5 Tips for Getting the Most Value from Logs

Ishan Mukherjee
New Relic
Learn more about New Relic

Logs are one of the most useful tools for observability and application performance monitoring. However, getting the most mileage from logs requires paying careful attention to planning what data to collect, the best way to display it, and the proper context for log entries.

Logs provide a comprehensive view of events and errors that occur while software is running or when a failure occurs. A log monitoring solution ingests activity records generated by applications, services, and components of the operating systems stack and writes them in the form of text files so issues can be detected and resolved before they slow down the system or impact user experience.

Configuring logs for an entire infrastructure and application stack can be overwhelming because of the sheer amount of data that is generated. Nearly every event that takes place in a system can generate a log entry, which means that modern applications stacks may throw off millions or billions of events each day.

Collecting too much irrelevant information can cause log files to swell to huge proportions and make it difficult for humans or automated solutions to spot anomalies. Conversely, capturing too little information can cause important events to be missed.

Here are five best practices that will ensure you get the greatest value from log analytics.

1. Choose carefully what to log

Decide what information is most critical to understanding system performance and configure the logging solution accordingly. Collecting too many messages can drive up storage costs and make it difficult to identify relevant information when a problem occurs.

The data you gather should be relevant and useful. Some messages may not need to be captured at all. For example, success and redirect entries, which indicate that an operation was completed as planned, are usually not very useful in troubleshooting.

Seek input from everyone on the team to ensure that their needs are considered. Log information should provide the necessary details to understand issues and make decisions at every level of the operating and application stack. Capturing metadata is crucial to pinpointing events and root causes. For example, a message stating that an operation failed is less useful than one that states what operation was attempted and why it failed.

Pay careful attention to sensitive information such as passwords, personal data, and business secrets. If you must capture this data, be sure your logging solution supports encryption. In many cases, you don't need to log this information at all.

Be sure to include timestamp information for all log messages. The level of detail should be customized to the application as some tasks require extremely precise time information while others may need no more than an hourly mark. It's best to apply whatever standard metric you choose across the entire stack so logs can be correlated with other telemetry data types like metrics and events.

2. Establish a baseline for comparison

Logs can help you understand your stack better, which is important for performance tuning as well as distinguishing between real problems and false alerts.

Your first step when adopting a log monitoring solution should be to establish a foundation that can be used to identify anomalies. Choose common scenarios that will help you determine which data points to monitor and use as a baseline. For example, application monitoring can detect if parts of an application are increasing their use of memory over time, which is a symptom of a memory leak, but only if you know what constitutes normal memory usage.

3. Choose messages that support decisions

Infrastructure tends to generate a large amount of log data, only some of which are likely to be useful to you. If your monitoring is confined to applications, you should determine which details relate most directly to the conditions you are looking for, such as slow performance or restarts, and focus on those metrics.

Log messages should provide specific information about errors. For example, a failed transaction should generate a message that includes a detailed description of the problem, the timestamp, the name of the file where the problem occurred, and the line number of the failed code.

Timestamp: 2023-04-11 14:37:05

Error: Exception caught in processOrder() method

Error Message: NullPointerException: Order object is null

Stack Trace:

at com.example.OrderProcessor.processOrder(OrderProcessor.java:36)

at com.example.Application.main(Application.java:22)

The example above tells us that the application encountered a NullPointerException while processing an order. The Order object is null, which caused the processOrder() method to throw an exception. This error occurred in the processOrder() method at line 36 of the OrderProcessor.java file. The Application.java file is the entry point to the application and the main() method called the processOrder() method.

This message will make it easier to discover why the transaction failed and where in the code the problem occurred.

4. Keep log messages concise and relevant

While verbose messages may be helpful in diagnosis, they also drive up storage needs, make log searches more difficult, and increase debugging complexity.

When formatting logs, specify that only the information needed to debug an error should be collected. Chances are you don't need every detail about the operating environment. For example, a message regarding an application program interface failure probably doesn't need information about memory usage.

5. Make sure log messages are clear

You have a variety of logging formats to choose from, including JSON, Common Event Format, the NCSA Common Log Format, the W3C Extended Log File Format, and others. Each has its strengths and weaknesses, so make your selection based on your specific needs.

Whichever option you choose, avoid arcane or overly technical message formats that will only be decipherable by a few people. Emphasize consistency and clarity to ensure that logs are accessible to everyone who needs to see them now and in the future. Some log managers make it easy to customize log parsing rules but only if the underlying data is readable.

An example of an easily parsed format is:

2023-04-12 09:27:55 INFO [server] User "John" logged in from IP address 192.168.0.1.

This format is structured and consistent with a standard date and time format, and each piece of information is separated by a specific delimiter such as a space or a comma. This makes it easy for log monitoring software to read and process.

Following these five guidelines saves money, speeds error diagnosis, and makes logs an even more valuable asset in your observability toolkit.

Ishan Mukherjee is SVP of Growth at New Relic

Related Links

Hot Topics

Related Vendors

The Latest

When AI Becomes the Corporate OS

AI is becoming the operating system of the enterprise. It acts as an invisible coordination layer that understands intent, connects systems, and executes work across complex SaaS environments. Previously, employees had to click through multiple systems — CRM, ERP, support tools, collaboration platforms — to complete a single task. Now, instead of navigating each application manually, they can simply state what they need to accomplish ...

The $600 Billion Wake Up Call

In 2026, the cost of downtime or an outage is no longer just a technical inconvenience; it's a $600 billion wake up call for global businesses. As our digital ecosystems become  more interconnected, each touchpoint introduces new risks and multiplies the consequences when things go wrong. And the data is clear: aggregate downtime costs  for Global 2,000 companies have surged 50% since 2024, reaching a staggering $600 billion ...

Breaking Down Agentic AI Fragmentation and Complexity with Governance

Deloitte found that 74% of enterprises expect to deploy agentic AI solutions in the next 24 months. However, the rush to deployment is outpacing foundational work, though. Only 21% of enterprises have fully formed agent governance models in place. The result? AI agents deployed without guidance or governance begin to function as fragmented islands of complexity ...

Cloud Spend Is Rising and Cloud Optimization Is Key to Funding AI and Protecting Margins

Cloud spending is no longer viewed as a passthrough IT expense, but as a strategic financial lever that directly impacts innovation capacity, profitability and enterprise resilience, according to the CFO Cloud Cost Optimization Report from Azul ...

Building AI Agents That Build Trust

As AI moves from generating responses to performing actions, the need for trust increases exponentially. And as organizations enlist AI agents for increasingly sophisticated business processes, trust is going to be the single most important theme for spurring adoption. What can organizations do to build trustworthy AI agents? ...

Keys to Building a Partner Ecosystem That Scales

I've spent a lot of time in the channel, and one thing I keep coming back to is this: a partner program is only as good as what it looks like in the field. Many programs look great on paper, but when a partner is in front of a customer navigating a complex hybrid environment or trying to make the case for AI-powered observability, the gap between what a vendor promises and what it actually delivers becomes very clear, very fast ...

How AI Agents Are Reshaping DataOps for the Always-On Enterprise

Enterprises today operate in a real-time environment where uninterrupted access to trusted data has become a baseline expectation for users, applications and automated systems. Traditional DataOps models, built on manual effort and human triage, cannot keep pace with this always active demand. AI agents are emerging as the operational backbone, ensuring consistent data availability, reinforcing trustworthiness and enabling a level of scale that manual processes cannot achieve ...

AI Deepfakes: Rethinking Trust in the Workplace

For decades, trust in the digital workplace rested on familiar signals. We trusted faces on video calls, voices on the phone, and emails that appeared to come from people we knew. These cues felt human and intuitive. They anchored how decisions were made, approvals were granted, and access was authorized. AI-powered deepfakes have quietly broken that model ...

Nine in Ten Enterprises Plan Cloud Data Repatriation amid Rising Cloud Costs and Data Sovereignty Mandates

Cloud migration was supposed to be a one-way door. For most enterprises, it turns out it isn't. Cloud data repatriation is a real and growing trend. A new survey ... finds that 89% of organizations plan to expand their on-premises infrastructure footprint over the next two years — and 75% have already moved at least some workloads back from public cloud in the past 24 months. The findings point to a broad rethinking of where data belongs ...

Why ITOps Need Right-Sized AI, Not Bigger Models

Over the past few years, large language models (LLMs) have revolutionized the software industry. Given their ability to excel at multi-step reasoning, LLMs have helped enterprises streamline workflows and adapt to the unknown. However, employing such models comes with sky-high costs, latency issues, and limited flexibility. In the realm of IT operations, it is generally wiser to employ smaller, domain-specific models instead ...

5 Tips for Getting the Most Value from Logs

Ishan Mukherjee
New Relic
Learn more about New Relic

Logs are one of the most useful tools for observability and application performance monitoring. However, getting the most mileage from logs requires paying careful attention to planning what data to collect, the best way to display it, and the proper context for log entries.

Logs provide a comprehensive view of events and errors that occur while software is running or when a failure occurs. A log monitoring solution ingests activity records generated by applications, services, and components of the operating systems stack and writes them in the form of text files so issues can be detected and resolved before they slow down the system or impact user experience.

Configuring logs for an entire infrastructure and application stack can be overwhelming because of the sheer amount of data that is generated. Nearly every event that takes place in a system can generate a log entry, which means that modern applications stacks may throw off millions or billions of events each day.

Collecting too much irrelevant information can cause log files to swell to huge proportions and make it difficult for humans or automated solutions to spot anomalies. Conversely, capturing too little information can cause important events to be missed.

Here are five best practices that will ensure you get the greatest value from log analytics.

1. Choose carefully what to log

Decide what information is most critical to understanding system performance and configure the logging solution accordingly. Collecting too many messages can drive up storage costs and make it difficult to identify relevant information when a problem occurs.

The data you gather should be relevant and useful. Some messages may not need to be captured at all. For example, success and redirect entries, which indicate that an operation was completed as planned, are usually not very useful in troubleshooting.

Seek input from everyone on the team to ensure that their needs are considered. Log information should provide the necessary details to understand issues and make decisions at every level of the operating and application stack. Capturing metadata is crucial to pinpointing events and root causes. For example, a message stating that an operation failed is less useful than one that states what operation was attempted and why it failed.

Pay careful attention to sensitive information such as passwords, personal data, and business secrets. If you must capture this data, be sure your logging solution supports encryption. In many cases, you don't need to log this information at all.

Be sure to include timestamp information for all log messages. The level of detail should be customized to the application as some tasks require extremely precise time information while others may need no more than an hourly mark. It's best to apply whatever standard metric you choose across the entire stack so logs can be correlated with other telemetry data types like metrics and events.

2. Establish a baseline for comparison

Logs can help you understand your stack better, which is important for performance tuning as well as distinguishing between real problems and false alerts.

Your first step when adopting a log monitoring solution should be to establish a foundation that can be used to identify anomalies. Choose common scenarios that will help you determine which data points to monitor and use as a baseline. For example, application monitoring can detect if parts of an application are increasing their use of memory over time, which is a symptom of a memory leak, but only if you know what constitutes normal memory usage.

3. Choose messages that support decisions

Infrastructure tends to generate a large amount of log data, only some of which are likely to be useful to you. If your monitoring is confined to applications, you should determine which details relate most directly to the conditions you are looking for, such as slow performance or restarts, and focus on those metrics.

Log messages should provide specific information about errors. For example, a failed transaction should generate a message that includes a detailed description of the problem, the timestamp, the name of the file where the problem occurred, and the line number of the failed code.

Timestamp: 2023-04-11 14:37:05

Error: Exception caught in processOrder() method

Error Message: NullPointerException: Order object is null

Stack Trace:

at com.example.OrderProcessor.processOrder(OrderProcessor.java:36)

at com.example.Application.main(Application.java:22)

The example above tells us that the application encountered a NullPointerException while processing an order. The Order object is null, which caused the processOrder() method to throw an exception. This error occurred in the processOrder() method at line 36 of the OrderProcessor.java file. The Application.java file is the entry point to the application and the main() method called the processOrder() method.

This message will make it easier to discover why the transaction failed and where in the code the problem occurred.

4. Keep log messages concise and relevant

While verbose messages may be helpful in diagnosis, they also drive up storage needs, make log searches more difficult, and increase debugging complexity.

When formatting logs, specify that only the information needed to debug an error should be collected. Chances are you don't need every detail about the operating environment. For example, a message regarding an application program interface failure probably doesn't need information about memory usage.

5. Make sure log messages are clear

You have a variety of logging formats to choose from, including JSON, Common Event Format, the NCSA Common Log Format, the W3C Extended Log File Format, and others. Each has its strengths and weaknesses, so make your selection based on your specific needs.

Whichever option you choose, avoid arcane or overly technical message formats that will only be decipherable by a few people. Emphasize consistency and clarity to ensure that logs are accessible to everyone who needs to see them now and in the future. Some log managers make it easy to customize log parsing rules but only if the underlying data is readable.

An example of an easily parsed format is:

2023-04-12 09:27:55 INFO [server] User "John" logged in from IP address 192.168.0.1.

This format is structured and consistent with a standard date and time format, and each piece of information is separated by a specific delimiter such as a space or a comma. This makes it easy for log monitoring software to read and process.

Following these five guidelines saves money, speeds error diagnosis, and makes logs an even more valuable asset in your observability toolkit.

Ishan Mukherjee is SVP of Growth at New Relic

Related Links

Hot Topics

Related Vendors

The Latest

When AI Becomes the Corporate OS

AI is becoming the operating system of the enterprise. It acts as an invisible coordination layer that understands intent, connects systems, and executes work across complex SaaS environments. Previously, employees had to click through multiple systems — CRM, ERP, support tools, collaboration platforms — to complete a single task. Now, instead of navigating each application manually, they can simply state what they need to accomplish ...

The $600 Billion Wake Up Call

In 2026, the cost of downtime or an outage is no longer just a technical inconvenience; it's a $600 billion wake up call for global businesses. As our digital ecosystems become  more interconnected, each touchpoint introduces new risks and multiplies the consequences when things go wrong. And the data is clear: aggregate downtime costs  for Global 2,000 companies have surged 50% since 2024, reaching a staggering $600 billion ...

Breaking Down Agentic AI Fragmentation and Complexity with Governance

Deloitte found that 74% of enterprises expect to deploy agentic AI solutions in the next 24 months. However, the rush to deployment is outpacing foundational work, though. Only 21% of enterprises have fully formed agent governance models in place. The result? AI agents deployed without guidance or governance begin to function as fragmented islands of complexity ...

Cloud Spend Is Rising and Cloud Optimization Is Key to Funding AI and Protecting Margins

Cloud spending is no longer viewed as a passthrough IT expense, but as a strategic financial lever that directly impacts innovation capacity, profitability and enterprise resilience, according to the CFO Cloud Cost Optimization Report from Azul ...

Building AI Agents That Build Trust

As AI moves from generating responses to performing actions, the need for trust increases exponentially. And as organizations enlist AI agents for increasingly sophisticated business processes, trust is going to be the single most important theme for spurring adoption. What can organizations do to build trustworthy AI agents? ...

Keys to Building a Partner Ecosystem That Scales

I've spent a lot of time in the channel, and one thing I keep coming back to is this: a partner program is only as good as what it looks like in the field. Many programs look great on paper, but when a partner is in front of a customer navigating a complex hybrid environment or trying to make the case for AI-powered observability, the gap between what a vendor promises and what it actually delivers becomes very clear, very fast ...

How AI Agents Are Reshaping DataOps for the Always-On Enterprise

Enterprises today operate in a real-time environment where uninterrupted access to trusted data has become a baseline expectation for users, applications and automated systems. Traditional DataOps models, built on manual effort and human triage, cannot keep pace with this always active demand. AI agents are emerging as the operational backbone, ensuring consistent data availability, reinforcing trustworthiness and enabling a level of scale that manual processes cannot achieve ...

AI Deepfakes: Rethinking Trust in the Workplace

For decades, trust in the digital workplace rested on familiar signals. We trusted faces on video calls, voices on the phone, and emails that appeared to come from people we knew. These cues felt human and intuitive. They anchored how decisions were made, approvals were granted, and access was authorized. AI-powered deepfakes have quietly broken that model ...

Nine in Ten Enterprises Plan Cloud Data Repatriation amid Rising Cloud Costs and Data Sovereignty Mandates

Cloud migration was supposed to be a one-way door. For most enterprises, it turns out it isn't. Cloud data repatriation is a real and growing trend. A new survey ... finds that 89% of organizations plan to expand their on-premises infrastructure footprint over the next two years — and 75% have already moved at least some workloads back from public cloud in the past 24 months. The findings point to a broad rethinking of where data belongs ...

Why ITOps Need Right-Sized AI, Not Bigger Models

Over the past few years, large language models (LLMs) have revolutionized the software industry. Given their ability to excel at multi-step reasoning, LLMs have helped enterprises streamline workflows and adapt to the unknown. However, employing such models comes with sky-high costs, latency issues, and limited flexibility. In the realm of IT operations, it is generally wiser to employ smaller, domain-specific models instead ...