Skip to main content
Sumo Logic

Use Log Overlay to Analyze Metrics Visualizations

 

Metrics visualizations give you a clear picture of WHAT is happening in your environment. By adding log overlays to your metrics visualizations, you can investigate WHY behavior is occurring and what corrective action might be called for. Log overlays help you correlate the performance shown in your metrics visualizations with logged events that could be responsible for changes in behavior. 

For example, if your metrics visualization shows booking failures and successes for your online travel site and you notice a sudden increase in failed bookings, you can add a log overlay query on *error* to the visualization to identify and investigate the error messages associated with the spike.

How log overlay works

The Query tab on the Metrics page includes a log overlay query area below the metrics query area. 

log overlay query.png
 

Specify a log query, which must include one or more selectors (filters). Selectors can be either of the following:

  • Sequence of space-separated tag=value pairs. 
    Example: 
    _sourceCategory=*/travel/checkout
  • Unqualified strings (value with no key).
    Example:
    *error*

The visualization is refreshed to show an orange log overlay bar at the top of the chart area.

Log overlay orange bar.png

The log overlay bar consists of individual vertical bands that represent log messages for message intervals. The relative number of messages is represented by the intensity of the orange color (deeper orange = more messages).

Because the intervals for metrics collection might not correspond exactly to the intervals for log collection, the vertical bars might be offset slightly from the associated metrics in the visualization.  

For additional information about the log messages in the log overlay bar:

  • Hover over a band in the bar to see the associated message count and interval.

     
  • Click a band in the bar to open the Log Messages tab and display the messages associated with the log query.
    Log overlay messages.png
     
  • Press Shift then click to open the Search page with the log query and interval populated and the search results shown. You can troubleshoot the problem as you would for any search results. To return to the metrics visualization, press the Back button on your browser.