Parse and analyze application logs to identify errors, patterns, and insights.
Analyze application logs to identify errors, patterns, and performance issues. Use this when you need to parse log files, find error spikes, or troubleshoot incidents based on log data.
/plugin marketplace add CuriousLearner/devkit/plugin install devkit@devkit-marketplaceThis skill inherits all available tools. When active, it can use any tool Claude has access to.
Parse and analyze application logs to identify errors, patterns, and insights.
You are a log analysis expert. When invoked:
Parse Log Files:
Analyze Patterns:
Generate Insights:
Provide Recommendations:
{
"timestamp": "2024-01-15T10:30:00.000Z",
"level": "error",
"message": "Database connection failed",
"service": "api",
"userId": "12345",
"error": {
"code": "ECONNREFUSED",
"stack": "Error: connect ECONNREFUSED..."
}
}
192.168.1.1 - - [15/Jan/2024:10:30:00 +0000] "GET /api/users HTTP/1.1" 500 1234 "-" "Mozilla/5.0..."
2024-01-15 10:30:00 ERROR [UserService] Failed to fetch user: User not found (ID: 12345)
at UserService.getUser (user-service.js:45:10)
at async API.handler (api.js:23:5)
## Top 10 Errors (Last 24h)
1. **Database connection timeout** (1,234 occurrences)
- First seen: 2024-01-15 08:00:00
- Last seen: 2024-01-15 10:30:00
- Peak: 2024-01-15 09:15:00 (234 errors in 1 min)
- Affected services: api, worker
- Impact: High
2. **User not found** (567 occurrences)
- Pattern: Regular distribution
- Likely cause: Normal user behavior
- Impact: Low
3. **Rate limit exceeded** (345 occurrences)
- Source IPs: 192.168.1.100, 10.0.0.50
- Pattern: Burst traffic
- Impact: Medium
## Error Timeline
08:00 - Normal operations (5-10 errors/min)
09:00 - Database connection errors spike (200+ errors/min)
09:15 - Peak error rate (234 errors/min)
09:30 - Database connection restored
10:00 - Return to normal (8-12 errors/min)
## Correlation
- Traffic increased 300% at 09:00
- Database CPU at 95% during incident
- Connection pool exhausted
## Response Times (from logs)
**Average**: 234ms
**P50**: 180ms
**P95**: 450ms
**P99**: 890ms
**Slow Requests** (>1s):
- /api/search: 2.3s avg (45 requests)
- /api/reports: 1.8s avg (23 requests)
**Fast Requests** (<100ms):
- /api/health: 5ms avg
- /api/status: 12ms avg
@log-analyzer
@log-analyzer app.log
@log-analyzer --errors-only
@log-analyzer --time-range "last 24h"
@log-analyzer --pattern "database"
@log-analyzer --format json
# Log Analysis Report
**Period**: 2024-01-15 00:00:00 to 2024-01-15 23:59:59
**Log File**: /var/log/app.log
**Total Entries**: 145,678
**Errors**: 2,345 (1.6%)
**Warnings**: 8,901 (6.1%)
---
## Executive Summary
- **Critical Issues**: 3
- **High Priority**: 8
- **Medium Priority**: 15
- **Overall Health**: ⚠️ Degraded (Database issues detected)
### Key Findings
1. Database connection pool exhaustion at 09:00-09:30
2. Rate limiting triggered for 2 IP addresses
3. Slow query performance on search endpoint
4. Memory leak warning in worker service
---
## Critical Issues
### 1. Database Connection Pool Exhaustion
**Severity**: Critical
**Occurrences**: 1,234
**Time Range**: 09:00:00 - 09:30:00
**Impact**: Service degradation, failed requests
**Error Pattern**:
Error: connect ETIMEDOUT Error: Too many connections Error: Connection pool timeout
**Root Cause Analysis**:
- Traffic spike (300% increase)
- Connection pool size: 10 (insufficient)
- Connections not being released properly
- No connection timeout configured
**Recommendations**:
1. Increase connection pool size to 50
2. Implement connection timeout (30s)
3. Review connection release logic
4. Add connection pool monitoring
5. Implement circuit breaker pattern
**Code Fix**:
```javascript
// Increase pool size
const pool = new Pool({
max: 50, // was: 10
min: 5,
acquireTimeoutMillis: 30000,
idleTimeoutMillis: 30000
});
// Ensure connections are released
try {
const client = await pool.connect();
const result = await client.query('SELECT * FROM users');
return result;
} finally {
client.release(); // Always release!
}
Severity: Critical First Detected: 06:00:00 Pattern: Memory usage increasing 50MB/hour
Evidence:
06:00 - Memory: 512MB
09:00 - Memory: 662MB
12:00 - Memory: 812MB
15:00 - Memory: 962MB (WARNING threshold)
Likely Causes:
Recommendations:
Severity: High Endpoint: /api/search Occurrences: 45 requests Average Response: 2.3s (target: <500ms)
Slow Query Examples:
2024-01-15 10:15:23 WARN [SearchService] Query took 2,345ms
SELECT * FROM products WHERE name LIKE '%keyword%'
Rows examined: 1,234,567
Recommendations:
Severity: High Affected IPs: 2 Requests Blocked: 345
Details:
IP: 192.168.1.100 (245 blocked requests)
IP: 10.0.0.50 (100 blocked requests)
| Endpoint | Avg | P50 | P95 | P99 | Max |
|---|---|---|---|---|---|
| /api/users | 123ms | 95ms | 230ms | 450ms | 890ms |
| /api/search | 2,300ms | 1,800ms | 4,500ms | 6,200ms | 8,900ms |
| /api/posts | 156ms | 120ms | 280ms | 520ms | 780ms |
| /api/health | 5ms | 4ms | 8ms | 12ms | 25ms |
{
"timestamp": "2024-01-15T10:30:00.000Z",
"level": "error",
"requestId": "req-abc-123",
"service": "api",
"userId": "12345",
"endpoint": "/api/users",
"method": "GET",
"statusCode": 500,
"duration": 234,
"error": {
"code": "DB_CONNECTION_ERROR",
"message": "Database connection failed",
"stack": "..."
}
}
## Analysis Techniques
### Regular Expression Patterns
```bash
# Find all errors
grep -E "ERROR|Exception|Failed" app.log
# Extract timestamps and errors
grep "ERROR" app.log | awk '{print $1, $2, $4}'
# Count error types
grep "ERROR" app.log | cut -d':' -f2 | sort | uniq -c | sort -nr
# Find slow requests
awk '$7 > 1000 {print $0}' access.log # Response time > 1s
# Errors per hour
awk '{print $1" "$2}' app.log | cut -d':' -f1 | uniq -c
# Peak error times
grep "ERROR" app.log | cut -d' ' -f2 | cut -d':' -f1 | sort | uniq -c | sort -nr
This skill should be used when the user asks to "create a slash command", "add a command", "write a custom command", "define command arguments", "use command frontmatter", "organize commands", "create command with file references", "interactive command", "use AskUserQuestion in command", or needs guidance on slash command structure, YAML frontmatter fields, dynamic arguments, bash execution in commands, user interaction patterns, or command development best practices for Claude Code.
This skill should be used when the user asks to "create an agent", "add an agent", "write a subagent", "agent frontmatter", "when to use description", "agent examples", "agent tools", "agent colors", "autonomous agent", or needs guidance on agent structure, system prompts, triggering conditions, or agent development best practices for Claude Code plugins.
This skill should be used when the user asks to "create a hook", "add a PreToolUse/PostToolUse/Stop hook", "validate tool use", "implement prompt-based hooks", "use ${CLAUDE_PLUGIN_ROOT}", "set up event-driven automation", "block dangerous commands", or mentions hook events (PreToolUse, PostToolUse, Stop, SubagentStop, SessionStart, SessionEnd, UserPromptSubmit, PreCompact, Notification). Provides comprehensive guidance for creating and implementing Claude Code plugin hooks with focus on advanced prompt-based hooks API.