Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
zkmon 8 hours ago

> Logs were designed for a different era. An era of monoliths, single servers, and problems you could reproduce locally. Today, a single user request might touch 15 services, 3 databases, 2 caches, and a message queue. Your logs are still acting like it's 2005.

Logs are fine. The job of local logs is to record the talk of a local process. They are doing this fine. Local logs were never meant to give you a picture of what's going on some other server. For such context, you need a transaction tracing that can stitch the story together across all processes involved.

Usually, looking at the logs at right place should lead you to the root cause.

otterley 7 hours ago | parent | next [-]

One of the points the author is trying to make (although he doesn't make it well, and his attitude makes it hard to read) is that logs aren't just for root-causing incidents.

When properly seasoned with context, logs give you useful information like who is impacted (not every incident impacts every customer the same way), correlations between component performance and inputs, and so forth. When connected to analytical engines, logs with rich context can help you figure out things like behaviors that lead to abandonment, the impact of security vulnerability exploits, and much more. And in their never-ending quest to improve their offerings and make more money, product managers love being able to test their theories against real data.

ivan_gammel 7 hours ago | parent [-]

It’s a wild violation of SRP to suggest that. Separating concerns is way more efficient. Database can handle audit trail and some key metrics much better, no special tools needed, you can join transaction log with domain tables as a bonus.

otterley 7 hours ago | parent [-]

Are you assuming they're all stored identically? If so, that's not necessarily the case.

Once the logs have entered the ingestion endpoint, they can take the most optimal path for their use case. Metrics can be extracted and sent off to a time-series metric database, while logs can be multiplexed to different destinations, including stored raw in cheap archival storage, or matched to schemas, indexed, stored in purpose-built search engines like OpenSearch, and stored "cooked" in Apache Iceberg+Parquet tables for rapid querying with Spark, Trino, or other analytical engines.

Have you ever taken, say, VPC flow logs, saved them in Parquet format, and queried them with DuckDB? I just experimented with this the other day and it was mind-blowingly awesome--and fast. I, for one, am glad the days of writing parsers and report generators myself are over.

ivan_gammel 6 hours ago | parent [-]

Good joke.

venturecruelty 8 hours ago | parent | prev | next [-]

>Today, a single user request might touch 15 services, 3 databases, 2 caches, and a message queue.

Not if I have anything to say about it.

>Your logs are still acting like it's 2005.

Yeah, because that's just before software development went absolutely insane.

holoduke 8 hours ago | parent | prev [-]

APN/Kibana. All what I need for inspecting logs.

devmor 7 hours ago | parent [-]

Shoutout to Kibana. Absolutely my favorite UI tool for trying to figure out what went wrong (and sometimes, IF anything went wrong in the first place)