Posted On: Aug 4, 2022
Amazon OpenSearch Service, with the availability of OpenSearch 1.3., now gives customers the ability to organize their logs, traces and visualizations in an application-centric view. Customers can also benefit from enhanced log monitoring support with live tailing of logs, the ability to see surrounding log data, and the ability to do powerful ad-hoc analysis of unformatted log data at query time.
Currently, developers managing observability data from multiple applications have no insights into their application context. They have to analyze logs and traces in separate interfaces, and use filters to limit scope to their application of interest, making it more difficult to correlate log and trace data. With the new application analytics interface, customers can now bring together logs, metrics and trace data under a configurable application context that simplifies the correlation and analysis of these data points. Customers can also set up multiple application views and visualize the relevant logs and traces in one place. Application views also make it easy to correlate logs and traces with new OpenTelemetry TraceID correlation capabilities. Users can set thresholds for application availability, receive alerts and drill into the details of application behavior across traces and logs. Please see the documentation for more information on application analytics.
Today, developers interested in going beyond log analysis to log monitoring must use external tools for log tailing and log surround. Log tailing allows users to see a continuously updated stream of log data without having to manually refresh their view. Log surround means users no longer have to manually determine which events are connected because contextual information is accessible with a single click. This release supports log tailing and log surround features to help users cut down on root cause analysis (RCA) time.
This release also addresses the limitations users face when querying data that was not structured during ingestion. Developers can now conduct ad-hoc analysis by creating fields in their indexed data with the new Piped Processing Language (PPL) Parse() command (combined with regex to query unstructured data). For more information, please see PPL documentation for PPL Parse.