To use logs with Instana, you have the following options:

  • Collect application and service logs automatically. For more information, see Log messages.
  • Correlate logs with metrics and traces by using the logs within the context of Kubernetes and containers. For more information, see Analyze Kubernetes logs.
  • Enrich traces or calls with extra messages. For more information, see Instana tracing SDK.
  • Integrate with a dedicated logging product. For more information, see Logging integrations.

Analyze logs

Examine Logs in detail as in Unbounded Analytics, where you can see all the log-related information, and slice and dice them to help you on your troubleshooting journey.

View Logging Analytics

You can find logging information on the drop-down list of Analytics Applications as follows:

Filtering and grouping

Three approaches are provided to filter data:

  • Query Builder
  • From within a Log
  • Filter Sidebar

You can use each of the approaches individually, but best results are achieved when you combine these approaches.

Query Builder

Use the Query Builder on the Analytics dashboard to filter the initial result set. By clicking Add filter, you can apply different filters from a catalog that is divided by sections. A quick search function can help to access your filtering in a quicker way. You can filter by using any attribute of a Log, such as Level, Message, Stream, Custom Tags, Snapshot, Trace Ids and Exceptions. Additional filters related to technologies that are observed by Instana are also available. After you select one of that filters, a constructor appears on the filtering area, with an “equals” operator as default and an input field for typing the relevant value. In case of standard values or related Instana entities, you can see some suggestions on a drop-down list. When you troubleshoot problems, you can filter by using the “is present” operator to make a quick query on exceptions.

When you add more than one filter, an AND boolean operator appears as default. You can change the operator by clicking it. In any time of your troubleshooting journey, if you need to remove any of the filtering or the operators, click the filter or operator, and then click the “x” symbol.

To apply grouping, click Add group, and select one of the tags. A common use case for grouping is to find out which services or hosts are generating more logs, which can help scope down the search.

In this case, you can Focus in the group with host name ip-10-255-219-199 by clicking the Funnel icon near the Number of logs data. Then, Instana will add this host name as filter and remove the host grouping.

From within a log

When the log message contains custom tags, they are highlighted in gray, and suitable to be added as a filter to the query builder by just clicking over them. In the following example, you can see the remote address and the remote host The second image shows the result of adding the custom tags as filter from within the log message.

If you expand a log, you can see the log tag table, where additional information related to the log is shown in sections. If you hover over each row, contextual actions are provided. If you use contextual actions within a log, you can execute the actions and display a log list with the source log, which are open to facilitate the troubleshooting flow.

Available contextual actions and use examples

Group by Tag: Show a view where all the logs for the specific time frame and filters are grouped by that specific tag and the different values that it takes. This view is very convenient to get hints of log volume for a specific tag. The recommended next step is to click focus on this group, so that a specific tag and value are added as a filter, and infinite scrolling is available for use. Note: If you expand a group, only an overview is provided and infinite scrolling is not available in this step.

Add as a filter: Add the tag and its value as a filter. The default is added as “and”. In the following example, the stream is added to the former applied filter “warn”.

Copy: Copy the tag value to the clipboard. The tag value can be used when you create a troubleshooting ticket for your team.

Reading Entities spark charts and metrics on live mode

If you activate the Live mode on the time picker area, you can see live information on the Spark charts and Metrics section within a log. In the following example, you can see how to inspect different values on a spark chart and how the metric values change with the time.

From side filter bar

The side bar provides a flexible way of filtering and grouping in combination with the query builder and within a log. The side filter bar provides the possibility to filter and group by 3 main tags: Log levels, Stream and Services. Even before to apply any filters, you can get a hint on the amount of logs for each different value of that tags by looking at the number that is displayed near the category. In the following example, you can see that 30.3k logs are provided for the error tag. If you check the box for a value , you add the value to the filter. To remove the value, uncheck the box for the value. Grouping by a filter can be done directly from the icon near the main category title.

Sharing with your team

Work with logs that are needed to share information with other members of your team. By clicking the link button on a specific log, you can share a short link with your team. When anyone else uses the link, Instana shows the same screen with the timeframe, filters and source log that are highlighted open and centered in the screen, to facilitate collaboration.

Logging integrations

Instana integrates with external logging providers to enable a fluid workflow between your ecosystem of tools.

Technology Details
Coralogix Link
ELK Link
Humio Link
Mezmo Link
Splunk Link