Once your log data is in Honeycomb, you can use it to analyze and explore your systems in novel ways.
Before beginning this guide, you should have:
In Honeycomb, you can slice and dice your data from your Home view, or create Boards to save relevant queries and visualizations. Either way, you will want to leverage Honeycomb’s features to create Triggers and explore anomalies using BubbleUp and Correlations.
Once you have log data in Honeycomb, navigate to the Home view and select your log dataset to begin exploring your data.
The Logs view contains visualizations specially designed for exploring log data.
In addition, when you view events in the Explore Data view, you can change your data display to present data as log lines.
To learn more about the log lines display, visit Explore Events: Events View.
For quick reference over time, you should create a Board that you can customize to show log-specific items of interest.
Once you have created a Board, you will likely want to configure some Triggers, so you can receive notifications when your data in Honeycomb crosses defined thresholds.
To create a Trigger:
Simplify debugging by using the core analysis loop–Honeycomb BubbleUp, Correlations, and rich queryable data–to dig in to application behavior.
Examine what a subset of logs might have in common using BubbleUp.
Scenario: You have structured MySQL slow query logs and want to discover specific queries that are running slower than expected.
Solution:
Run a query that visualizes a heatmap on query_time
, then use BubbleUp to identify similarities between the slow queries.
Navigate to the Query Builder.
Build the following query:
VISUALIZE |
---|
HEATMAP(query_time) |
Select Run Query.
In the Query Results section, locate the heatmap, and draw a box around logs that have a longer duration than you prefer.
From the context menu, select Detect Anomalies (BubbleUp).
Locate the Anomalies view, and use the charts to examine the attributes that that logs inside your selection have in common.
Notice the statement
chart–each of the problematic logs contains the same DELETE
statement.
You can now use the normalized_query
chart to see the exact shape of the query that you need to optimize.
Because of the shape of unstructured log data in Honeycomb, unstructured logs can be hard to query.
To improve the experience and make unstructured logs more useful, use custom fields to parse meaningful information out of the message
attribute.
Leverage the REG_VALUE
operation to parse log data using regular expressions.