Skip to main content

5 Tips for Getting the Most Value from Logs

Ishan Mukherjee
New Relic

Logs are one of the most useful tools for observability and application performance monitoring. However, getting the most mileage from logs requires paying careful attention to planning what data to collect, the best way to display it, and the proper context for log entries.

Logs provide a comprehensive view of events and errors that occur while software is running or when a failure occurs. A log monitoring solution ingests activity records generated by applications, services, and components of the operating systems stack and writes them in the form of text files so issues can be detected and resolved before they slow down the system or impact user experience.

Configuring logs for an entire infrastructure and application stack can be overwhelming because of the sheer amount of data that is generated. Nearly every event that takes place in a system can generate a log entry, which means that modern applications stacks may throw off millions or billions of events each day.

Collecting too much irrelevant information can cause log files to swell to huge proportions and make it difficult for humans or automated solutions to spot anomalies. Conversely, capturing too little information can cause important events to be missed.

Here are five best practices that will ensure you get the greatest value from log analytics.

1. Choose carefully what to log

Decide what information is most critical to understanding system performance and configure the logging solution accordingly. Collecting too many messages can drive up storage costs and make it difficult to identify relevant information when a problem occurs.

The data you gather should be relevant and useful. Some messages may not need to be captured at all. For example, success and redirect entries, which indicate that an operation was completed as planned, are usually not very useful in troubleshooting.

Seek input from everyone on the team to ensure that their needs are considered. Log information should provide the necessary details to understand issues and make decisions at every level of the operating and application stack. Capturing metadata is crucial to pinpointing events and root causes. For example, a message stating that an operation failed is less useful than one that states what operation was attempted and why it failed.

Pay careful attention to sensitive information such as passwords, personal data, and business secrets. If you must capture this data, be sure your logging solution supports encryption. In many cases, you don't need to log this information at all.

Be sure to include timestamp information for all log messages. The level of detail should be customized to the application as some tasks require extremely precise time information while others may need no more than an hourly mark. It's best to apply whatever standard metric you choose across the entire stack so logs can be correlated with other telemetry data types like metrics and events.

2. Establish a baseline for comparison

Logs can help you understand your stack better, which is important for performance tuning as well as distinguishing between real problems and false alerts.

Your first step when adopting a log monitoring solution should be to establish a foundation that can be used to identify anomalies. Choose common scenarios that will help you determine which data points to monitor and use as a baseline. For example, application monitoring can detect if parts of an application are increasing their use of memory over time, which is a symptom of a memory leak, but only if you know what constitutes normal memory usage.

3. Choose messages that support decisions

Infrastructure tends to generate a large amount of log data, only some of which are likely to be useful to you. If your monitoring is confined to applications, you should determine which details relate most directly to the conditions you are looking for, such as slow performance or restarts, and focus on those metrics.

Log messages should provide specific information about errors. For example, a failed transaction should generate a message that includes a detailed description of the problem, the timestamp, the name of the file where the problem occurred, and the line number of the failed code.

Timestamp: 2023-04-11 14:37:05

Error: Exception caught in processOrder() method

Error Message: NullPointerException: Order object is null

Stack Trace:

at com.example.OrderProcessor.processOrder(OrderProcessor.java:36)

at com.example.Application.main(Application.java:22)

The example above tells us that the application encountered a NullPointerException while processing an order. The Order object is null, which caused the processOrder() method to throw an exception. This error occurred in the processOrder() method at line 36 of the OrderProcessor.java file. The Application.java file is the entry point to the application and the main() method called the processOrder() method.

This message will make it easier to discover why the transaction failed and where in the code the problem occurred.

4. Keep log messages concise and relevant

While verbose messages may be helpful in diagnosis, they also drive up storage needs, make log searches more difficult, and increase debugging complexity.

When formatting logs, specify that only the information needed to debug an error should be collected. Chances are you don't need every detail about the operating environment. For example, a message regarding an application program interface failure probably doesn't need information about memory usage.

5. Make sure log messages are clear

You have a variety of logging formats to choose from, including JSON, Common Event Format, the NCSA Common Log Format, the W3C Extended Log File Format, and others. Each has its strengths and weaknesses, so make your selection based on your specific needs.

Whichever option you choose, avoid arcane or overly technical message formats that will only be decipherable by a few people. Emphasize consistency and clarity to ensure that logs are accessible to everyone who needs to see them now and in the future. Some log managers make it easy to customize log parsing rules but only if the underlying data is readable.

An example of an easily parsed format is:

2023-04-12 09:27:55 INFO [server] User "John" logged in from IP address 192.168.0.1.

This format is structured and consistent with a standard date and time format, and each piece of information is separated by a specific delimiter such as a space or a comma. This makes it easy for log monitoring software to read and process.

Following these five guidelines saves money, speeds error diagnosis, and makes logs an even more valuable asset in your observability toolkit.

Ishan Mukherjee is SVP of Growth at New Relic

Hot Topics

The Latest

As businesses increasingly rely on high-performance applications to deliver seamless user experiences, the demand for fast, reliable, and scalable data storage systems has never been greater. Redis — an open-source, in-memory data structure store — has emerged as a popular choice for use cases ranging from caching to real-time analytics. But with great performance comes the need for vigilant monitoring ...

Kubernetes was not initially designed with AI's vast resource variability in mind, and the rapid rise of AI has exposed Kubernetes limitations, particularly when it comes to cost and resource efficiency. Indeed, AI workloads differ from traditional applications in that they require a staggering amount and variety of compute resources, and their consumption is far less consistent than traditional workloads ... Considering the speed of AI innovation, teams cannot afford to be bogged down by these constant infrastructure concerns. A solution is needed ...

AI is the catalyst for significant investment in data teams as enterprises require higher-quality data to power their AI applications, according to the State of Analytics Engineering Report from dbt Labs ...

Misaligned architecture can lead to business consequences, with 93% of respondents reporting negative outcomes such as service disruptions, high operational costs and security challenges ...

A Gartner analyst recently suggested that GenAI tools could create 25% time savings for network operational teams. Where might these time savings come from? How are GenAI tools helping NetOps teams today, and what other tasks might they take on in the future as models continue improving? In general, these savings come from automating or streamlining manual NetOps tasks ...

IT and line-of-business teams are increasingly aligned in their efforts to close the data gap and drive greater collaboration to alleviate IT bottlenecks and offload growing demands on IT teams, according to The 2025 Automation Benchmark Report: Insights from IT Leaders on Enterprise Automation & the Future of AI-Driven Businesses from Jitterbit ...

A large majority (86%) of data management and AI decision makers cite protecting data privacy as a top concern, with 76% of respondents citing ROI on data privacy and AI initiatives across their organization, according to a new Harris Poll from Collibra ...

According to Gartner, Inc. the following six trends will shape the future of cloud over the next four years, ultimately resulting in new ways of working that are digital in nature and transformative in impact ...

2020 was the equivalent of a wedding with a top-shelf open bar. As businesses scrambled to adjust to remote work, digital transformation accelerated at breakneck speed. New software categories emerged overnight. Tech stacks ballooned with all sorts of SaaS apps solving ALL the problems — often with little oversight or long-term integration planning, and yes frequently a lot of duplicated functionality ... But now the music's faded. The lights are on. Everyone from the CIO to the CFO is checking the bill. Welcome to the Great SaaS Hangover ...

Regardless of OpenShift being a scalable and flexible software, it can be a pain to monitor since complete visibility into the underlying operations is not guaranteed ... To effectively monitor an OpenShift environment, IT administrators should focus on these five key elements and their associated metrics ...

5 Tips for Getting the Most Value from Logs

Ishan Mukherjee
New Relic

Logs are one of the most useful tools for observability and application performance monitoring. However, getting the most mileage from logs requires paying careful attention to planning what data to collect, the best way to display it, and the proper context for log entries.

Logs provide a comprehensive view of events and errors that occur while software is running or when a failure occurs. A log monitoring solution ingests activity records generated by applications, services, and components of the operating systems stack and writes them in the form of text files so issues can be detected and resolved before they slow down the system or impact user experience.

Configuring logs for an entire infrastructure and application stack can be overwhelming because of the sheer amount of data that is generated. Nearly every event that takes place in a system can generate a log entry, which means that modern applications stacks may throw off millions or billions of events each day.

Collecting too much irrelevant information can cause log files to swell to huge proportions and make it difficult for humans or automated solutions to spot anomalies. Conversely, capturing too little information can cause important events to be missed.

Here are five best practices that will ensure you get the greatest value from log analytics.

1. Choose carefully what to log

Decide what information is most critical to understanding system performance and configure the logging solution accordingly. Collecting too many messages can drive up storage costs and make it difficult to identify relevant information when a problem occurs.

The data you gather should be relevant and useful. Some messages may not need to be captured at all. For example, success and redirect entries, which indicate that an operation was completed as planned, are usually not very useful in troubleshooting.

Seek input from everyone on the team to ensure that their needs are considered. Log information should provide the necessary details to understand issues and make decisions at every level of the operating and application stack. Capturing metadata is crucial to pinpointing events and root causes. For example, a message stating that an operation failed is less useful than one that states what operation was attempted and why it failed.

Pay careful attention to sensitive information such as passwords, personal data, and business secrets. If you must capture this data, be sure your logging solution supports encryption. In many cases, you don't need to log this information at all.

Be sure to include timestamp information for all log messages. The level of detail should be customized to the application as some tasks require extremely precise time information while others may need no more than an hourly mark. It's best to apply whatever standard metric you choose across the entire stack so logs can be correlated with other telemetry data types like metrics and events.

2. Establish a baseline for comparison

Logs can help you understand your stack better, which is important for performance tuning as well as distinguishing between real problems and false alerts.

Your first step when adopting a log monitoring solution should be to establish a foundation that can be used to identify anomalies. Choose common scenarios that will help you determine which data points to monitor and use as a baseline. For example, application monitoring can detect if parts of an application are increasing their use of memory over time, which is a symptom of a memory leak, but only if you know what constitutes normal memory usage.

3. Choose messages that support decisions

Infrastructure tends to generate a large amount of log data, only some of which are likely to be useful to you. If your monitoring is confined to applications, you should determine which details relate most directly to the conditions you are looking for, such as slow performance or restarts, and focus on those metrics.

Log messages should provide specific information about errors. For example, a failed transaction should generate a message that includes a detailed description of the problem, the timestamp, the name of the file where the problem occurred, and the line number of the failed code.

Timestamp: 2023-04-11 14:37:05

Error: Exception caught in processOrder() method

Error Message: NullPointerException: Order object is null

Stack Trace:

at com.example.OrderProcessor.processOrder(OrderProcessor.java:36)

at com.example.Application.main(Application.java:22)

The example above tells us that the application encountered a NullPointerException while processing an order. The Order object is null, which caused the processOrder() method to throw an exception. This error occurred in the processOrder() method at line 36 of the OrderProcessor.java file. The Application.java file is the entry point to the application and the main() method called the processOrder() method.

This message will make it easier to discover why the transaction failed and where in the code the problem occurred.

4. Keep log messages concise and relevant

While verbose messages may be helpful in diagnosis, they also drive up storage needs, make log searches more difficult, and increase debugging complexity.

When formatting logs, specify that only the information needed to debug an error should be collected. Chances are you don't need every detail about the operating environment. For example, a message regarding an application program interface failure probably doesn't need information about memory usage.

5. Make sure log messages are clear

You have a variety of logging formats to choose from, including JSON, Common Event Format, the NCSA Common Log Format, the W3C Extended Log File Format, and others. Each has its strengths and weaknesses, so make your selection based on your specific needs.

Whichever option you choose, avoid arcane or overly technical message formats that will only be decipherable by a few people. Emphasize consistency and clarity to ensure that logs are accessible to everyone who needs to see them now and in the future. Some log managers make it easy to customize log parsing rules but only if the underlying data is readable.

An example of an easily parsed format is:

2023-04-12 09:27:55 INFO [server] User "John" logged in from IP address 192.168.0.1.

This format is structured and consistent with a standard date and time format, and each piece of information is separated by a specific delimiter such as a space or a comma. This makes it easy for log monitoring software to read and process.

Following these five guidelines saves money, speeds error diagnosis, and makes logs an even more valuable asset in your observability toolkit.

Ishan Mukherjee is SVP of Growth at New Relic

Hot Topics

The Latest

As businesses increasingly rely on high-performance applications to deliver seamless user experiences, the demand for fast, reliable, and scalable data storage systems has never been greater. Redis — an open-source, in-memory data structure store — has emerged as a popular choice for use cases ranging from caching to real-time analytics. But with great performance comes the need for vigilant monitoring ...

Kubernetes was not initially designed with AI's vast resource variability in mind, and the rapid rise of AI has exposed Kubernetes limitations, particularly when it comes to cost and resource efficiency. Indeed, AI workloads differ from traditional applications in that they require a staggering amount and variety of compute resources, and their consumption is far less consistent than traditional workloads ... Considering the speed of AI innovation, teams cannot afford to be bogged down by these constant infrastructure concerns. A solution is needed ...

AI is the catalyst for significant investment in data teams as enterprises require higher-quality data to power their AI applications, according to the State of Analytics Engineering Report from dbt Labs ...

Misaligned architecture can lead to business consequences, with 93% of respondents reporting negative outcomes such as service disruptions, high operational costs and security challenges ...

A Gartner analyst recently suggested that GenAI tools could create 25% time savings for network operational teams. Where might these time savings come from? How are GenAI tools helping NetOps teams today, and what other tasks might they take on in the future as models continue improving? In general, these savings come from automating or streamlining manual NetOps tasks ...

IT and line-of-business teams are increasingly aligned in their efforts to close the data gap and drive greater collaboration to alleviate IT bottlenecks and offload growing demands on IT teams, according to The 2025 Automation Benchmark Report: Insights from IT Leaders on Enterprise Automation & the Future of AI-Driven Businesses from Jitterbit ...

A large majority (86%) of data management and AI decision makers cite protecting data privacy as a top concern, with 76% of respondents citing ROI on data privacy and AI initiatives across their organization, according to a new Harris Poll from Collibra ...

According to Gartner, Inc. the following six trends will shape the future of cloud over the next four years, ultimately resulting in new ways of working that are digital in nature and transformative in impact ...

2020 was the equivalent of a wedding with a top-shelf open bar. As businesses scrambled to adjust to remote work, digital transformation accelerated at breakneck speed. New software categories emerged overnight. Tech stacks ballooned with all sorts of SaaS apps solving ALL the problems — often with little oversight or long-term integration planning, and yes frequently a lot of duplicated functionality ... But now the music's faded. The lights are on. Everyone from the CIO to the CFO is checking the bill. Welcome to the Great SaaS Hangover ...

Regardless of OpenShift being a scalable and flexible software, it can be a pain to monitor since complete visibility into the underlying operations is not guaranteed ... To effectively monitor an OpenShift environment, IT administrators should focus on these five key elements and their associated metrics ...