Logs
Logs are most effective when used to explain a metric anomaly, not replace it.
Logging standards
Section titled “Logging standards”- Use structured logs with consistent fields.
- Include request IDs, tenant/workload identifiers, and severity.
- Avoid logging secrets or sensitive payloads.
Investigation workflow
Section titled “Investigation workflow”- Start from metric anomaly timeframe.
- Filter logs by namespace/workload.
- Correlate error spikes with deploys/events.
- Confirm the first clear causal error.
High-signal fields
Section titled “High-signal fields”levelservicenamespacetrace_idor request correlation ID- stable error code/class