The Right Log Viewer For You: 5 Things To Consider
There are numerous Log Viewer / Log Analyzer tools on the market, reflecting the fact that the standard log analysis functionality provided by most operating systems is insufficient to adequately address the investigation of complicated software problems.
Therefore, the command-line oriented Linux/Unix operating system provides powerful standard log analysis tools such as grep and regular expressions. These are quite sufficient for single log line data analysis, for example, calculating transaction rate statistics. However, they fall short if we need, for example, to analyze the correlation between record lines, that is, the recognition of logically linked lines. So, for the example above, if we were to calculate system response time statistics, we would first need to find the start and end line for each transaction. Even on Linux, this task requires advanced scripting and eventually the task may be too slow to complete in a reasonable amount of time.
Basically, Windows uses a graphical user interface, but there is no standard graphical log analyzer, and standard text editors are intended for office use and only offer a simple string search. The same applies to Mac OS, although (since it’s based on Linux) you also have the option of using a command line interface. Linux environment can be simulated on Windows with the help of Cygwin software.
In our opinion, to select the most suitable Log Viewer for your tasks, you should consider 5 main questions.
Question 1. What is the size of the log file that you need to analyze? Although in many cases software systems have some method of log rotation, log files can sometimes grow very large. Software professionals sometimes have to analyze files larger than 1 GB. Especially on Windows, handling large files is not an easy task, so you should evaluate the performance of a tool for a log file of its size.
Question 2. Do you need to analyze binary files? Most tools only support logs in text format.
Question 3. Do you anticipate the need to merge multiple log files for analysis at longer time intervals? For example, to obtain more reliable statistics. Not all tools support this.
Question #4. Would you prefer a graphical analysis tool? It is well known that a picture can be worth a thousand words, but is this also the case in log analysis? The answer is yes. Each log line is overloaded with information, and as we saw earlier, the number of lines in the log is often too large to easily navigate between them visually; it cannot hold as much information in its memory when scrolling on the screen. Charts add a new dimension to analysis, making it easier to see trends or just quicker to find what you’re looking for.
Adding graphical functionality to a Log Viewer is not an easy task. A log file does not have a regular structure: the log is usually the place where many independent processes write their messages, each one may be using its own format. Compared to a file as well structured as, say, a spreadsheet, we can’t plot one column against another.
One way to solve this problem is to add log pattern recognition and analysis functionality, which leads us to
Number 5. Would you need to look for log patterns and analyze them? The record pattern is a repeatable combination of keywords that can have different values associated with them.
Let’s take an example. Any web server log contains a series of repeated HTTP GET requests and 200 OK responses (or other code). Each request has a URI that points to a certain page on the server. These 3 objects (GET, URI, and 200 OK) form a natural pattern, and their occurrence can be plotted as a function of time, where the request URI and/or response code can be represented as a title for the item point. graphic.
This example shows how powerful Log Analysis can be when pattern processing of log data is combined with a graphical display.