Getting Started with Observe


As the Site Reliability Engineer (SRE) for your online retail company, Sockshop, you ensure site uptime and accessibility for your customers. The company has deployed its front-end applications to a production environment using the host, As a spot check on the application, you want to search for any potential errors in the logs that occurred in the last 60 minutes.

However, the term, error, may occur in log messages with the term, Unimplemented, which are not true error log messages. You want to filter those out of the data and narrow down the log messages to real error messages. Then extract the errors, the API paths, and severity into separate columns for better debugging. Lastly, share a link to the data with your team of SREs and developers.

How Does Observe Ingest Kubernetes Container Logs?

Observe receives Container Logs from the Kubernetes application and stores them in the Container Logs Dataset. The Container Log Dataset receives logs about applications, including the ones obtained from the frontend application in Sockshop. The Dataset includes a timestamped event table with a line for each log message. Once you log into Observe and locate the Container Log Dataset, open it and perform a few simple operations to obtain data about your application errors.

For more about Observe concepts and features, refer to the Observe User Guide.

Let’s Get Started

  1. Log into Observe and click Datasets.

  2. Enter Container in the Search bar.

Search for Dataset

Figure 1 - Search for Dataset

4. Click on the Container Logs Dataset to open it.

5. From the Filter list on the left, under Container, select frontend to view only errors from the front end.

Select the filter, frontend.

Figure 2 - Select the filter, frontend

6. From the Actions menu, select Open in Worksheet. A new untitled Worksheet opens, and you use this to model your data.

Convert to JSON

Figure 3 - Open a Worksheet

7. In the Filter field, type the rule, log=error, to search for text strings and find the log lines with substream errors.

8. Add the rule, log!=Unimplemented, to filter out this error message. You won’t need these messages for your analysis.

Filter the column data

Figure 4 - Filter the column data

9. Expand the Time Range from the default value of 15 minutes to 60 minutes.

Expand the time range

Figure 5 - Expand the time range from 15 to 60 minutes

10. Scan the resulting output to see what errors occurred.

11. Extract http.req.path, error, and severity parameters into separate columns. Click the V at the top of the log column, and then click Extract from JSON.

12. From the Fields to Extract panel, select http.req.path, error, and severity. Click Apply.

Extract to JSON

Figure 6 - Extract to JSON

13. Add a title to your Worksheet, such as Front End Error Messages. Click Save.

Save your Worksheet

Figure 7 - Save your Worksheet

14. Click the Share link icon Share icon to copy the link, and share it with your team.