Collect Ruby on Rails Logs
When collecting more complex application logs, like those generated by Ruby on Rails (RoR) applications, you must complete a few essential steps to make sure that your logs are ingested and parsed correctly.
Set up a Ruby on Rails (RoR) Log Source
RoR generates multiline log entries, which require a few extra steps to configure. The essential elements are the log file path, the time zone, and the multiline setup.
-
Install a Collector on the machine running your application.
-
Create a Local File Source. Then, under File Path, input the log path specified for
config.log_path
.noteBy default Rails uses
log/#{environment}.log
(e.g.log/development.log
orlog/production.log
). -
Enable timestamp parsing. If your logs do not contain a time zone as part of the timestamp, you will need to specify the time zone of the messages. Make sure to set the time zone correctly. Misconfigured time zones can cause problems. For example, in searches, data will appear to be in the future. And in Dashboards, no data will be displayed.
-
Enable multiline processing. To do this, under Boundary Regex, enter what the first line of your RoR log looks like. Typically (depending on your configuration and platform) it will begin with with the words "Starting" or "Processing". Check your logs to confirm. Enter the string
^Processing.*
or^Starting.*
. -
If you have configured your RoR logs to output something like the date before "Starting" or "Processing", you will need to match that as well. For example,
^\[[0-9/:\s]+\]\s+Processing.*
. -
Click Save.
-
Verify that the logs are being ingested. In the main Sumo Logic menu, select Manage Data > Collection > Status.
-
If you do not see any data coming in after 2-3 minutes, check that your file path is correct, that the Sumo Logic Collector has read access to the logs, and that your time zone is configured correctly.
Parsing RoR Logs
Once you have ingested the logs, parsing is straightforward. Your logs might look something like this:
[29514] [07-10-13 12:54] :
Processing SomeComponent#show (for 111.111.111.111 at 2013-07-10 12:54:19) [GET]
[29514] [07-10-13 12:54] : Parameters: {"slug"\>"2013/7/7/4502012/someurl", "action"\>"show", controller"\>"somecomponent"}
[29514] [07-10-13 12:54] : Rendering template within layouts/somecomponent
[29514] [07-10-13 12:54] : Rendering somecomponent/article
[29514] [07-10-13 12:54] : Completed in 934ms (View: 850, DB: 75) | 200 OK [http://www.somecompany.com/someurl]
[31594] [07-10-13 12:54] :
:::
For that format, you could do a search query like this:
```sql
_sourceCategory=*RoR* | parse "Completed in *ms (View: *, DB: *) | * OK" as totalTime,viewTime,dbTime,returnCode | timeslice by 1m | avg(totalTime) as avgTotalTime by _timeslice
For the latest information on Ruby on Rails, see http://guides.rubyonrails.org/.