With thousands of logs generated every minute from your infrastructure, applications, services, and devices, retaining all of this data for active search and analysis can be cost-prohibitive. Because log volumes continue to grow rapidly as operations scale, it’s common for organizations to implement log management strategies and limit the amount that they store in order to minimize costs. Deciding which logs need to be stored and analyzed can be highly complex, and retaining only a subset of logs can make it challenging to troubleshoot effectively.
Stream-based monitoring solutions that allow you to tail your live telemetry, detect security threats, and discover sensitive data are gaining popularity because they can support real-time troubleshooting and eliminate the need to store data that only needs to be used transiently.
To further build upon the versatility of our stream-based products, we’re pleased to announce that we’ve enhanced the capabilities of Live Tail, providing you with the ability to search, correlate, and perform analytics across all ingested logs for 15 minutes. With Live Tail, you’ll gain full access to the data that you need during real-time investigations and time-sensitive analyses.
Live Tail gives you visibility into all of your logs post-processing—completely unsampled—regardless of how you’ve configured your indexes, quotas, or exclusion filters. In this post, we’ll show you how to use Live Tail to:
- Verify new deployments and streamline CI/CD troubleshooting
- Correlate directly between live traces and logs
Verify new deployments and streamline CI/CD troubleshooting
Live Tail can help you troubleshoot issues in your CI/CD pipeline in order to improve the efficiency of your development process. You can verify whether a new deployment has been successful by searching for keywords such as “deployment” and “failure” to get a bird’s-eye view of any issues that may have occurred. You can also quickly determine if hot fixes have successfully resolved an issue by viewing all logs that are ingested after you execute a change.
Reviewing your logs in real time can become extremely valuable during peak traffic times for your application or website, as well as for live streaming major events, such as sports games and television premieres. A continuous, real-time stream of logs lets you better understand what platforms or devices your viewers use to tune in, where they are viewing from, and how many are logged in at any given time. This information can help you engage with your audience effectively and troubleshoot time-sensitive incidents during broadcast to minimize negative impact on viewership.
Correlate directly between live traces and logs
Live Tail for Log Management now conveniently correlates with APM Live Search so you can view, search, and analyze all logs within the last 15 minutes that are associated with a specific trace. This correlation really comes into play during reactive troubleshooting.
As an example, let’s say you’re an engineer and discover that an application is not processing requests. You begin to review live APM traces to try and determine the root cause of the issue, but when you select a trace, all you can see is that there is some form of server error. Instead of shooting in the dark through trial and error, you can directly pivot to the Live Tail page to investigate all logs associated with the trace. Using Live Tail to examine the logs enables you to bypass any sampling or exclusion filters that may be applied to your indexes.
By analyzing the logs, you pinpoint that the root cause is a batch API failure and see the code that was run on the most recent API call attempts. You can continue your investigation by pivoting between 15 minutes of live traces and live logs as needed until the issue is resolved.
Conversely, if you begin your investigation by viewing logs, you can also directly access the related APM traces via APM Live Search for a broader view into your stack.
Because Live Tail enables you to access your unsampled logs in real time, you’ll obtain the context you need to identify root cause faster and accelerate time to resolution.
Logs on the stream
Live Tail for Datadog Log Management is designed to handle data at petabyte scale, and it enables you to view and query all ingested logs for troubleshooting and analysis without any pressure to retain them. With a real-time stream of logs, you have full visibility into the data that matters to you.
To learn more about Datadog Live Tail for Log Management, see our documentation. Don’t have a Datadog account yet? Sign up for a free trial.
