LoggingThe Ultimate Guide

your open-source resource for understanding, analyzing, and troubleshooting system logs

curated byloggly


Analyzing Node Logs

Analyzing millions of log lines from a production server can be quite difficult. Command line tools are nice for looking a logs streaming by on a console when doing development.  However, when analyzing production logs there are higher volumes of data, and you need automated tools to query and summarize the logs. If the data is in the Apache log format such as Morgan logs, it’s slightly easier to analyze with Unix command line tools. If the data in in JSON format, you need an analysis tool that understands JSON as Winston or a log management solution. We give examples of several types of analysis tools below.

Command Line Tools

Command line tools are nice for viewing a live tail of logs during development, or for quick, one-off type analysis using grep. If the log data is in the Apache combined format (as described in “Request Logging with Morgan”), you can parse the logs using Unix command line tools like grep. We have several examples in the Apache guide on Using Unix Command Line Tools. If the logs are in JSON format, it’s harder to analyze with grep. One popular open source tool is called jq, which is described in Parsing Java Logs in JSON.


Winston provides a simple method to query log entries, in addition to creating logs. The following code snippet is the foundation that will be used to query logs. Ensure that Winston is initialized with the proper transport locations prior to executing this code. You can read the section “Request Logging with Morgan” to learn how to configure it with Winston.

Winston queries log information using the method winston.query(). The first parameter is a JSON object of the options used for searching. In this example, we are searching through the log entries from the last 24 hours (by setting the from and until parameters). The limit parameter sets the number of log entries to return. This value will vary by specific case. The search will start at the beginning (start parameter) and return results in descending order (order parameter). The fields parameter tells Winston what specific log information to return. This value will vary by specific case. If there were no errors, the returned log entries can then be queried and analyzed.

Log Management Solutions

Log management tools often can natively parse and analyze logs in both JSON and Apache combined format. They can give you quick summaries that allow you to visualize large sets of data, which simplifies the process of analyzing logs and keeping up with what’s happening on your site. Here are some dashboards that are set up to visualize important trends.

  • Timeline Chart tells you if there is an unexpected increase in traffic or error rate by status code.Screen-Shot-2015-02-11-at-3.30.08-PM-700x262
  • Area Chart tells you if response times are slow due to servers getting overloaded or new code deployments. In the trend view, select Timeline Chart and a numeric field of json.responseTime; the operator is Average or Max.graph
  • Pie Chart tells you if traffic issues are overwhelmingly caused by one client or a small number of clients.Screen-Shot-2015-02-11-at-1.58.41-PM1
  • Bar Chart tells you which URIs have the most errors.Screen-Shot-2015-02-11-at-3.30.18-PM-700x254
  • Table tells you which uncaught exceptions occur most often.


Written & Contributed by




This guide will help software developers and system administrators become experts at using logs to better run their systems. This is a vendor-neutral, community effort featuring examples from a variety of solutions

Meet Our Contributors Become a contributor