Getting Started with Observe

Overview

As the Site Reliability Engineer (SRE) for your online retail company, Sockshop, you ensure site uptime and accessibility for your customers. The company has deployed its front-end applications to a production environment using the host, K8s.observeinc.com. As a spot check on the application, you want to search for any potential errors in the logs that occurred in the last 60 minutes.

However, the term, error, may occur in log messages with the term, Unimplemented, which are not true error log messages. You want to filter those out of the data and narrow down the log messages to real error messages. Then extract the errors, the API paths, and severity into separate columns for better debugging. Lastly, share a link to the data with your team of SREs and developers.

How Does Observe Ingest Kubernetes Container Logs?

Observe receives Container Logs from the Kubernetes application and stores them in the Container Logs Dataset. The Container Log Dataset receives logs about applications, including the ones obtained from the frontend application in Sockshop. The Dataset includes a timestamped event table with a line for each log message. Once you log into Observe and locate the Container Log Dataset, open it and perform a few simple operations to obtain data about your application errors.

For more about Observe concepts and features, refer to the Observe User Guide.

Let’s Get Started

  1. Log into Observe and click Explore Explore icon.

  2. Click Dataset below the Search bar.

  3. Enter Container in the Filter field.

Search for Dataset

Figure 1 - Search for Dataset

4. Click on the Container Logs Dataset to open it.

5. From the Filter list on the right, under Container, select frontend to view only errors from the front end.

Select the filter, frontend.

Figure 2 - Select the filter, frontend

6. Click the V at the top of the log column, and then click Convert to JSON. A new untitled Worksheet opens, and you use this to model your data.

Convert to JSON

Figure 3 - Convert the log column to JSON

7. In the Filter field, type the rule, log=error, to search for text strings and find the log lines with substream errors.

8. Add the rule, log!=Unimplemented, to filter out this error message. You won’t need these messages for your analysis.

Filter the column data

Figure 4 - Filter the column data

9. Expand the Time Range from the default value of 15 minutes to 60 minutes.

Expand the time range

Figure 5 - Expand the time range from 15 to 60 minutes

10. Scan the resulting output to see what errors occurred.

11. Extract http.req.path, error, and severity parameters into separate columns. Click the V at the top of the log column, and then click Extract from JSON.

12. From the Fields to Extract panel, select http.req.path, error, and severity. Click Apply.

Extract to JSON

Figure 6 - Extract to JSON

13. Add a title to your Worksheet, such as Front End Error Messages. Click Save.

Save your Worksheet

Figure 7 - Save your Worksheet

14. Click the Share link icon Share iconto copy the link, and share it with your team.