Log Management and Analytics use cases

• 2min
• Updated on May 28, 2024

The following use cases show just some of the ways you can use Log Management and Analytics to leverage your log data.

Observe cloud network traffic with logs

In this use case, you need to use VPC Flow logs to monitor and analyze incoming HTTP(S) traffic to your Virtual Private Cloud (VPC) in Amazon Web Services (AWS).

Use logs in context to troubleshoot issues

In this use case, you need to do proactive health and performance check of the apps running on maintained cluster and learns about errors in logs that are caused by another component.

Investigate security incidents in Kubernetes clusters

Incident response

In this use case, you work with Security Investigator to analyze unauthorized requests in your Kubernetes audit logs. See how you can manage and reuse the evidence gathered during the investigation, navigate between executed queries while maintaining investigation in context, and get a detailed overview of your results in the original format.

Analyze AWS CloudTrail logs

Incident response

In this use case, you work with Security Investigator to analyze CloudTrail event data, monitor and identify your AWS account activity against security threats and potential deviations from normal activities.

Analyze Amazon API Gateway access logs

Incident response

In this use case, you work with Security Investigator to monitor and identify errors in your Amazon API Gateway access logs.

Detect threats against your AWS Secrets

Incident response

In this use case, you work with Security Investigator to monitor and identify potential threats against your AWS Secrets by analyzing CloudTrail logs.

Resolve team dependencies

In this use case, you create a Log Analysis Dashboard that takes care of identifying bugs from logs, as well as grouping, triaging, and distributing to a bug tracker that clarifies ambiguous responsibilities and interdependencies.

Real-time advanced observability with logs and DQL

In this use case, you want to observe mission-critical information over time found in your logs that are sent using log ingest API.

Control log query costs using Retention with Included Queries

In this use case, you use the DPS capability Retain with Included Queries to control and predict log consumption.

Set up Davis alerts based on events

Using Davis events based on logs you will get immediate alerts once the log record you define is ingested.

Set up Davis alerts based on metrics

Using a combination of metrics based on logs and Davis anomaly detectors, you can use the power of different Davis analyzers to address use cases from simple threshold-based alerting to seasonal baselines.