Examining the Features of a Good Log File Viewer
Examining the Features of a Good Log File Viewer
Learn about the features of a good log file viewer, plus the basics of visualization tools, reporting, collaboration, and more.
Join the DZone community and get the full member experience.Join For Free
Get the fastest log management and analysis with Graylog open source or enterprise edition free up to 5GB per day
When you think of a log file viewer, what do you think of? Come on, be honest. Vim or Emacs? Notepad++ or Sublime? Do you just invoke "tail" from the command line? Please say you're not just using Notepad in Windows. No judgment, but if you're going that route, you're putting yourself through a lot of unneeded pain.
I ask about these tools - these text editors - because that's how we conceive of a log file viewer. Logs are text files. So when we go to view them, we use a tool meant for viewing (and editing) text. This is completely understandable, and it's also served us well as an industry since some programmer half a century ago first had the idea to output runtime information to a file.
Or, at least, it has sufficed. Viewing log files with a text editor supplies us with the basics for troubleshooting. We can look at the information contained in the file and we can do text search, with varying degrees of sophistication. And, if necessary, we can copy and make modifications to the text.
But surviving isn't thriving. When it comes to employing a log file viewer, we can ask for so much more. This really shouldn't surprise in the year 2017. Software is "eating the world" and the DevOps movement has brought us an explosion of SaaS and tools to help software shops. Should it really surprise anyone that the modern log file viewer can do some awesome stuff?
Let's take a look at some of what you should expect when picking a tool to help you view your logs. What are features of a good log file viewer in this day and age?
A Log File Viewer Should Scale Well for Viewing
Remember how I asked about Notepad, and how I talked about the pain it brings you? It's nothing against the tool; Notepad is great as, well, a notepad. You open it up quickly, make a few text notes for later, and close it.
But have you ever tried opening a gigantic text file with it? It'll hang, and then it will probably crash at some point. Or, if you go away overnight and are lucky, you might find your file opened in the morning, at which point you can sluggishly review it.
This is an example of scaling terribly for purpose. And that makes sense since Notepad wasn't meant for this sort of thing. But when you're talking about log file viewers, they are meant precisely for this sort of thing. So a good log file viewer should scale easily to large volumes of logs, and behave intelligently when opening such files.
This means that it should load immediately and without sluggishness, showing you some subset of the data in the file. It should then set about loading more in the background or only on demand when you need it. If your log file viewer takes forever to open or crashes on searches, you need a new one.
Sophisticated and Intuitive Search
Speaking of search, that's the next thing to demand in a log file viewer. When you're choosing among log management tools, make sure your viewer can perform sophisticated search.
Text editors, the historical tool for this sort of viewing, have various capabilities here. Some, such as the aforementioned Notepad, support only basic text search. Others may have more sophisticated capabilities, such as wildcard searches or even regex support. But they're still not designed for the use case that we have in mind. These text editors are for, well, editing text - not viewing and parsing large amounts of mostly textual data.
And, on the user experience side, it should also make search much more pleasant for you. As much as everyone likes dusting off their regex skills or googling for complicated recipes, a good log file viewer shouldn't force you to do that. Instead, it should offer visual search assistance and make the experience as easy for you as possible.
Visualization Tools Are Important
At first blush, talking about visualization may seem a little strange. Isn't the whole premise of a log file viewer that it allows you to visualize your logs? Well, yes and no. Yes, a text editor allows you to physically see what text exists in your log files. But no, it doesn't really help you visualize it.
Here's what visualizing your logs looks like.
What your log files really contain is not text, but data. This means that you can meaningfully quantify it and observe trends. You can then use a good tool to represent these trends in graphical format. Graphs, like the one shown above, are an important part of this, as are dashboards.
Visuals give you instant, compelling insights about what's happening with your logs. A giant spike in 403 codes in your log file might slip by unnoticed if text is your only means of viewing. But if you have a graph of 403s showing a giant spike in the last hour, you'll know instantly that something fishy is happening.
It Should Also Provide Reporting
Visualizing data is critical. But so too is having a means to report on that data. The former can help you monitor trends as they happen and understand the big picture being painted by your software. But the latter lets you communicate those trends to external stakeholders, including non-technical ones.
Your log files store data that, properly communicated, should interest everyone. Sure they'll have error codes and highly technical operation specifics. But they'll also let you paint pictures of things like uptime, reliability, traffic, and revenue.
The log file viewer you choose should give you a means to generate custom reports based on these concerns (or any others you think of). You can then take those reports and use the power of visualization to paint a picture for your non-technical peers.
They Give You the Means to Share Information and Collaborate
At first blush, "means to share information" may sound like another way to describe the visual and reporting capabilities. But I'm not talking specifically about visualizations and I'm not talking about socializing information with people outside of the IT group.
Instead, I'm talking about collaboration within the group. It's all well and good if you have a fancy tool that lets you search your logs, generate graphs, and report on them. But if you're the only one on the team with that ability, it's usefulness becomes somewhat limited. Or, if everyone has the tool, but you have to recreate the same graphs and reports for every single person using it, it likewise becomes limited in usefulness.
You need to make sure your log file viewer allows collaboration and sharing among all of the folks in IT that intend to use it. If I create a dashboard and save it, you should have the ability to reference that dashboard. Same thing for any other custom capabilities that it gives you.
Take Advantage of What's Out There
I have, by no means, given you an exhaustive list of what a log file viewer can provide for you. My intention here was simply to list some powerful features in order to make you aware of what's available to you.
If you're using your favorite text editor to view log files, or even Notepad or the shell, that's completely understandable. Those tools have been around for a long time, you're comfortable with them, and they get the job done, after a fashion. But you're missing out.
Your log files have a lot of valuable information for you in the form of data. Make sure you're getting the most out of that data by picking out and using a sophisticated log file viewer.
Published at DZone with permission of Erik Dietrich , DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.