Skylv Log Aggregation

SKILL.md

---
description: Aggregate and search logs from all your services in one place. Find errors, spot anomalies, debug faster — no SSH into individual servers.
keywords: log aggregation, log analysis, log search, centralized logging, error tracking, debugging, monitoring
name: log-aggregation
triggers: logs, log search, error logs, debug logs, log analysis, centralized logs, find in logs
---

# log-aggregation

> All your logs in one place. Search across services, find errors instantly, spot anomalies before they become outages — no SSH needed.

## What It Does

- **Collect logs** — From files, stdout, syslog, Docker, cloud services
- **Search** — Full-text search with filters and time ranges
- **Parse** — Auto-detect formats, extract fields (JSON, Apache, custom)
- **Aggregate** — Group by service, level, time bucket
- **Alert** — Trigger on error rate spikes, specific patterns
- **Export** — To files, SIEM systems, or dashboards

---

## Quick Start

```bash
# 1. Collect logs from your app
collect logs from /var/log/myapp/*.log

# 2. Search for errors
search error logs from last hour

# 3. Find specific pattern
search logs containing "payment failed" from today

# 4. Check error rate
get error count per minute from last 30 minutes
```

---

## Common Use Cases

### 🐛 Debug Production Issue
```bash
# User reported error at 2:30 PM
search logs containing "user_id=12345" from 2:00 PM to 2:45 PM

# Find the stack trace
search logs containing "Exception" after "user_id=12345"
```

### 🚨 Monitor Error Spikes
```bash
# Check error rate
get error count per minute from last hour

# Set up alert
alert when error rate exceeds 10 per minute

# Alert on specific pattern
alert when logs contain "OutOfMemoryError"
```

### 📊 Analyze Performance
```bash
# Find slow requests
search logs containing "duration > 1000ms" from today

# Group by endpoint
aggregate logs by request_path calculate avg(duration)
```

### 🔍 Security Audit
```bash
# Find failed logins
search logs containing "login failed" from last 7 days

# Check for suspicious patterns
search logs containing "SELECT *" or "DROP TABLE" from last 24 hours
```

---

## All Commands

| Command | Purpose |
|---------|---------|
| `collect logs from <path>` | Ingest log files |
| `search logs <query>` | Full-text search |
| `get error count` | Count errors by time |
| `aggregate logs by <field>` | Group and summarize |
| `alert when <condition>` | Create alert rule |
| `export logs to <file>` | Download results |
| `parse logs as <format>` | Set parser format |
| `tail logs from <service>` | Live log streaming |

---

## Supported Log Sources

**Files**: `/var/log/*.log`, rotating logs, compressed archives

**Docker**: Container stdout/stderr

**Cloud**: AWS CloudWatch, GCP Logging, Azure Monitor

**Syslog**: Local and remote syslog

**Applications**: Node.js, Python, Java, Go loggers

---

## Requirements

- Node.js 18+
- Optional: Elasticsearch or Loki for large-scale storage
- Optional: Grafana for visualization