Start Analyzing your first log in less than 10 minutes.

   The first thing I did before sharing my log analyzer (or log parser)   with coworkers was writing a manual. I honestly thought I did a decent job with it. But as soon as I started answering questions from users I discovered that NOBODY READ MY MANUAL!

   I had to be honest with myself and recognize that I don’t read the manuals either because I prefer to learn by doing than by reading. So I’ve written short guide that will have you doing log analysi with my tool in less than 10 minutes.

 

Definitions.

   The log parser has three main components:

  1. Log Viewer: Displays a section of the original log file. (Upper right)
  2. Rule Set: Manages the rules available to analyze the log. (Left)
  3. Index: Provides an ordered list of the rule matches found on the log. (Lower right)

   Rules are the key element of the log analyzer. When a rule is applied to a log file each
line of the log file will be tested against it. For each line that contains all the rule
patterns a new match is added to the index.

   A rule has the following elements:

  1. Name: Unique identifier for each rule.
  2. Example: A line of text that matches the rule criteria.
  3. Patterns: A list of strings that must be present on a log line for the rule to match.
  4. Variables: A list of strings “trapped” between patterns on lines that match.
  5. Format: How a match will be added to the index.

   Match index can be used to browse through the log file or exported to document
the signature of the defect.

Initial Steps.

   In order to use the log analyzer to perform log analysis for the first time, please execute the following steps:

   1. Open a log file. [Log->Load]

  • If you don’t see your log change the extension filter to all
  • Recommended file extension is “.rls”.
  • Title will show: (L =<filename>, R = None) … 0/<lines>.
  • Viewer will show the first 1000 lines of the log.

2. Create a rule set. [Rules -> New Set]

  • This file will store all the rules you will create later.
  • Title changes to: (L =<filename>, R = <RuleSet>) … 0/<file lines>.
  • You can create a rule per project or per issue.

3. Find a line of interest.

  • To search for a string use [Log->Find].
  • To find the next line with the same string [Log->Next]
  • To find the previous line with the same string [Log->Previous]
  • You can find the current line number at the end of the title
  • (L =<filename>, R = <RuleSet>) … <current line>/<file lines>])

4.Create a rule for the line of interest. <Double click on it>

  • A “Rule Constructor” dialog will open for you.
  • The line of interest will be in the Example field.

5. Name the rule. (Will help you identify the rule latter)

6. Add rule patterns:

  • All patterns must be present in a text line to be a rule match.
  • Highlight a constant portion of the example line and press the
    <Add Pattern> button.
  • Add as many rule patterns as needed.
  • Text between patterns will automatically be added to the variable list.

7. Define the match format.

  • Format defines how the match will show up in the index.
  • It can be a mix of text and variables.
  • To print a variable add <$n> to the format.
  • If you leave the format field empty matching lines will be added to the index without modifications.

8. Save the rule [Press the <Ok> button]

  • Your new rule will be listed in the set at the left side.

9. Apply the rule to the log file. [Double click on the rule name.

  • All matches for that rule will be added to the index.

10. Go back to step 3 to add/execute as many rules as needed.

11. Explore index..

  • Double click on the match.
  • Use the log viewer scroll bar as needed.

12. Copy the index as text to document issue or share with partners. [Index->Copy All]

Executing this steps should allow you to do your first log analysis quickly and get an
idea of how the log analyzer (or log parser) works. If this is enough for you great. If you would like to
learn more about the available options please read this tool’s manual.

This entry was posted on Thursday, August 1st, 2013 at 5:45 am and is filed under LogAnalyzer. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.