Real-Time Logs and Quick Troubleshooting Through Real-Time Events

Real-time logs and easy troubleshooting with Azion's Real-Time Events.

Nick Sandoval - Product Marketing Manager
Tiago Krebs - Technical Engineering Manager
Vivian Seixas - Technical Researcher
Real-Time Logs and Quick Troubleshooting Through Real-Time Events

The success of a company today is intrinsically linked to the infrastructure used to host its applications. Also, the need to know what’s going on in advance and possibly avoid major problems before they happen is indisputable. That’s why real-time data is critical for deep and powerful visibility.

Among the observability products that Azion offers, there’s an essential solution for getting a deep, granular view of what’s happening with your applications and content: Real-Time Events.

What is Real-Time Events?

Real-Time Events is a module of Edge Analytics – our suite of observability products – that obtains logs from our global edge network instantly and allows you to view data from your Azion products and services in real time. With it, you can explore the information generated by your applications, in addition to running queries, whether simple or complex, to track events and investigate what is happening.

It’s often necessary to identify application-related inappropriate behavior or event-level security issues in real time – and that’s where logs come in. The logs provide information on all events recorded on your network, so you can granularly investigate abnormalities and act immediately to resolve potential issues.

That’s why Azion created Real-Time Events, a simple tool that makes it easy to access your Azion product logs. There are millions of events received per second and, despite that, it’s possible to select what interests you most through various filters that restrict the query to specific periods of time.

Image with top real-time logs use cases

Key Benefits of Real-Time Logs

Image with benefits of real-time logs

How Does Real-Time Events Get the Logs?

To deliver your logs, we use the following structure:

Image with real-time log delivery flow

How to Use Real-Time Events?

There are numerous troubleshooting possibilities with Real-Time Events, and the most common are:

  • HTTP errors responded by the backend application
  • High response times
  • Excessive requests coming from a given IP

Let’s say you visualized in Real-Time Metrics (our observability tool that provides real-time information about applications and content) the section that gives information about your traffic by status code, and want to know as soon as possible why there was a spike of 5XX errors in the last hour. Just go to Real-Time Events, add a filter to get details of all 5XX errors, the time period you want to investigate, and granularly view the indicators of those errors.

And how do you have access to your logs? It’s quite simple:

1. At the Real-Time Manager dashboard, click on the Products menu on the top left corner.

2. Select Real-Time Events. You will see the following fields:

  1. Data Sources
  2. Time Filter
  3. Filter by
  4. Refresh

3. That’s it! Now you just have to enter the information and view your logs.

Check out in this video how fast and simple it is!

About Real-Time Events Fields

1. Data Sources

The first step to explore your data is choosing the Data Source, which represents the Azion product or service that generated the events.

When submitting a search, the Data Source represents the index from where you want to collect data.

Azion provides the following Data Sources:

Data Stream

If you have contracted the Data Stream product, this data source will display the event records of sending the data to your endpoints.

Edge Applications

It displays the data from requests made to your Edge Applications at Azion.

Edge Functions

Edge Functions lets you build edge-native applications or add functionality to your origin applications with event-driven functions. It is built using Azion Cells, our core technology designed for low-memory consumption, reliability, and speed.

Edge Pulse

If you are using the Azion Pulse in your Edge Applications, the Edge Pulse data source will display the performance data measured from the user’s browser (RUM).

WAF

If you have contracted the Web Application Firewall product, the WAF Events data source will display the requests analyzed by WAF to allow you to map the score assigned to the request, the WAF rules that matched, the reason for the block and more.


2. Time Filter

Real-Time Events keeps the events from the last 72 hours. The Time Filter allows you to refine the event search result, and is selected by default for Last 15 minutes, but you can change the scope of the search by selecting:

  • Last 15 minutes
  • Last 30 minutes
  • Last 1 hour
  • Last 3 hours
  • Last 6 hours
  • Last 12 hours
  • Last day
  • Last 2 days
  • Last 3 days

Note: Using the Custom field, you can also customize your search by selecting a time range during the last 72 hours.


3. Filter by

In the Filter by field, you can optionally filter your search results using a keyword or phrase.

When submitting a search with a blank Filter by field, you will get all existing records in the Data Origin, for the selected time filter.

The searches are restricted to a particular field, using the notation: key='value', such as status='200'. In this case, you will filter only the records which have these specified pair, value and key. As key, you can use any variable from the tables above, but note that each Data Source has its own list of variables.

You may search for more complex field compositions. Use the notations AND, OR and NOT in the search field to combine the fields, such as status='200' AND scheme='https'.

The Filter by field uses SQL language, therefore you must use “equals” (=) after the key and “single quotes” ( ‘ ) around values, for example: status='200'.

If you intend to search for a more generic value, you can use the “like” operator instead of “equals”, exactly like you use in SQL queries. The final query for this search can be host like '%mydomain%'.

Depending on the size of our data, the query limit may exceed, if this happens, please filter by a short time filter.


4. Refresh

The search always returns the results ordered by the time of the event, from the most recent to the oldest.

Você pode utilizar o botão Refresh para atualizar os dados retornados, repetindo a última busca realizada.

You can use the Refresh button to update the returned data, repeating the last search performed.

Want to know the complete Real-Time Events documentation? Click here.

The Best of Observability With Azion

Observability is one of Azion’s fundamental pillars and we take all the solutions that help us face everyday’s challenges very seriously. If you want to know what Azion can do for your business, contact our sales team or create a free account and start using Real-Time Events today.

Subscribe to our Newsletter