A typical Docker environment consists of multiple containers, services, and host OS. Common log aggregators running on a Docker host can fail to collect logs by accessing the file system inside a container.
While it might be possible to find workarounds with open-source tools to view Docker container logs, most of these tools are not easy to scale. When searching through larger volumes, they can get painfully slow.
Configuring multiple open-source tools for log aggregation, search, and visualization may become problematic. Managing and shuffling between multiple tools can impede troubleshooting experience.
While Docker logging is a complex exercise, with multiple approaches that have their benefits and drawbacks, centralizing all logs in one place has an obvious advantage. SolarWinds? Loggly? allows you to aggregate all your logs so you can easily parse, analyze, and correlate data across your distributed stack and not just your containers.
This approach can help you achieve shorter MTTR (mean time to recovery), and improved application uptime and performance. As a cloud-based service with agentless architecture, Loggly makes it simple to collect logs using short scripts. Though there are multiple ways of sending Docker logs to Loggly, Loggly recommends using Docker Logging Driver for the purpose.
Traditional tools can fail to provide quick search results when searching through a large volume of logs. However, Loggly offers powerful search capabilities that help you get near-instant results. It allows you to inspect all events surrounding a critical event with a single click.
Loggly also automatically parses all incoming logs for supported data formats. It allows you to focus on specific logs of interest and filter out noise with its dynamic field explorer feature. This explorer provides a structured summary with a guided search experience. It significantly boosts your troubleshooting, as you don’t have to start your search with a blank console.
Loggly offers integrated charts and dashboards so that you don’t have to configure complex third-party tools for visual analysis. With multiple charts, you can visualize your search results and quickly spot any deviation from the norm.
The charts are extremely useful in anomaly detection, as threshold-based alerts can sometimes miss detecting troublesome patterns. You can also share your dashboard with your team members for easy collaboration. Further, Loggly integrates with common notification services (Slack, HipChat, etc.) and tools like Jira and GitHub, which can help improve your operational efficiency.