Flatten the Curve on Logs: The Top Five Log Processing Mistakes and How to Avoid Them

Written by Ron Favali

August 11, 2020

Is the log data you’re receiving from agents like Splunk and Elastic Beats generating enough value? If you’re like most, the answer is probably no. 

With existing machine data analytics tools, IT teams don’t have too many choices other than to index and store all log files for analysis if and when a problem occurs. The result of this approach? Massive amounts of waste. You live it every day. Nearly half of the IT Ops and Security Ops machine data you collect is wasted. 

Properly analyzing and indexing machine data creates enhanced visibility levels for any organization and maximizes the value of existing tools. Newer approaches help control costs by reducing the volumes of data and routing low-value data to less expensive destinations.

When first starting down this new approach, IT teams always run into a few roadblocks. Here are the top five most coming log processing mistakes they make and recommendations to avoid them. 


When first starting with log analysis, many teams set out to ingest as much log data as possible. Security teams have their priorities. IT teams care about other things. Developers are incentivized to log as much as they can. Ingesting too much data, or the wrong kind of data creates bloated log files filled with information that has little to no value. 

Not eating at all

When licenses start to reach capacity, the quick fix is to turn logs off.  The most often used approach is to sort by volume and turn off the most active. While one problem is solved, the costs come in troubleshooting. It will take IT teams more time to investigate issues.  

Never cleaning

Overeating leads to massive and dirty log files. Many times, log files contain repetitive data. Lambda logs, for example, include large JSON files of repeated sections. Cleaning out just one of these sections can result in massive savings.  

No traffic control

Very rarely are log files stored in the most appropriate location. Once events are processed, they need to be routed to the optimal destination.  Options, including NFS, S3, Kinesis, Kafka, and Splunk Indexer, have to be prioritized, balancing cost, availability, and length of time the data needs to be stored.

Ignoring the business

Newer tools help avoid these common mistakes and flatten the curve of logs by unlocking more value from your machine data. They give administrators control over their data, reduce low-value data, enrich more data with context, improve data routing, and secure data based on compliance and privacy mandates.

Emerging solutions can process log data before you pay to analyze it. This can help you determine:  

  • The data to send to an analytics tool to analyze now
  • Logs that can be aggregated into metrics
  • Data that should be stored and analyzed later if needed
  • Data that should be dropped altogether. 

 LogStream 2.2 is packed with new features that show you how to avoid these five common mistakes. Our Sandbox gives you access to a full, standalone instance of LogStream. If you want to take it to the next level, we offer the ability to ingest up to 5 TB of data per day at absolutely no cost to you.   

 Try it out and let us know what you think.

Questions about our technology? We’d love to chat with you.

So you're rockin' Internet Explorer!

Classic choice. Sadly, our website is designed for all modern supported browsers like Edge, Chrome, Firefox, and Safari

Got one of those handy?