Application Logging

Application logging is a critical component of system observability, providing detailed event records that capture the “why” behind system behavior. Geode implements comprehensive structured logging in JSON format, making logs machine-readable, easily queryable, and integrable with modern log aggregation platforms. Effective logging enables debugging, security auditing, performance analysis, and compliance tracking. Geode’s logging system balances detail with performance, providing rich context without impacting query throughput. This guide covers logging architecture, configuration, best practices, log analysis techniques, and integration with popular log management platforms. <h3 id="structured-logging-architecture" class="position-relative d-flex align-items-center group"> Structured Logging Architecture <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="structured-logging-architecture" aria-haspopup="dialog" aria-label="Share link: Structured Logging Architecture"> Share link </button> </h3><div id="headingShareModal" class="heading-share-modal" role="dialog" aria-modal="true" aria-labelledby="headingShareTitle" hidden> <div class="hsm-dialog" role="document"> <div class="hsm-header"> <h2 id="headingShareTitle" class="h6 mb-0 fw-bold">Share this section</h2> <button type="button" class="hsm-close" aria-label="Close"> </button> </div> <div class="hsm-body"> <label for="headingShareInput" class="form-label small text-muted mb-1 text-uppercase fw-bold" style="font-size: 0.7rem; letter-spacing: 0.5px;">Permalink</label> <div class="input-group mb-4 hsm-url-group"> <input id="headingShareInput" type="text" class="form-control font-monospace" readonly aria-readonly="true" style="font-size: 0.85rem;" /> <button class="btn btn-primary hsm-copy" type="button" aria-label="Copy" title="Copy"> </button> </div> <div class="small fw-bold mb-2 text-muted text-uppercase" style="font-size: 0.7rem; letter-spacing: 0.5px;">Share via</div> <div class="hsm-share-grid"> <a id="share-twitter" class="btn btn-outline-secondary w-100" target="_blank" rel="noopener noreferrer"> Twitter </a> <a id="share-linkedin" class="btn btn-outline-secondary w-100" target="_blank" rel="noopener noreferrer"> LinkedIn </a> <a id="share-facebook" class="btn btn-outline-secondary w-100" target="_blank" rel="noopener noreferrer"> Facebook </a> </div> </div> </div> </div> <style> .heading-share-modal { position: fixed; inset: 0; display: flex; justify-content: center; align-items: center; background: rgba(0, 0, 0, 0.6); z-index: 1050; padding: 1rem; backdrop-filter: blur(4px); -webkit-backdrop-filter: blur(4px); } .heading-share-modal[hidden] { display: none !important; } .hsm-dialog { max-width: 420px; width: 100%; background: var(--bs-body-bg, #fff); color: var(--bs-body-color, #212529); border: 1px solid var(--bs-border-color, rgba(0,0,0,0.1)); border-radius: 1rem; box-shadow: 0 25px 50px -12px rgba(0, 0, 0, 0.25); overflow: hidden; animation: hsm-fade-in 0.2s ease-out; } @keyframes hsm-fade-in { from { opacity: 0; transform: scale(0.95); } to { opacity: 1; transform: scale(1); } } [data-bs-theme="dark"] .hsm-dialog { background: #1e293b; border-color: rgba(255,255,255,0.1); color: #f8f9fa; } .hsm-header { display: flex; justify-content: space-between; align-items: center; padding: 1rem 1.5rem; border-bottom: 1px solid var(--bs-border-color, rgba(0,0,0,0.1)); background: rgba(0,0,0,0.02); } [data-bs-theme="dark"] .hsm-header { background: rgba(255,255,255,0.02); border-color: rgba(255,255,255,0.1); } .hsm-close { background: transparent; border: none; color: inherit; opacity: 0.5; padding: 0.25rem 0.5rem; border-radius: 0.25rem; font-size: 1.2rem; line-height: 1; transition: opacity 0.2s; } .hsm-close:hover { opacity: 1; } .hsm-body { padding: 1.5rem; } .hsm-url-group { display: flex !important; align-items: stretch; } .hsm-url-group .form-control { flex: 1; min-width: 0; margin: 0; background: var(--bs-secondary-bg, #f8f9fa); border-color: var(--bs-border-color, #dee2e6); border-top-right-radius: 0; border-bottom-right-radius: 0; height: 42px; } .hsm-url-group .btn { flex: 0 0 auto; margin: 0; margin-left: -1px; border-top-left-radius: 0; border-bottom-left-radius: 0; height: 42px; display: flex; align-items: center; justify-content: center; padding: 0 1.25rem; z-index: 2; } [data-bs-theme="dark"] .hsm-url-group .form-control { background: #0f172a; border-color: #334155; color: #e2e8f0; } .hsm-share-grid { display: flex; flex-direction: column; gap: 0.5rem; } .hsm-share-grid .btn { display: flex; align-items: center; justify-content: center; font-size: 0.9rem; padding: 0.6rem; border-color: var(--bs-border-color); width: 100%; } [data-bs-theme="dark"] .hsm-share-grid .btn { color: #e2e8f0; border-color: #475569; } [data-bs-theme="dark"] .hsm-share-grid .btn:hover { background: #334155; border-color: #cbd5e1; } </style> <script> (function(){ const modal = document.getElementById('headingShareModal'); if(!modal) return; const input = modal.querySelector('#headingShareInput'); const copyBtn = modal.querySelector('.hsm-copy'); const twitter = modal.querySelector('#share-twitter'); const linkedin = modal.querySelector('#share-linkedin'); const facebook = modal.querySelector('#share-facebook'); const closeBtn = modal.querySelector('.hsm-close'); let lastFocus=null; let trapBound=false; function buildUrl(id){ return window.location.origin + window.location.pathname + '#' + id; } function isOpen(){ return !modal.hasAttribute('hidden'); } function hydrate(id){ const url=buildUrl(id); input.value=url; const enc=encodeURIComponent(url); const text=encodeURIComponent(document.title); if(twitter) twitter.href=`https://twitter.com/intent/tweet?url=${enc}&text=${text}`; if(linkedin) linkedin.href=`https://www.linkedin.com/sharing/share-offsite/?url=${enc}`; if(facebook) facebook.href=`https://www.facebook.com/sharer/sharer.php?u=${enc}`; } function openModal(id){ lastFocus=document.activeElement; hydrate(id); if(!isOpen()){ modal.removeAttribute('hidden'); } requestAnimationFrame(()=>{ input.focus(); }); trapFocus(); } function closeModal(){ if(!isOpen()) return; modal.setAttribute('hidden',''); if(lastFocus && typeof lastFocus.focus==='function') lastFocus.focus(); } function copyCurrent(){ try{ navigator.clipboard.writeText(input.value).then(()=>feedback(true),()=>fallback()); } catch(e){ fallback(); } } function fallback(){ input.select(); try{ document.execCommand('copy'); feedback(true);}catch(e){ feedback(false);} } function feedback(ok){ if(!copyBtn) return; const icon=copyBtn.querySelector('i'); if(!icon) return; const prev=copyBtn.getAttribute('data-prev')||icon.className; if(!copyBtn.getAttribute('data-prev')) copyBtn.setAttribute('data-prev',prev); icon.className= ok ? 'fa-duotone fa-clipboard-check':'fa-duotone fa-circle-exclamation'; setTimeout(()=>{ icon.className=prev; },1800); } function handleShareClick(e){ e.preventDefault(); const btn=e.currentTarget; const id=btn.getAttribute('data-share-target'); if(id) openModal(id); } function bindShareButtons(){ document.querySelectorAll('.h-share').forEach(btn=>{ if(!btn.dataset.hShareBound){ btn.addEventListener('click', handleShareClick); btn.dataset.hShareBound='1'; } }); } bindShareButtons(); if(document.readyState==='loading'){ document.addEventListener('DOMContentLoaded', bindShareButtons); } else { requestAnimationFrame(bindShareButtons); } document.addEventListener('click', function(e){ const shareBtn=e.target.closest && e.target.closest('.h-share'); if(shareBtn && !shareBtn.dataset.hShareBound){ handleShareClick.call(shareBtn, e); } }, true); document.addEventListener('click', e=>{ if(e.target===modal) closeModal(); if(e.target.closest && e.target.closest('.hsm-close')){ e.preventDefault(); closeModal(); } if(copyBtn && (e.target===copyBtn || (e.target.closest && e.target.closest('.hsm-copy')))) { e.preventDefault(); copyCurrent(); } }); document.addEventListener('keydown', e=>{ if(e.key==='Escape' && isOpen()) closeModal(); }); function trapFocus(){ if(trapBound) return; trapBound=true; modal.addEventListener('keydown', f=>{ if(f.key==='Tab' && isOpen()){ const focusable=[...modal.querySelectorAll('a[href],button,input,textarea,select,[tabindex]:not([tabindex="-1"])')].filter(el=>!el.hasAttribute('disabled')); if(!focusable.length) return; const first=focusable[0]; const last=focusable[focusable.length-1]; if(f.shiftKey && document.activeElement===first){ f.preventDefault(); last.focus(); } else if(!f.shiftKey && document.activeElement===last){ f.preventDefault(); first.focus(); } } }); } if(closeBtn) closeBtn.addEventListener('click', e=>{ e.preventDefault(); closeModal(); }); })(); </script>Geode uses structured logging where each log entry is a JSON object with consistent fields: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-json" data-lang="json">{ "timestamp": "2026-01-24T10:15:30.123456Z", "level": "INFO", "logger": "geode.query.executor", "message": "Query executed successfully", "query_id": "q-12847", "user": "[email protected]", "client_type": "python", "duration_ms": 45.3, "rows_returned": 1250, "plan_type": "indexed_lookup", "trace_id": "abc123def456", "span_id": "xyz789" } </code></pre></div>Benefits: <ul> <li>Machine-Readable: Easy parsing and analysis with tools like jq, Elasticsearch, or Loki</li> <li>Queryable: Search and filter by any field</li> <li>Consistent: Predictable structure across all log entries</li> <li>Contextual: Rich metadata for debugging</li> <li>Correlatable: Links to traces and metrics via IDs</li> </ul> <h3 id="log-configuration" class="position-relative d-flex align-items-center group"> Log Configuration <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="log-configuration" aria-haspopup="dialog" aria-label="Share link: Log Configuration"> Share link </button> </h3> <h4 id="basic-configuration" class="position-relative d-flex align-items-center group"> Basic Configuration <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="basic-configuration" aria-haspopup="dialog" aria-label="Share link: Basic Configuration"> Share link </button> </h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-toml" data-lang="toml"># geode.toml [logging] # Log level: DEBUG, INFO, WARN, ERROR level = "INFO" # Output format: json or text format = "json" # Output destination: stdout, stderr, file output = "stdout" # File path (when output = "file") file = "/var/log/geode/geode.log" # File rotation settings rotate_size = "100MB" rotate_count = 10 rotate_compress = true # Include source location (file:line) include_caller = true # Include hostname include_hostname = true </code></pre></div> <h4 id="environment-specific-configuration" class="position-relative d-flex align-items-center group"> Environment-Specific Configuration <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="environment-specific-configuration" aria-haspopup="dialog" aria-label="Share link: Environment-Specific Configuration"> Share link </button> </h4>Development: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-toml" data-lang="toml">[logging] level = "DEBUG" format = "text" # Human-readable output = "stdout" include_caller = true </code></pre></div>Production: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-toml" data-lang="toml">[logging] level = "INFO" format = "json" # Machine-readable output = "file" file = "/var/log/geode/geode.log" rotate_size = "100MB" rotate_count = 30 rotate_compress = true include_caller = false # Reduce overhead </code></pre></div> <h4 id="per-component-log-levels" class="position-relative d-flex align-items-center group"> Per-Component Log Levels <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="per-component-log-levels" aria-haspopup="dialog" aria-label="Share link: Per-Component Log Levels"> Share link </button> </h4>Configure granular log levels for different subsystems: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-toml" data-lang="toml">[logging.levels] "geode.query" = "DEBUG" "geode.transaction" = "INFO" "geode.storage" = "WARN" "geode.network" = "INFO" "geode.security" = "INFO" </code></pre></div> <h3 id="log-levels" class="position-relative d-flex align-items-center group"> Log Levels <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="log-levels" aria-haspopup="dialog" aria-label="Share link: Log Levels"> Share link </button> </h3> <h4 id="debug" class="position-relative d-flex align-items-center group"> DEBUG <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="debug" aria-haspopup="dialog" aria-label="Share link: DEBUG"> Share link </button> </h4>Detailed diagnostic information for development and troubleshooting: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-json" data-lang="json">{ "level": "DEBUG", "logger": "geode.query.optimizer", "message": "Query plan generated", "query_id": "q-12847", "plan_type": "indexed_lookup", "estimated_cost": 125.4, "estimated_rows": 1250, "index_candidates": ["User.email", "User.created_at"], "selected_index": "User.email", "plan_json": "{...}" } </code></pre></div>Use Cases: <ul> <li>Understanding query optimization decisions</li> <li>Debugging application logic</li> <li>Analyzing execution paths</li> <li>Development and testing</li> </ul> <h4 id="info" class="position-relative d-flex align-items-center group"> INFO <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="info" aria-haspopup="dialog" aria-label="Share link: INFO"> Share link </button> </h4>General operational events indicating normal system behavior: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-json" data-lang="json">{ "level": "INFO", "logger": "geode.query.executor", "message": "Query executed successfully", "query_id": "q-12847", "duration_ms": 45.3, "rows_returned": 1250, "cache_hit": false } </code></pre></div>Use Cases: <ul> <li>Tracking query execution</li> <li>Monitoring transaction commits</li> <li>Connection lifecycle events</li> <li>Checkpoint completion</li> </ul> <h4 id="warn" class="position-relative d-flex align-items-center group"> WARN <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="warn" aria-haspopup="dialog" aria-label="Share link: WARN"> Share link </button> </h4>Warning conditions that don’t prevent operation but may require attention: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-json" data-lang="json">{ "level": "WARN", "logger": "geode.query.executor", "message": "Slow query detected", "query_id": "q-12847", "duration_ms": 1234.5, "threshold_ms": 1000, "query_text": "MATCH (n) RETURN n", "recommendation": "Add index or limit result set" } </code></pre></div>Use Cases: <ul> <li>Slow query detection</li> <li>Connection pool pressure</li> <li>Memory pressure warnings</li> <li>Configuration issues</li> </ul> <h4 id="error" class="position-relative d-flex align-items-center group"> ERROR <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="error" aria-haspopup="dialog" aria-label="Share link: ERROR"> Share link </button> </h4>Error conditions requiring immediate attention: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-json" data-lang="json">{ "level": "ERROR", "logger": "geode.transaction", "message": "Transaction failed to commit", "transaction_id": "tx-456", "error": "Serialization failure", "error_code": "40001", "retry_count": 3, "query_count": 5, "duration_ms": 2340, "stack_trace": "...", "user": "[email protected]" } </code></pre></div>Use Cases: <ul> <li>Transaction failures</li> <li>Connection errors</li> <li>Storage errors</li> <li>Authentication failures</li> </ul> <h3 id="log-categories" class="position-relative d-flex align-items-center group"> Log Categories <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="log-categories" aria-haspopup="dialog" aria-label="Share link: Log Categories"> Share link </button> </h3> <h4 id="query-logs" class="position-relative d-flex align-items-center group"> Query Logs <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="query-logs" aria-haspopup="dialog" aria-label="Share link: Query Logs"> Share link </button> </h4>Track query execution lifecycle: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-json" data-lang="json">// Query started { "level": "DEBUG", "logger": "geode.query", "message": "Query execution started", "query_id": "q-12847", "query_text": "MATCH (u:User {email: $email}) RETURN u", "parameters": {"email": "[email protected]"}, "user": "analyst" } // Query completed { "level": "INFO", "logger": "geode.query", "message": "Query execution completed", "query_id": "q-12847", "status": "success", "duration_ms": 45.3, "rows_returned": 1, "plan_cache_hit": true } // Query failed { "level": "ERROR", "logger": "geode.query", "message": "Query execution failed", "query_id": "q-12847", "error": "Syntax error near line 1", "query_text": "MATCHH (u:User) RETURN u", "position": 0 } </code></pre></div> <h4 id="transaction-logs" class="position-relative d-flex align-items-center group"> Transaction Logs <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="transaction-logs" aria-haspopup="dialog" aria-label="Share link: Transaction Logs"> Share link </button> </h4>Track transaction lifecycle: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-json" data-lang="json">// Transaction begin { "level": "INFO", "logger": "geode.transaction", "message": "Transaction started", "transaction_id": "tx-456", "isolation_level": "SERIALIZABLE", "user": "analyst" } // Transaction commit { "level": "INFO", "logger": "geode.transaction", "message": "Transaction committed", "transaction_id": "tx-456", "duration_ms": 2340, "queries_executed": 5, "rows_modified": 125 } // Transaction rollback { "level": "WARN", "logger": "geode.transaction", "message": "Transaction rolled back", "transaction_id": "tx-456", "reason": "Serialization failure", "duration_ms": 1850, "queries_executed": 3 } </code></pre></div> <h4 id="connection-logs" class="position-relative d-flex align-items-center group"> Connection Logs <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="connection-logs" aria-haspopup="dialog" aria-label="Share link: Connection Logs"> Share link </button> </h4>Track client connectivity: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-json" data-lang="json">// Connection established { "level": "INFO", "logger": "geode.connection", "message": "Client connected", "connection_id": "conn-789", "client_address": "192.168.1.100:54321", "client_type": "python", "client_version": "0.3.19", "tls_version": "TLS1.3" } // Connection closed { "level": "INFO", "logger": "geode.connection", "message": "Client disconnected", "connection_id": "conn-789", "duration_seconds": 3600, "queries_executed": 1247, "bytes_sent": 12458934, "bytes_received": 458723 } // Connection error { "level": "ERROR", "logger": "geode.connection", "message": "Connection failed", "client_address": "192.168.1.100:54321", "error": "TLS handshake failure", "error_code": "SSL_ERROR_HANDSHAKE_FAILURE" } </code></pre></div> <h4 id="security-logs" class="position-relative d-flex align-items-center group"> Security Logs <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="security-logs" aria-haspopup="dialog" aria-label="Share link: Security Logs"> Share link </button> </h4>Track authentication and authorization: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-json" data-lang="json">// Authentication success { "level": "INFO", "logger": "geode.security", "message": "User authenticated", "user": "[email protected]", "client_address": "192.168.1.100", "auth_method": "password", "session_id": "sess-abc123" } // Authentication failure { "level": "WARN", "logger": "geode.security", "message": "Authentication failed", "user": "[email protected]", "client_address": "192.168.1.100", "reason": "Invalid password", "attempts": 3 } // Authorization failure { "level": "WARN", "logger": "geode.security", "message": "Access denied", "user": "[email protected]", "action": "CREATE_GRAPH", "resource": "ProductionGraph", "required_permission": "graph:admin" } </code></pre></div> <h4 id="storage-logs" class="position-relative d-flex align-items-center group"> Storage Logs <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="storage-logs" aria-haspopup="dialog" aria-label="Share link: Storage Logs"> Share link </button> </h4>Track persistence operations: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-json" data-lang="json">// Checkpoint started { "level": "INFO", "logger": "geode.storage", "message": "Checkpoint started", "checkpoint_id": "ckpt-123", "wal_position": "00000001000000AB" } // Checkpoint completed { "level": "INFO", "logger": "geode.storage", "message": "Checkpoint completed", "checkpoint_id": "ckpt-123", "duration_ms": 15234, "bytes_written": 1073741824, "buffers_flushed": 131072 } // Disk space warning { "level": "WARN", "logger": "geode.storage", "message": "Low disk space", "filesystem": "/var/lib/geode", "bytes_available": 1073741824, "bytes_total": 107374182400, "usage_percent": 90 } </code></pre></div> <h3 id="log-analysis-techniques" class="position-relative d-flex align-items-center group"> Log Analysis Techniques <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="log-analysis-techniques" aria-haspopup="dialog" aria-label="Share link: Log Analysis Techniques"> Share link </button> </h3> <h4 id="using-jq-for-log-analysis" class="position-relative d-flex align-items-center group"> Using jq for Log Analysis <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="using-jq-for-log-analysis" aria-haspopup="dialog" aria-label="Share link: Using jq for Log Analysis"> Share link </button> </h4>Filter by level: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"># Show only errors jq 'select(.level == "ERROR")' /var/log/geode/geode.log # Show warnings and errors jq 'select(.level == "WARN" or .level == "ERROR")' /var/log/geode/geode.log </code></pre></div>Filter by time range: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"># Logs from last hour jq 'select(.timestamp > "2026-01-24T09:00:00Z")' /var/log/geode/geode.log # Logs within specific timeframe jq 'select(.timestamp >= "2026-01-24T09:00:00Z" and .timestamp <= "2026-01-24T10:00:00Z")' /var/log/geode/geode.log </code></pre></div>Analyze slow queries: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"># Queries over 1 second jq 'select(.logger == "geode.query" and .duration_ms > 1000) | {query_id, duration_ms, query_text}' /var/log/geode/geode.log # Top 10 slowest queries jq 'select(.logger == "geode.query") | {query_id, duration_ms, query_text}' \ /var/log/geode/geode.log | jq -s 'sort_by(.duration_ms) | reverse | .[0:10]' </code></pre></div>Group errors by type: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"># Count errors by message jq -r 'select(.level == "ERROR") | .message' /var/log/geode/geode.log | \ sort | uniq -c | sort -rn # Group by error code jq -r 'select(.level == "ERROR" and .error_code) | .error_code' \ /var/log/geode/geode.log | sort | uniq -c | sort -rn </code></pre></div>Track user activity: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"># Queries by user jq 'select(.logger == "geode.query") | {user, query_id}' \ /var/log/geode/geode.log | jq -r '.user' | sort | uniq -c | sort -rn # Failed authentications by user jq 'select(.logger == "geode.security" and .message == "Authentication failed") | {user, client_address, reason}' /var/log/geode/geode.log </code></pre></div> <h3 id="log-aggregation-and-centralization" class="position-relative d-flex align-items-center group"> Log Aggregation and Centralization <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="log-aggregation-and-centralization" aria-haspopup="dialog" aria-label="Share link: Log Aggregation and Centralization"> Share link </button> </h3> <h4 id="elasticsearch--kibana" class="position-relative d-flex align-items-center group"> Elasticsearch + Kibana <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="elasticsearch--kibana" aria-haspopup="dialog" aria-label="Share link: Elasticsearch &#43; Kibana"> Share link </button> </h4>Filebeat Configuration: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"># filebeat.yml filebeat.inputs: - type: log enabled: true paths: - /var/log/geode/*.log json.keys_under_root: true json.add_error_key: true json.message_key: message processors: - add_host_metadata: ~ - add_cloud_metadata: ~ - add_docker_metadata: ~ output.elasticsearch: hosts: ["elasticsearch:9200"] index: "geode-logs-%{+yyyy.MM.dd}" username: "elastic" password: "${ELASTICSEARCH_PASSWORD}" setup.kibana: host: "kibana:5601" </code></pre></div>Kibana Query Examples: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"># Slow queries level: "WARN" AND message: "Slow query" AND duration_ms > 1000 # Failed transactions level: "ERROR" AND logger: "geode.transaction" # User activity user: "[email protected]" AND logger: "geode.query" </code></pre></div> <h4 id="grafana-loki" class="position-relative d-flex align-items-center group"> Grafana Loki <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="grafana-loki" aria-haspopup="dialog" aria-label="Share link: Grafana Loki"> Share link </button> </h4>Promtail Configuration: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"># promtail.yml server: http_listen_port: 9080 grpc_listen_port: 0 positions: filename: /tmp/positions.yaml clients: - url: http://loki:3100/loki/api/v1/push scrape_configs: - job_name: geode static_configs: - targets: - localhost labels: job: geode __path__: /var/log/geode/*.log pipeline_stages: - json: expressions: level: level logger: logger timestamp: timestamp message: message query_id: query_id user: user - timestamp: source: timestamp format: RFC3339Nano - labels: level: logger: </code></pre></div>LogQL Queries: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"># All error logs {job="geode"} | json | level="ERROR" # Slow queries {job="geode"} | json | logger="geode.query" | duration_ms > 1000 # User activity rate rate({job="geode"} | json | user="[email protected]" [5m]) # Error rate by logger sum(rate({job="geode"} | json | level="ERROR" [5m])) by (logger) </code></pre></div> <h4 id="splunk" class="position-relative d-flex align-items-center group"> Splunk <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="splunk" aria-haspopup="dialog" aria-label="Share link: Splunk"> Share link </button> </h4>Inputs Configuration: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-ini" data-lang="ini"># inputs.conf [monitor:///var/log/geode/*.log] disabled = false index = geode sourcetype = geode:json </code></pre></div>Search Queries: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"># Slow queries index=geode level=WARN message="Slow query" | stats avg(duration_ms) by query_text # Error trends index=geode level=ERROR | timechart count by logger # Transaction failures index=geode logger="geode.transaction" level=ERROR | stats count by error </code></pre></div> <h3 id="logging-best-practices" class="position-relative d-flex align-items-center group"> Logging Best Practices <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="logging-best-practices" aria-haspopup="dialog" aria-label="Share link: Logging Best Practices"> Share link </button> </h3>Appropriate Log Levels: Use DEBUG sparingly in production to avoid performance impact and log volume explosion. Structured Fields: Use structured fields instead of string interpolation for queryable data. Sensitive Data Redaction: Avoid logging passwords, API keys, or personal data. Redact sensitive values automatically. Correlation IDs: Include trace IDs, request IDs, and query IDs for correlation across log entries. Contextual Information: Include user, client type, and other context in every log entry. Log Sampling: Sample high-volume DEBUG logs to reduce overhead while maintaining visibility. Retention Policies: Define appropriate retention periods based on compliance and operational needs (typically 7-90 days). Performance Impact: Monitor logging overhead and adjust levels if exceeding 5% CPU impact. Timezone Consistency: Use UTC timestamps consistently to avoid timezone confusion. <h3 id="related-topics" class="position-relative d-flex align-items-center group"> Related Topics <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="related-topics" aria-haspopup="dialog" aria-label="Share link: Related Topics"> Share link </button> </h3><ul> <li><a href="/tags/observability/" >System Observability</a> - Observability pillars</li> <li><a href="/tags/tracing/" >Distributed Tracing</a> - Request flow tracing</li> <li><a href="/tags/monitoring/" >System Monitoring</a> - Monitoring strategies</li> <li><a href="/tags/metrics/" >Performance Metrics</a> - Metrics collection</li> <li><a href="/tags/troubleshooting/" >Troubleshooting</a> - Debugging techniques</li> <li><a href="/tags/security/" >Security</a> - Security logging</li> </ul> <h3 id="further-reading" class="position-relative d-flex align-items-center group"> Further Reading <button type="button" class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1" data-share-target="further-reading" aria-haspopup="dialog" aria-label="Share link: Further Reading"> Share link </button> </h3><ul> <li>Structured Logging Best Practices</li> <li>Log Analysis Techniques</li> <li>Log Aggregation Platform Comparison</li> <li>Production Logging Patterns</li> <li>Compliance and Audit Logging</li> </ul>

Popular

Related Articles

Error Handling Guide