The number in this case is a community of more than 25,000 users of log management and analytics.  A collection of smart individuals and businesses from the small to the very, very large who have all turned to Logentries to centralize and analyze their logs data.

This is not just a random group of people, but a very technical community with a common core requirement: the need to process their log data, extract critical information and be alerted in real-time when possible issues arise.

So how about using the Logentries community of 25,000 users to make your product better? Imagine the possibility of reaching out to these technical individuals and getting their feedback on the best approaches to monitor and analyze your machine data.

The exciting news is that we have done this for you! The Logentries team has anonymously aggregated data from across our global community. We were very careful to protect the privacy of this information, and believe this is a great resource for best practices for log management and analytics. We have identified some of the most popular activities and behaviors and then extracted deep insights that will help you to optimize your use of the Logentries service and improve your performance and user experience.

Initially, we looked at the most common log types that exist across the user base — “Web Logs” —  and have pulled out the top patterns that users look for in these logs.

We have broken these up into the top 3 usage types

  • Generic patterns which can be applied to any web log
  • Tomcat specific patterns that relate to Tomcat instances
  • IIS logs which are running a ASPX/ASP web application framework

And here they are. You can easily pull these tags into your Logentries account here.

Using these patterns in your Logentries Tags enables you to be proactive instead of reactive and catch the error before it impacts users. Use the knowledge that we have extracted from our community to know what is happening across your systems and applications, improving the quality and service you deliver to your customers.

Common errors across all web servers to watch for:

500 server errors – when one of your servers has an issue.

"/HTTP\\/1\\.[01]\\\"\\s+5[0-9]{2}/"

400 server errors – when the clients are having issues communicating with your web server.

"/HTTP\\/1\\.[01]\\\"\\s+4[0-9]{2}/"

204 server errors – when your server sends nothing back to your clients.

"/HTTP\\/1\\.[01]\\\"\\s+204/"

General exceptions or errors being sent back to your user

"\" ERROR \" OR /Exception/i"

If some of your users are trying to gain access to locations they shouldn’t

"/directory index of .* is forbidden/"

Possible SQL queries being injected into your users request

"/^\s*(SELECT|DELETE)/"

Common Tomcat errors to watch for:

The good old reliable null pointer exception.

"/NullPointerException"

Enable Tomcat to Monitor your disk and cpu load and then alert from them.

"load>80" AND "disk>=80"

A common Tomcat and mySQL error to watch for. With Tomcat and MySQL being a common pairing it’s not uncommon to get exceptions on the JDBC connection. This is often due to the connection pooling.

"MySQLNonTransientConnectionException"

One of the most common generic java errors to appear on tomcat is the out of memory error.

"java.lang.OutOfMemoryError"

Make sure you catch a common error that can happen when deploying a new war file to your tomcat instance.

"java.util.zip.ZipException"

IIS errors usually as a result of ASPX or ASP issues.

The Microsoft JET database engine error is another one of those common little errors that seems to occur with classic ASP based applications.

"80004005"

On occasions it may turn out that ASP.net was not completely installed during the IIS set-up and so after your deploy you may get the following error.

"Error 500.21"

If you try to load a 32-bit application onto a 64bit system a common exception error you would receive would be.

"0x8007000B"

Occasionally the IIS service W3wp.exe can crash causing your application to fail, keep an eye out for this with the pattern below.

"0xc00000fd"