Search form

Upcoming Webinars

Splunk Executive Predictions 2022
January 26, 2022
Gartner's Vision for AIOps in 2022 and Beyond
January 27, 2022
Splunk IT + Observability Predictions for 2022
February 03, 2022

On-Demand Webinars

Improving Customer Experience with End-to-End Application Monitoring
Tuning Apache Kafka for Optimal Big Data Performance
Accelerate Your Serverless Journey with Splunk and AWS
Take the Interactive Pepperdata Product Tour
Start Optimizing Your Kubernetes Deployment
Getting Started with Kubernetes the Right Way
BigPanda Pandapalooza
Improve Big Data Performance on Dataproc: Best Practices
Splunk .conf21 Virtual
Managing Big Data Analytics in the Cloud – Are You Ready?
How to Get Started with OpenTelemetry
Spark Performance Tuning on Kubernetes Best Practices - Part 2
Eliminate Waste and Lower Cloud Costs for GPU Accelerated Big Data Applications
5 Rs: Which Strategy Is Right For Your Application Modernization & Migration to Google Cloud?
Big Data Cloud Automation: Navigating Through the Noise of Recommendations
Cross-Domain Enrichment for AIOps: the Linchpin or a Landmine?
How to Use Digital Experience Monitoring to Improve Core Web Vitals
Cloud Performance Benchmarking: How Is Your Performance?
Optimize Spark Performance on Kubernetes
When Cloud Costs Run Amok: Big Data Architect's Worst Nightmare?
Presto Performance Best Practices: Get Visibility Into Your Presto Queries
The State of Observability 2021
Drive Performance on Amazon EMR with Managed Autoscaling
Big Data Self-Service Performance Analytics: Best Practices
Kafka Performance: Best Practices for Monitoring and Improving
Fix Spark Performance Issues Without Thinking Too Hard
Isolating Issues and Improving User-Experience Across Your Full Stack
SplunkLive! Americas
How Splunk uses Splunk Observability to Monitor Cloud Apps
Splunk Momentum: Infrastructure

All Webinars...

Analyst Reports

IDC Worldwide IT Operations Analytics Software Market Shares, 2020
Omdia Universe: Selecting an AIOps Solution, 2021–22
Gartner 2021 Magic Quadrant for Application Performance Monitoring
Gartner 2021 Market Guide for AIOps Platforms
GigaOm Radar for Cloud Observability, 2021
IDG 2020 ITOps Report
451 Research: IT Monitoring Meltdown
GigaOm Radar for AIOps
Aberdeen Research Report: APM Redefined - Face DevOps Challenges Head-On
451 Research: The Future of IT Ops is Autonomous

All Analyst Reports...

White Papers

Splunk IT and Observability Predictions 2022
Splunk Executive and Emerging Technology Predictions 2022
AIOps Benchmark Report
Pragmatic AIOps: A Buyer’s Guide
Enrichment for Faster Event Correlation and Root Cause Analysis
APIs in Action
How to Optimize Digital Experience with Service-Level Objectives
The State of Observability 2021
The 2021 Kubernetes & Big Data Report
Improve Performance with Real Insight Into How Queries are Executing
Spark on Hadoop: A Quick Guide
Big Data Cloud Technology Report 2021
Infrastructure Monitoring 101: The Power to Predict and Prevent
The 5 Foundational DevOps Practices
Get Your Cloud & Hybrid Migration Strategy Right in Government
Scalability in Cloud Computing
AI and Machine Learning in Your Organization
Making Sense of Digital Experience Monitoring Solutions
APIs in Action: A Guide to Monitoring APIs for Performance
Six Cloud Strategy Pitfalls and How to Avoid Them
5 Things to Consider When Choosing an APM Tool
The Guide to Modern APM
Splunk Predictions 2021: Executive Report
Fast-Track Your Multicloud Monitoring Initiative
The Essential Guide to Container Monitoring
The Data Age Is Here. Are You Ready?
CIO Dive: How AIOps Cuts Costly Downtime and Supports Teams
Autonomous Operations: How to Intelligently Automate and Scale IT Operations at Global Enterprises
AIOps Brings Calm to Overwhelmed IT Ops Teams
Can AIOps Reduce the Noise?

All White Papers...

The No-BS Guide to Logging - Part 2
A vendor-neutral checklist to help you get your log strategy straight
December 08, 2015

Sven Dummer
Loggly

Share this


Start with The No-BS Guide to Logging - Part 1

Coming off of the last post outlining the necessity for log management, the process of choosing logging software can seem daunting. The following are major elements of a good log strategy and can also serve as checklist items when you shop for a log management solution:

Collect, Aggregate, Retain

It's crucial to think about your data retention needs and the costs associated with storing them. How long do you need to keep the logs? Do you need them just for troubleshooting, or also for business intelligence type of analysis? Are there regulatory or audit requirements that require you to keep the logs for a certain period of time?

Your daily log volume might already be large, but keep in mind that it doesn't take much to multiply the volume temporarily. For example, a component failure and the resulting log messages in a complex system could easily quadruple the amount of log messages. An external event could have the same effect: if you run an online store, Black Friday might balloon your sales as well as your log volumes. If your log aggregation doesn't scale, you could lose your main troubleshooting foundation when you need it most.

Handle Log Diversity

Log files come in a variety of formats, some following standards and conventions, others completely custom. Your log solution should be able to parse and present the data in a comprehensive form in near real-time, and it should allow to define custom parsing rules. A desirable feature is the ability to add metadata.

Reveal What Matters

Just having a search tool is not enough. To make sense of your log data and the correlation between different data points, you need real-time indexing and parsing, grouping, along with powerful analytics, customizable dashboards, and data visualization. Your log analytics solution should provide a treasure map to the contents of your logs, not just a metal detector that you must use to scan indiscriminately.

Detect Anomalies

Given the volume and complexity of log data, you can't rely on searching for problems. Things you never anticipated happening are typically the type of problems that hurt the most. A good log analytics solution should be able to learn what is “normal” in your log data, and automatically identify and highlight any deviations from norms.

Make Your Own Apps Log

If you write your own code, your log management solution must be able to parse and analyze it. Consider using a well-established data format like JSON (our recommendation) or XML. Whatever you choose, make sure it's plain text format (not binary), that it is human-readable, and easy to parse. Your log solution should be able to easily receive the logs from your application and allow you to set up custom parsing rules if needed.

Be Alert(ed)

Just like every good monitoring application, every good log management solution should allow to send you and your teams alerts based on defined events, like error messages. It should be possible to send these alerts through common third party collaboration tools.

Don't Break the Bank

Cloud technologies made running distributed systems and elastic compute farms affordable for SMBs. The bill for the troubleshooting tools should be affordable, too. There are fully cloud-based SaaS solutions out there, as well as on-premise products and hybrids, which typically come at higher costs (including those for hardware and datacenter footprint).

Key criteria to decide if SaaS or on-premise solutions are right for you are the sensitivity and volume of your data. Security or privacy concerns or regulatory requirements may keep you from transferring data across public networks. Similarly, the sheer data volume could make this impossible or too expensive.

Sven Dummer is Senior Director of Product Marketing at Loggly.

Share this

Related Links

www.loggly.com
The No-BS Guide to Logging - Part 1
Loggly Joins the Vendor Forum

Hot Topics

Logs

The Latest

2022 Network Performance Management Predictions
January 18, 2022

As part of APMdigest's list of 2022 predictions, industry experts offer thoughtful, insightful, and often controversial predictions on how Network Performance Management (NPM) and related technologies will evolve and impact business in 2022 ...

Gartner: Top Trends Impacting Infrastructure and Operations for 2022
January 13, 2022

Gartner highlighted 6 trends that infrastructure and operations (I&O) leaders must start preparing for in the next 12-18 months ...

Why the Financial Sector Should Adopt AIOps
January 11, 2022

Technology is now foundational to financial companies' operations with many institutions relying on tech to deliver critical services. As a result, uptime is essential to customer satisfaction and company success, and systems must be subject to continuous monitoring. But modern IT architectures are disparate, complex and interconnected, and the data is too voluminous for the human mind to handle. Enter AIOps ...

11 Key Observability Trends for 2022 - Part 2
January 11, 2022

Having a variety of tools to choose from creates challenges in telemetry data collection. Organizations find themselves managing multiple libraries for logging, metrics, and traces, with each vendor having its own APIs, SDKs, agents, and collectors. An open source, community-driven approach to observability will gain steam in 2022 to remove unnecessary complications by tapping into the latest advancements in observability practice ...

11 Key Observability Trends for 2022 - Part 1
January 10, 2022

These are the trends that will set up your engineers and developers to deliver amazing software that powers amazing digital experiences that fuel your organization's growth in 2022 — and beyond ...

High-Profile IT Outages Set Alarm Bells Ringing in Boardrooms Around the World
January 06, 2022

In a world where digital services have become a critical part of how we go about our daily lives, the risk of undergoing an outage has become even more significant. Outages can range in severity and impact companies of every size — while outages from larger companies in the social media space or a cloud provider tend to receive a lot of coverage, application downtime from even the most targeted companies can disrupt users' personal and business operations ...

Taking Action Against the Data You Have
January 05, 2022

Move fast and break things: A phrase that has been a rallying cry for many SREs and DevOps practitioners. After all, these teams are charged with delivering rapid and unceasing innovation to wow customers and keep pace with competitors. But today's society doesn't tolerate broken things (aka downtime). So, what if you can move fast and not break things? Or at least, move fast and rapidly identify or even predict broken things? It's high time to rethink the old rallying cry, and with AI and observability working in tandem, it's possible ...

Why AIOps Projects Fail
January 04, 2022

AIOps is still relatively new compared to existing technologies such as enterprise data warehouses, and early on many AIOps projects suffered hiccups, the aftereffects of which are still felt today. That's why, for some IT Ops teams and leaders, the prospect of transforming their IT operations using AIOps is a cause for concern ...

2022 Remote Work Predictions
December 16, 2021

This year is the first time APMdigest is posting a separate list of Remote Work Predictions. Due to the drastic changes in the way we work and do business since the COVID pandemic started, and how significantly these changes have impacted IT operations, APMdigest asked industry experts — from analysts and consultants to users and the top vendors — how they think the work from home (WFH) revolution will evolve into 2022, with a special focus on IT operations and performance. Here are some very interesting and insightful predictions that may change what you think about the future of work and IT ...

2022 Application Performance Management Predictions - Part 6
December 15, 2021

Industry experts offer thoughtful, insightful, and often controversial predictions on how APM, AIOps, Observability, OpenTelemetry, and related technologies will evolve and impact business in 2022. Part 6 covers the user experience ...