takes a look at six best practices for event log monitoring, aggregation, and management. We discuss the importance of setting standards across teams to improve your log data quality and the value of your log management tool.
It’s easy to fall into the trap of logging all the data your application generates. When thinking about what to log, you should ask yourself if what is being logged is valuable for monitoring or troubleshooting. Imagine the function below, where we log multiple steps in a function:
const add = (a, b) => {
console.log(`Received two variables: ${a} and ${b}`)
const sum = a + b
console.log(`Sum is equal to: ${sum}`)
return sum
}
There’s no value in logging what variables the function has received or some of the “add” function’s internal business logic. Limit yourself to logging data only for critical paths or actions you want to monitor. For instance, log the successful completion of an API request. Remember not to log any internal business logic.
There are downsides to logging too much. You can overwhelm your log collection tool with a large amount of data. When troubleshooting, you’ll have to search a large amount of data to find the information you need, which can increase mean time to resolution (MTTR). Logging the right information improves the searchability of your logs and can reduce troubleshooting time
Tip: Set rules on what information you should log and what log level you should apply to each type of data. This prevents you from labeling certain events with the error level when they should have a warning level. It’s important to create a shared understanding among your development team.
Let’s focus on how you log your data. It’s crucial to create a standard format to define what data your team logs. This standard comes in handy during pull request (PR) reviews to quickly assess if a log statement follows the guidelines.
Additionally, it’ll be easier to configure a log aggregation tool because it only has to handle one specific format. Having only one format also improves the searchability of your event log data.
For small teams, it’s easy to agree on a single log format. But larger teams might prefer different log formats to meet specific needs or to support additional analysis requirements. In these situations, you can allow multiple formats and employ streaming pipelines to transform log data into a single storage format. Still, try to enforce a single format across all teams if possible.
You’ve likely experienced a situation where you want a specific type of data and can’t find it. Most likely, some department has stored the data in its own data storage solution, and you can’t access it. There’s nothing more frustrating because it hinders your productivity.
We call this “data silos.” Each team gathers data and doesn’t share it with other teams. The same can happen with your event log data.
To avoid data silos, you can use a log aggregation tool to centralize your event log data. Centralizing your log data gives you several benefits. For example, it lets you do the following:
– Access all your event log data via a single interface
– Search for specific events across multiple data streams to get a clear path of all user actions
– Have a more agile logging setup, as you can quickly add new event log streams to your log aggregation tool
If you want to enjoy the benefits of increased visibility and searchability,SolarWinds® Loggly® can help you with centralized log management.
Log tagging is a straightforward strategy where you can automatically tag different types of log data. This can be useful for quickly filtering log data during the analysis stage.
For instance, say you want to detect patterns for a certain microservice. You don’t want to search through all the log data. By tagging the data generated by each microservice, you can quickly search log data for a specific microservice.
Another example might include labeling desktop-generated data versus mobile-generated data. You can use this tagging strategy to study behavior patterns on different device types.
A log monitoring tool should allow you to set alerts to detect problems. For instance, when the number of warning messages increases, it might indicate something is wrong. We call this proactive monitoring because you try to detect problems before they occur.
However, not all alerts are smart alerts. Let’s take a look at an example. Measuring the response time for an important API request sounds like a good metric to estimate the performance of your application. To do this, you decide to measure the average response time for this API request. This type of alert, however, can miss a lot of important information, such as the number of slow requests above the one-second response time. Because you measure the average response time, you won’t be notified about occasional slow requests. You can miss the underlying issues causing these requests to be handled so slowly.
To catch emerging issues early, make sure to measure the average response time and the edges.
To further reduce incident response time, integrate your log monitoring tool with a communication tool like Slack. This makes sure developers receive an immediate notification when a particular alert is triggered. You want to avoid sending emails to developers when alerts are triggered because it might take hours before they notice the problem.
When dealing with event log data, your log volume can grow rapidly. You should consider long-term storage of your log data. A log rotation tool can help you with compressing and archiving your log data.
You might wonder why it’s essential to store your log data. There are two main reasons:
1. To collect long-term metrics about your application’s performance or error rate. If the error rate continues to increase, it might indicate your application’s quality has degraded.
2. To comply with regulations regarding log data. For instance, organizations such as banks and other financial institutions are required to store log data for audit and compliance reasons.
Use tools such as a log analyzer or log aggregation tool to make it easier to manage your log data. A log aggregation tool lets you define different transport streams to collect log data. Then, you can access and search all your log data from a single interface.
If you want to succeed with your log management strategy, make sure to set standards across teams. Define how you log data, what data you log, and what log level you apply to each event. These standards will improve the quality of your log data and the value of your log management tool because you’ll be able to gather more insights.
This post was written by Michiel Mulders. Michiel is a passionate blockchain developer who loves writing technical content. Aside from this, he loves learning about marketing, UX psychology, and entrepreneurship. When he’s not writing, he’s probably enjoying a Belgian beer!