Real-time log monitoring is a system that views log data as it’s created and looks for specific criteria. When a log meets the criteria, it sends a notification to the appropriate user. It’s a simple concept on its face, but the execution of real-time log monitoring is where it either becomes a huge help for the team or a nuisance for everyone involved. This article will go over why to consider using a real-time log monitoring system, four common problems with them, and how the Loupe team has addressed these problems.
Why Log Monitoring?
Before we dive into the common problems with real-time log monitoring, it is worth discussing why you would want to monitor logs in the first place.
Other kinds of monitoring systems exist, like metrics monitoring (recording hardware performance statistics) or analytics monitoring (recording user activity like Google Analytics). But log data is a uniquely good target for monitoring because:
Logs are already organized by importance. Log levels already allow you to distinguish between errors, warnings, information, fatal (critical), and more. There is a natural hierarchy to each item’s importance, with fatal being the most important all the way down to information, which doesn’t imply any problem at all. This hierarchy is useful for developers to know, but you can use it to set notification rules in advanced real-time log monitoring systems.
Logs include the most relevant data to solving the problem. Your logs can include the application in use, the version, exceptions, and other factors for each session. Metrics monitoring and analytics monitoring are also useful, but often they are monitoring symptoms of a problem, not the actions that led to the problem itself.
Metrics monitoring and analytics monitoring are still useful services, but they can’t replace log monitoring for any development team. That being said, log monitoring isn’t always a perfect experience. There are a few potential problems with real-time log monitoring that systems need to anticipate to alleviate.
Common Issues with Real-Time Log Monitoring
Real-time log monitoring systems have four common problems:
- Lack of Access
- Lack of Log Context
- Notification Spam
- Lack of Notification Targeting
Put all these problems together, and you have a system that is more annoying than it is useful. The good news is that any real-time log monitoring system you would want to use addresses these problems. Here, we will go over each problem and how Loupe was designed to solve them.
1. Lack of Access
When someone gets an alert, how easy is it for them to view the log and start figuring out the issue? It’s much easier to start troubleshooting quickly if you can access the log data from your desk in your office or from home rather than on a specific machine or server, which may be difficult to get to.
With Loupe, we made access really simple: if you have a web browser, you can access your log data. Any log data ran through the Loupe agent can be sent to our cloud-hosted service, Loupe Server. To make it even easier, any notification sent through Loupe-Server will have a link to the appropriate event or issue based on your settings.
If you don’t want to use the browser interface with Loupe, you can still access the logs using our desktop application, as long as you link the service. You can learn how to do that as well as how to use other Loupe desktop features here.
2. Lack of Log Context
You get an alert for a problem, but the alert and log lack the context for what happened before that event. It can be difficult to find the data trail leading up to a specific event depending on the logging system. You may have an exception and a stack trace to help, but that’s not a clear indicator of the actions taken previously in the session.
To solve most problems, you will need to look at more than a single log file. You can of course do this manually by viewing logs from the same period of time, seeing if they relate to the error, and piecing together the story from there. With some log management systems, you can narrow the logs even further by restricting results to logs from specific users or machines, which will help significantly. But that’s still annoying. No matter how many search filters you have, it can still be a pain.
So, for Loupe, we added a Log Context menu. This allows developers to see the log data generated in the specific session before the event that caused a notification. This way, you quickly have access to all the relevant log data you may need, and only that data.
You can find the Log Context menu button next to the relevant log (in the screenshot above, it’s the button in the red square).
Once the menu is open, you can then look through the previous logs recorded for the relevant session, and expand them individually for more details.
3. Notification Spam
If the alert system is not tuned properly or has limited customization, it results in alerts being sent out too often. If the software notified you of every disconnection or every minor error in a beta branch, that could add up to a significant number of notifications. So many that you run into “boy who cried wolf” territory and are encouraged to ignore notifications entirely.
The best way for a system to combat this problem is by allowing for precise notification parameters.
With Loupe, you can filter your notifications by product, by application, the version of the application, by computer, and more. This allows you to tune alerts for highly specific circumstances. This way, you can avoid the noise and trust that when you get a notification, it’s for a property you’re responsible for.
Additionally, this is log data, so we took advantage of the natural hierarchy. You can select whether you want notifications for every log (not recommended), for only critical events, errors, or warnings. You can decide the level of importance that requires your attention and avoid letting the rest distract you.
4. Lack of Notification Targeting
Who is receiving notifications? If everyone is receiving notifications, who is actually responsible for them? In situations where too many people are expected to react to alerts, sometimes no single person will feel accountable. Another aspect of this issue is that some notification systems contact the correct person but in the wrong way. Some developers prefer communication through email, and some prefer communication through messenger applications. The same is true for where developers prefer to be notified by their logging systems. The more options available for the logging system, the better.
For Loupe, we have multiple notification destination options, including email or messenger applications such as Google Hangouts, Microsoft Teams, or Slack. This way, you can notify the correct individual or group in whichever location they check the most and be sure nothing gets lost in the shuffle.
Let’s Make Real-Time Log Monitoring Easy
We have spent a lot of time thinking about the potential problems with real-time log monitoring so our customers don’t have to. But even if you aren’t a customer, if you are interested in using a real-time log monitoring system or use a different one already, consider how the system addresses these problems and ask yourself if it is doing enough.
If you are interested in seeing how we solved these problems for yourself, you can start a free trial of Loupe Server. It’s built to easily work with JAVA and .NET applications, including the most recent .NET 5. Get started by clicking the button below.