
Crucially, it can also tell you when it suddenly gets slower. fields | filter like /correlationId1/ or like /correlationId2/ | sort desc | limit 20 Task 2 - Figure Out How Fast Your System Is (And Spot When It Gets Worse)Ī simple graph can tell you how slow or fast your system is. fields | filter like /17409/ | sort desc | display correlationId | limit 200Īnd then to search using the correlation IDs. You also need to explicitly order your results. You can make your regexs however complicated you like. You need to select one or more categories above the query text area to run your query against. Cloudwatch Insightsįirst note that the category is not included in the query text itself. With any luck you should now be on the path to solving the mystery. _sourceCategory=Prod/*/importantAPI (“correlationId1” or "correlationId2") Having extracted only the relevant requests you now want to see as much detail as possible.

Start request, verifying received parameters, checking the account is valid etc etc. Now you have the correlation IDs you can search again and see the entire life cycle of each of the requests that touched the problem order. You should however definitely have correlation IDs in your log entries. You could just as easily remove that line and see whole log entries. The correlation ID extraction part of this query is mostly just to show how you can extract a single field from a json log entry. You can also do things like “Prod/*/*API” to match all APIs across all production systems or “Prod/*/*” to search every system in production. In this case the categories “Prod/sales/importantAPI” and “Prod/inventory/importantAPI” would match.

Sumo logic _sourceCategory=Prod/*/importantAPI “17409” | json “correlationId”Ī star is a wildcard.

Alternatively, the string “17409” may be an error message someone received.įirst, search for references to that order ID. Something has gone awry with order 17409 and you need to figure out what. Task 1 - Figure Out What The Hell Happened Each has their own flavour of log query syntax and their own way to tackling common tasks. Tools like Sumologic and and Cloudwatch Insights exist to help you sort through the haystack to find the needle you require. We do some reasonably sophisticated stuff with our logs but it still doesn’t take much activity to generate more log data than you can expect to sit and read. Logs are a crucial part of monitoring the performance of your production environment when it’s running normally and figuring out what went wrong when it’s not. Make sense of your logs with Sumologic and Cloudwatch Insights
