Log Analysis

In this article: To start using log analysis, you just need to:
  1. Click ( before v4.0) at right of window to switch to Log Analysis panel.
  2. Click button at top-right of panel.
There are 4 type of log analysis supported by ULogViewer:

Creating Log Analysis Rule Set or Script

Create New One

  1. Click at top-right of panel.
  2. Click [Create] in the popup.
  3. Select which type of rule set or script you want to create.

Import Existing One

  1. Click at top-right of panel.
  2. Click [Import…] in the popup.
  3. Select a JSON file to import. The type of rule set or script will be recognized automatically.
  4. View and edit the rule set or script you want to import.
  5. Click [OK] to import or [Cancel] to abort import.
⬆️ Back to top

Applying Rule Sets or Scripts to Analyze Logs

  1. Click button at top-right of panel.
  2. To select rule sets or scripts:
    • Click to select rule set or script to apply.
    • Click with Ctrl (⌘ on macOS) or Shift (⇧ on macOS) pressed to toggle multiple rule sets or scripts to apply.
    • Click [Clear selection] in the popup to clear all selected rule sets and scripts.
⬆️ Back to top

Result of Log Analysis

Results generated by log analysis will be listed in separated side panel. You can click on result in panel to jump to related log.

Type of Result

The followings are type of result listed from the highest priority to the lowest:
  • Error
  • Warning
  • Start of Operation
  • End of Operation
  • Increasev3.0+
  • Decreasev3.0+
  • Steadyv3.0+
  • Fastv3.0+
  • Slowv3.0+
  • Checkpoint
  • Time span
  • Performance
  • Frequencyv3.0+
  • Trendv3.0+
  • Information
  • Skipped Operationv3.0+
  • Debugv3.0+
An icon will be shown at left hand side of the log according to the priority of type of result related to the log.

Relation between Result and Log

0~3 logs can be related to each analysis result:
  • Beginning Log
    The log which represents the beginning of range described by result.
  • Ending Log
    The log which represents the end of range described by result.
  • Log
    The log represents the result.
When clicking on result in side panel, a related log will be selected in the order of "Beginning Log, Log, Ending Log" then jump to it. If clicking (or double-clicking if the result has already been selected) on result with Alt (⌥ on macOS) pressed, a related log will be selected in the order of "Ending Log, Log, Beginning Log" then jump to it.
⬆️ Back to top

Key Log Analysis

Find log with specific text pattern and level. One or more rules can be defined for each rule set of key log analysis. All its rules will be apply once the rule set has been selected.

Pattern

You need to define text pattern to find key log for each rule. You can use text pattern to capture value from log text for further usage.
Example pattern:
Current CPU usage: (?<CpuUsage>\d+\.\d+)%
Please refer to here for details about capturing values by Regular Expression.

Message of Analysis Result

An analysis result will be generated with custom message when a log is matched by pattern. You can use {name} to write value captured by pattern or property of log to message.
Example:
CPU usage: {CpuUsage}%
Please refer to Name of Log Properties for valid name of log properties.
⬆️ Back to top

Operation Duration Analysis

Find operation marked by specific starting and ending logs and calculate the duration of it. One or more rules can be defined for each rule set of analysis. All its rules will be apply once the rule set has been selected.
Operation duration analysis is a contextual-based analysis which means that:
  • The order of each log analysis will be same as log listed in viewer.
  • You can generate and use custom states to find the log you want.

Beginning and Ending of Operation

Identifying the Log

Each rule defines an operation with beginning and ending log. a valid beginning/ending log will be identified by the following steps:
  1. Match text of log with specific pattern. Drop the log if text of log is not matched. Some text may be captured as variables by pattern.
  2. Perform user defined actions to handle captured variables as well as variables captured before.
  3. Check with user defined conditions on specific variables. Drop the log if one of conditions is not matched.
  4. Perform user defined actions to handle captured variables as well as variables captured before.

Pairing Beginning and Ending Log

Operations with same type may be started and ended in various order, so how to pair beginning and ending log is not an easy job. Once an ending log has been identified, analyzer will try finding its beginning log in user defined order:
  • First in, first Out.
  • First in, last Out.
If there is no extra conditions defined then the first found beginning log will be paired. Or you can define one or more variables to match the beginning log to be paired.
For example, if you define the following variables for log pairing:
  • ProcessId
  • Tag
Meaning that both beginning and ending log should have ProcessId/Tag variables, and values should be same for each variable. The beginning log will be found and paired in user defined order and mentioned condition.

Message of Analysis Result

An analysis result will be generated with customizable message when an operation is found. You can use {name} to write variables to message just like rule of Key Log Analysis.
⬆️ Back to top

Operation Counting Analysisv3.0+

Find operation marked by specific text pattern and level, then count number of operations for each given time frame. One or more rules can be defined for each rule set of analysis. All its rules will be apply once the rule set has been selected.
Operation counting analysis is a contextual-based analysis which means that:
  • The order of each log analysis will be same as log listed in viewer.

Pattern

You need to define text pattern to find the log of operation. You can use text pattern to capture value from log text for further usage. Please refer to Key Log Analysis for more details about pattern of rule.

Interval to Count Operation

Interval of each time frame to count number of operations. Time frame(s) will be merged into one empty time frame if there is no operation in it, and new time frame will be started at next operation.
The followings are example time frames generated for analysis results:
  • Time frame 1: 3 operations
  • Time frame 2: 5 operations
  • Time frame (Empty)
  • Time frame 3: 2 operations

Message of Analysis Result

An analysis result will be generated with customizable message when an operation is found. You can use {name} to write variables to message just like rule of Key Log Analysis.
⬆️ Back to top

Log Analysis Script

Write script to analyze logs according to your requirement completely. There are 3 languages you can use to create log analysis script:
⬆️ Back to top

See Also

⬆️ Back to top