Log analysis service recommendation>

Hi there,
we are running NodeRED on Docker on IntelNUC in a farm, mostly unencumbered by local IT skills. Thus we are looking for a log analysis service - preferably deployable as container. NodeRED writes the logs to stdout and docker picks them up and writes them to the host's system log.

We tried sematext, but their log parser couldn't make much sense of NodeRED's logs. I tried to configure it, but it didn't work out.

So my question: what log management service plays nice with NodeRED? (and in extension: can your config be shared)?

What logs are you talking about? I assume something custom? If so, maybe consider moving from a log format to something more structured such as InfluxDB which you could use Grafana with in order to show output.

There are probably thousands of ways of dealing with your issue but you really need to give us more to go on.

Yeah - I realize my question was "overly blur". Let me try to be more specific. Following the log recommendation of the 12 factor app, we just send anything to console which in return send it to stdout

Instead, each running process writes its event stream, unbuffered, to stdout .

So I have a rojak of messages I control and arbitrary error messages from faulty code (like trying to access undefined) dealing with unexpected data.

Some of it is like good old trace:

Trace
    at /usr/src/node-red/node_modules/node-red-contrib-cloudantplus/cloudantplus.js:172:27
    at /usr/src/node-red/node_modules/node-red-contrib-cloudantplus/cloudantplus.js:332:13
    at Object.clientCallback (/usr/src/node-red/node_modules/nano/lib/nano.js:203:16)

and gems like

{
C06426B267AC: {
        deviceId: e[32m'C06426B267AC'e[39m,
        deviceTimestamp: e[32m'2022-11-21T08:06:33.000Z'e[39m,
        timestamp: e[32m'2022-11-21T08:06:33.939Z'e[39m
      }
}

The actual format on disk looks like this:

{"log":"    vary: \u001b[36m[Function (anonymous)]\u001b[39m\n","stream":"stdout","time":"2022-11-21T09:49:28.385781163Z"}
{"log":"  }\n","stream":"stdout","time":"2022-11-21T09:49:28.385785376Z"}
{"log":"}\n","stream":"stdout","time":"2022-11-21T09:49:28.38578888Z"}

Broken down line by line

Messy, isn't it. Is any of the log-services smart enough to make sense out of it?

Well, your 12-factor app doesn't quite work here since the "app" is not your flow but node-red itself. Node-RED does follow that approach though and you certainly have the ability to throw your own custom messages out to the node-red log. Even the debug node allows that. You could also make use of a logging node:

As to formats and log aggregators making sense of the format, certainly various aggregators will make sense of JSON formats (well stringified versions anyway) but in your examples, you have included terminal colour codes which will throw everything off. Also, you've included newlines which you should remove because any log aggregator will see each line as a log entry typically, you are just making things harder to parse. In addition, a raw trace output in the format you have used is not easily parsed and is certainly a different format again. Your log outputs need to be consistent if you want another tool to make sense of it all.

However, this brings us back to the key question - what are you trying to achieve - you've not yet really made that clear. For example, if you want to end up with a "single pane view" of all logs on your systems, you will need something such as the Elastic Stack since you will need to be able to analyse and make sense of multiple log formats (each log needs a consistent format but multiple logs may have different formats).

But if you simply want to keep track of what is happening in Node-RED, write to node-red's log. You can create specialist output logs from Node-RED's log by specifying a suitable function in settings.js. I do this when developing uibuilder for example since I sometimes want trace-level logging but only for uibuilder itself.

On the other hand, if you are only interested in logging what your flow is doing, you should use something more easily accessible which might be as simple as pushing some key metrics to specific MQTT topics or, more comprehensively, push metrics to InfluxDB for analysis using Grafana.

And if you get into InfluxDB (a timeseries db which is great for using with Node-RED), you could also use the related Telegraf app which is capable of parsing logs and updating InfluxDB as well (it can also output to MQTT - I do both).