Event logs

Reading time: 0 minute(s) (0 words)

Event logs allow access and review log information generated for your SLOs, SLOs with Replay, and SLI analyzer.

Prerequisites

Event logs are supported for all data sources except for Splunk Observability, provided that your required data source is added with the direct connection method.

To use event logs, activate them for the required data source on the Nobl9 Web or using sloctl.

Event logs appear under the data source details page. Logs are recorded for every failed data retrieval attempt for SLOs based on this data source and failed SLI analyses for this data source.

• Currently, it records error-level logs only
• Nobl9 stores event logs for five days. Older logs are automatically deleted
• You can view up to 10 000 event logs per data source and up to 50 event logs per page

Event logs and RBAC

The following RBAC rules apply to the event logs feature:

• Organization admins can activate, turn off, view, and filter event logs
• Project owners and Project editors can view and filter event logs

Turning event logs on and off

Nobl9 Web

To activate event logs:

1. Go to Integrations > Sources.

2. Click the required data source connected with the direct method in the list to open its details.

3. Open LOGS. Click ACTIVATE LOGS:

Image 1: Activating event logs in the UI

To turn off event logs:

1. Go to Integrations > Sources.

2. Click the required data source connected with the direct method in the list to open its details.

3. Open LOGS. Click Turn off logs:

Image 2: Turning off event logs in the UI

In some cases, Nobl9 can automatically turn off event logs. Should this happen, contact Nobl9 support for assistance.

sloctl

Directs with the log collection support accept the logCollectionEnabled field (boolean) in their YAML definition.

To turn on log collection, set logCollectionEnabled to true:

A fragment of YAML definition for a direct connection with event logs activated

- apiVersion: n9/v1alpha
  kind: Direct
  metadata:
    displayName: My data source connected with the direct method
    name: my-data-source
    project: default
  spec:
    [...] # Source-specific fields
    [...] # Historical data retrieval parameters
    logCollectionEnabled: true

To turn off log collection, set logCollectionEnabled to false:

A fragment of YAML definition for a direct connection with event logs deactivated

- apiVersion: n9/v1alpha
  kind: Direct
  metadata:
    displayName: My data source connected with the direct method
    name: my-data-source
    project: default
  spec:
    [...] # Source-specific fields
    [...] # Historical data retrieval parameters
    logCollectionEnabled: false

Viewing event logs

On your data source details page, go to the LOGS tab. Here you find this data source's logs recorded for every failed data retrieval attempt in the following cases:

• SLOs based on this data source
  Displays how many SLOs are affected under the # of Affected SLOs column
• Failed SLI analyses for this data source
  Since SLI analyzer doesn't involve SLOs, its error logs show 0 under the # of Affected SLOs column

Image 3: Event logs recorded

Organization admins, Project owners and Project editors can filter the logs for a given data source by a single SLO and search for a text string from the log content:

Image 4: Filtering event logs in the UI

Related links

For a more in-depth look, consult additional resources:

TroubleshootingtroubleshootingNobl9 adds tools to make SLO queries more efficientExternalResilience first: A customer success strategy for Nobl9External