reading-logs
$
npx mdskill add rileyhilliard/claude-essentials/reading-logsSearch and filter logs to pinpoint errors quickly.
- Helps debug incidents by narrowing large files before reading.
- Depends on grep utilities and glob patterns for filtering.
- Decides content by prioritizing severity and time windows.
- Delivers concise summaries instead of raw log dumps.
SKILL.md
.github/skills/reading-logsView on GitHub ↗
--- name: reading-logs description: Analyzes logs efficiently through targeted search and iterative refinement. Use when investigating errors, debugging incidents, or analyzing patterns in application logs. --- # Reading Logs **IRON LAW:** Filter first, then read. Never open a large log file without narrowing it first. ## Delegation For log files over a few hundred lines, delegate to the `@ce:log-reader` agent. It runs on haiku to keep costs low and context clean. Prompt it with: - What to investigate (error text, time window, correlation IDs) - Which log files or directories to search - The `scripts/` utilities available (see [Utility Scripts](#utility-scripts) below) The agent has this skill preloaded, so it already knows the methodology. Keep your prompt tight and specific - don't paste log contents into the delegation message. ## Core Principles 1. **Filter first** - Search/filter before reading 2. **Iterative narrowing** - Start broad (severity), refine with patterns/time 3. **Small context windows** - Fetch 5-10 lines around matches, not entire files 4. **Summaries over dumps** - Present findings concisely, not raw output ## Tool Strategy ### 1. Find Logs (Glob) ```bash **/*.log **/logs/** **/*.log.* # Rotated logs ``` ### 2. Filter with Grep ```bash # Severity search grep -Ei "error|warn" app.log # Exclude noise grep -i "ERROR" app.log | grep -v "known-benign" # Context around matches grep -C 5 "ERROR" app.log # 5 lines before/after # Time window grep "2025-12-04T11:" app.log | grep "ERROR" # Count occurrences grep -c "connection refused" app.log ``` ### 3. Chain with Bash ```bash # Recent only tail -n 2000 app.log | grep -Ei "error" # Top recurring grep -i "ERROR" app.log | sort | uniq -c | sort -nr | head -20 ``` ### 4. Read Last Only after narrowing with Grep. Use context flags (`-C`, `-A`, `-B`) to grab targeted chunks. ## Investigation Workflows ### Single Incident 1. Get time window, error text, correlation IDs 2. Find logs covering that time (`Glob`) 3. Time-window grep: `grep "2025-12-04T11:" service.log | grep -i "timeout"` 4. Trace by ID: `grep "req-abc123" *.log` 5. Expand context: `grep -C 10 "req-abc123" app.log` ### Recurring Patterns 1. Filter by severity: `grep -Ei "error|warn" app.log` 2. Group and count: `grep -i "ERROR" app.log | sort | uniq -c | sort -nr | head` 3. Exclude known noise 4. Drill into top patterns with context ## Red Flags - Opening >10MB file without filtering - Using Read before Grep - Dumping raw output without summarizing - Searching without time bounds on multi-day logs ## Utility Scripts For complex operations, use the scripts in `scripts/`: ```bash # Aggregate errors by frequency (normalizes timestamps/IDs) bash scripts/aggregate-errors.sh app.log "ERROR" 20 # Extract and group stack traces by type bash scripts/extract-stack-traces.sh app.log "NullPointer" # Parse JSON logs with jq filter bash scripts/parse-json-logs.sh app.log 'select(.level == "error")' # Show error distribution over time (hourly/minute buckets) bash scripts/timeline.sh app.log "ERROR" hour # Trace a request ID across multiple log files bash scripts/trace-request.sh req-abc123 logs/ # Find slow operations by duration bash scripts/slow-requests.sh app.log 1000 20 ``` ## Output Format 1. State what you searched (files, patterns) 2. Provide short snippets illustrating the issue 3. Explain what likely happened and why 4. Suggest next steps
More from rileyhilliard/claude-essentials
- architecting-systemsGuides clean, scalable system architecture during the build phase. Use when designing modules, defining boundaries, structuring projects, managing dependencies, or preventing tight coupling and brittleness as systems grow.
- configuring-claudeBest practices for writing Claude Code skills, rules, and CLAUDE.md instructions. Use when creating SKILL.md files, authoring .claude/rules, writing CLAUDE.md project or user instructions, or configuring Claude behavior for a project or team.
- fixing-flaky-testsDiagnose and fix tests that pass in isolation but fail when run concurrently. Covers shared state isolation and resource conflicts. References condition-based-waiting for timing issues.
- handling-errorsPrevents silent failures and context loss in error handling. Use when writing try-catch blocks, designing error propagation, reviewing catch blocks, or implementing Result patterns.
- managing-databasesGuides database architecture decisions for PostgreSQL, DuckDB, Parquet, PGVector, and Neo4j. Use when designing schemas, choosing storage strategies, optimizing queries, tuning maintenance, configuring vector search, modeling graph data, or diagnosing performance issues across OLTP, OLAP, similarity search, and graph workloads.
- managing-pipelinesGuides CI/CD pipeline architecture, security hardening, and deployment strategies for GitHub Actions. Use when designing workflows, securing supply chains, optimizing build performance, configuring deployments, managing infrastructure as code pipelines, or setting up pipeline observability.
- migrating-codeSafe code migrations with backward compatibility and reversibility. Use when upgrading dependencies, changing database schemas, API versioning, or transitioning between technologies.
- optimizing-performanceMeasure-first performance optimization that balances gains against complexity. Use when addressing slow code, profiling issues, or evaluating optimization trade-offs.
- planning-productsDefines product features from a PM perspective before technical planning begins. Use when scoping new features, writing product specs, defining user problems, choosing what to build, researching existing patterns, or bridging the gap between strategy and implementation. Covers JTBD analysis, competitive research, UX/DX experience definition, and scope negotiation for consumer, B2B, and developer tool products.
- preflight-checksDetect and run project linters, formatters, and type checkers before committing or claiming completion. Auto-detects tools from project config files.