Log Analysis
Last updated
Last updated
Note: Before going through this article, we recommend you know how to create a log template.
From the “Analysis History” page click on “Log Analysis” to view the scores of each log, Event, Cluster graph, Perceived Risk, and Sensitivity. Refer to the image below.
An “Event” is a log line or group of lines depending on the log type. For example, the Java exception log with stack trace exception of multiple lines is considered one event. Similarly, log lines for errors from Python code are also considered as one event.
The deployment is analyzed by the logs of the new releases against the baseline. The events are categorized into 'UnExpected', 'Expected', 'Baseline', 'Ignored', and 'All'. All of these are done through Natural Language Processing. The events are auto-identified by the type of clusters.
The type of events in log analysis are as follows:
Errors and warnings appear only in a Release version and the common Errors/Warnings occur more often in a Release version than in Baseline.
Unexpected logs are critical errors, which are not supposed to happen either in the Baseline or in New Release.
The Info/Debug events are common to both Baseline & Release and the Errors/Warnings occur less often in the Release version as compared to Baseline.
Expected logs are when you compare the logs of both Baseline and Release, both logs are the same and there is no difference.
The Info/Debug events are unique for a version release. The baseline events are used as a standard to assess the quality of the next version release.
The Info/Debug events of the Release version are not of much importance.
All events of Baseline and Release versions.
You can reclassify the Logs in the Log Analysis of the Analysis report. Suppose let us say you received an Unexpected log which is classified as a “Warning”. Later you decided to consider this “Warning” as “Ignore” and move ahead with the Analysis. In that case, you can reclassify the “Warning” as “Ignore”.
Follow the steps below to reclassify the Logs.
From the Analysis report, click on “Log Analysis” tab and click on “Unexpected”. Refer to the image below.
Click on the drop-down of log type. In this example the type of Log is “Warning”. Refer to the image below.
Let us say you would like to reclassify the Log type “Warning” as “Ignore”. To do so, click on “Ignore” from the drop-down and specify a reclassification comment in the “Reason for Reclassification” text box and click the “Submit” button. Refer to the images below.
Now click on the “Re-run” button to re-run the Analysis which will ignore the warning. Refer to the image below.
In the same way you can reclassify the other Log types from one type to another type.
A “Cluster” is a group of log events that share high similarities with each other. A cluster of log events may differ in the variable values or in commonly occurring terms that add no additional information to the log event. Events in logs are processed to form clusters of events.
The summary of the log events for risk analysis is represented in a bubble graph. The x-axis represents the sequence number of events and the y-axis is the logical representation of the number of times the events are repeated within the cluster.
Mouse over the bubbles to display the repetition count of the event along with the starting event string.
The graphical representation of the risk calculated by the system. The needle represents the risk of deploying this release into production. The boundary of ‘Low’, ‘High’, and ‘Medium’ is derived from the "minimumCanaryResultScore" and "canaryResultScore" values provided as input to start this risk analysis. Refer to the image below:
This option instructs the system on how sensitive the application should be for each of the unexpected events found. The default value is ‘high’ signifying that each and every unexpected event should be treated with higher weightage. You can set the sensitivity using the drop-down as shown in the image below:
To see the template used in a particular analysis run, click on “View Info”, then click on the template name URL. It will open the configured template version which was used in the run.
The following image shows the log and metric template being used with filter values for baseline and canary to generate analysis results.