Introducing Live Tail

by Deepa Ramachandra on June 30, 2021

At observIQ, we pride ourselves on delivering simple log management solutions with powerful functionalities. We’re excited to announce the addition of Live Tail to the observIQ feature suite. Live Tail emulates the terminal experience, giving you the ability to analyze, visualize and debug live – all in a single place. Never worry about the outcome of your deployment. Live Tail lets you troubleshoot, react, and assess issues across all of your deployments in real-time. Watch your logs stream as they are ingested; easily narrow down the results with a simple search and dynamic filter options. Read on for a deep dive into this cool new addition and see how you can make the most of it. 

How does Live Tail Work? 

  • You can view logs as they are ingested. With the ability to stream, pause, or stop streaming logs at the click of a button, you don’t have to be at the edge to respond to an event of concern.  No separate terminals and no toggling between interfaces – you do it all within your observIQ account on a single interface.
  • You can search and isolate logs of events that interest you such as errors, processing failures, access denials, etc. Use simple Lucene queries or the various filter options to find specific logs. Alternatively, you can have search terms highlighted on logs as they are ingested to isolate and identify logs.
  • Scroll up or down and have the play/pause options automatically mirror your actions, with scrolling up pausing the stream and scrolling down continuing to play the stream
  • View the rate at which your logs are being ingested and streamed
  • Collaborate with your engineering team, allowing them to troubleshoot application, deployment, and production issues without disrupting performance.
  • Navigate to Live Tail based on your search and filter options from “Discover” or choose to live tail logs from a specific agent under Fleet.

 

What can you do with Live Tail?

  • Collaborate: As a DevOps engineer managing a deployment, you’ll feel better with the power and autonomy to control your deployment as it happens instead of reacting after a breakdown occurs. Give your engineering, IT, and DevOps teams access to live tail to see how deployments pan out in real time across all your machines. 
  • Gauge the efficiency of hardware additions to your network through Live Tail.
  • If you notice an event that is out of the ordinary occurring at specific times, use live tail to see what’s causing it.
  • Get an aggregated view of all the events in your Kubernetes applications, making it easier to narrow down to the root causes for errors in your applications, which could impact performance for the rest of your cluster.
  • Collaboration for troubleshooting in real time between an application engineer and a DevOps engineer has never been easier. Both users access a single console and view a single instance of the live stream of logs from the application, without any communication delays or disconnects.
  • Isolate application requests from a complete application stack or the entire pipeline

Live tail logs, Log management

Live Tailing Kubernetes, a quick shoutout

Open Source Tools

At observIQ, we love and run on Kubernetes ourselves. Prior to implementing Live Tail, we utilized several open-source tools to help simplify tailing in Kubernetes. Tailing logs from multiple pods, containers, and deployments can be challenging without one of these tools. Here’s a quick list of tools that we would recommend checking out:

Open Sources Tools

Kail:

https://github.com/boz/kail

Kubetail:

https://github.com/johanhaleby/kubetail

Stern:

https://github.com/wercker/stern

Live Tailing Kubernetes with observIQ

observIQ makes streaming logs from single or multiple deployments, namespaces, containers, pods (and more), incredibly simple with dynamic filters. An example of this would be, for an updated adservice deployment and to trigger a rolling update, with Live Tail you can see that:

  • The new replica set is created indicating a successful deployment and the time at which the deployment was completed. 
  • The new replicaset’s pods are successfully created and started
  • The healthchecks (liveness and readiness probes) failed before the pod became “healthy”
  • The old replicaset is removed

Doing all this tracking on the command-line would have been cumbersome.

In the screen capture below you can see that while updating checkoutservice the healthchecks failed enough times to trigger a restart of the replicaset, this means that the old replicaset failed to be deleted because the new deployment failed. This is captured very vividly in Live Tail.

 

In observIQ, Live Tail is for Everyone

Every observIQ user has access to Live Tail. Just as with all other observIQ features, such as built-in Dashboards, Alerts, and Sources, Live Tail is available in all of our plans, free and paid alike. If you’re an existing observIQ, Live Tail is available now. Head over to the ‘Live Tail’ page – you can start streaming your logs immediately. Don’t have an observIQ account yet?  Head over to our signup page and sign up for a free trial. If you have any questions along the way, reach out to our well-informed support team, they have answers for all of your log management questions. 

Sign Up for the observIQ Cloud Beta

Download the Splunk Solution Brief

Sign Up to receive updates on our products

observIQ Support

For support on observIQ Cloud, please contact:

support@observIQ.com

For the Open Source Log Agent, community-based support is available on our:

GitHub Repository

Sign Up for Our Newsletter