0

Iā€™m looking for a tool that will allow me to explore and query/search in logs from service fabric written in etl format. I tried to use MessageAnalyzer but it was loading long time and hangs, second tool windows logs explorer but after conversion to evtx logs looks like below and are useless for me:

- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="Microsoft-ServiceFabric" Guid="{cbd93bc2-71e5-4566-b3a7-595d8eeca6e8}" /> 
  <EventID>65534</EventID> 
  <Version>1</Version> 
  <Level>0</Level> 
  <Task>65534</Task> 
  <Opcode>254</Opcode> 
  <Keywords>0xffffffffffffff</Keywords> 
  <TimeCreated SystemTime="2018-08-17T14:11:30.484723000Z" /> 
  <EventRecordID>11534</EventRecordID> 
  <Correlation /> 
  <Execution ProcessID="14332" ThreadID="5124" ProcessorID="3" KernelTime="9" UserTime="63" /> 
  <Channel /> 
  <Computer>Machine Name</Computer> 
  <Security /> 
  </System>
- <ProcessingErrorData>
  <ErrorCode>15003</ErrorCode> 
  <DataItemName /> 
  <EventPayload>0101005B69002C006F6E3D223022206C657..74656D706C6174653D22537461727441735072696D61727941726773222F3E0D0A20203C6576656E742076</EventPayload> 
  </ProcessingErrorData>
  </Event>

I saw that on Azure (https://channel9.msdn.com/Events/dotnetConf/2018/S208 0 on 35 minute) there is option to use Application Insights to query result. Is there any tool that allow me to do this locally?

Diego Mendes
  • 10,631
  • 2
  • 32
  • 36
dnf
  • 1,659
  • 2
  • 16
  • 29

1 Answers1

2

I generally use PerfView for most ETW Log analysis. It provides very good filter capabilities on the raw files without need to convert the logs to any format other format, also is very lightweight to process huge log files.

The Good side of using Tools like Log Analytics on OMS or Application Insights is that it provides advanced features like Alerting, Aggregation and SQL like queries on these same events. Also, after setup, you don't have to handle large log files(generally in the hosted on a Blob storage) to find logs for the application.

For Development, PerfView does the job, for production analysis I would recommend you go for OMS or AppInsights.

The only downside from LogAnalitics is that the events are not shown in real time, it takes a few minutes before you can see then in the portal, but is still faster than finding and copying the files for analysis on PerfView or other tools.

Diego Mendes
  • 10,631
  • 2
  • 32
  • 36
  • I will take a look at PerfView - in topic of Log analytics and Application insights remember that I have SF on premise (not in Azure). Can I still use those tools somehow on our local clusters? ā€“ dnf Sep 28 '18 at 11:45
  • Yes you can, the same way you would do on azure. Just have to configure the cluster 'WadCfg' with the AppInsights settings, like described here: https://learn.microsoft.com/en-us/azure/service-fabric/service-fabric-diagnostics-event-analysis-appinsights ā€“ Diego Mendes Sep 28 '18 at 12:46