Logfalcon - Universal Log Management

Examples

Application Support Team

Support staff spend a large proportion of their day looking at log files during fault investigations and often have to deal with a wide range of potential problems. Locating, viewing and analyzing the log files in their raw form is a time-consuming and error-prone task which frequently needs to be escalated to other staff. Below is an example of how Logfalcon can help support staff dramatically reduce fault investigation times, while also minimising the need for escalations:

John is a member of the support team supporting an order-management system. The team recently started using Logfalcon and very quickly setup a number of objects and screens in Logfalcon to cover most of their most common support calls. In addition, they use Logfalcon to easily search and navigate through various files during complex investigations.

• Search screen: John frequently receives supports calls related to problems with orders and is usually given an “Order Id”, which he uses to perform one or more pre-set searches in Logfalcon. These searches are object-based and can reveal the reasons for problems immediately, which could be due to a combination of events. Even if an Order Id is not provided John can quickly locate the order through Logfalcon using attributes such as the approximate time of order or order size or even through a simple text search.

• Charting: CPU / Memory / Hard Disk space of the application servers are charted in a time plot so that any potentially troublesome trends are detected and prevented from occurring. The moving average of the latency of the system is also monitored.

• Alerting: Occasionally the system can reject an incoming order. As the system receives thousands of orders a day, it is impossible to investigate all of these and many are resubmitted by the users anyway. However, the management is concerned with the potential loss of business of large orders. John is using Logfalcon to receive alerts whenever an order with a value exceeding 1000 has been rejected.

• Dashboard: Many of the above screens are combined in a real-time dashboard that John keeps open on his second displays throughout the day.