Practice log analysis vocabulary: searching recent errors, identifying error spikes with timestamps, saved searches, dashboard log volume, and correlating errors with deployments.
0 / 5 completed
1 / 5
During triage an engineer runs a query: 'Show me all ___ in the last 30 minutes.' What are they searching for?
'Searching for errors in the last 30 minutes' is a standard first step in incident triage — filtering the log aggregator to show only error-level entries within the incident window to understand what is failing and where.
2 / 5
The incident timeline notes: 'The ___ in 500s started at 14:32.' What pattern are they describing?
A spike in 500 errors is a sudden increase in HTTP 500 (Internal Server Error) responses. Identifying the exact start time (14:32) is critical for correlating the spike with a deployment, configuration change, or infrastructure event.
3 / 5
The team creates a ___ search for the authentication error pattern so they can reuse it during future incidents.
A saved search in a log aggregator (Kibana, Grafana, Splunk) stores a query — filters, field selections, and time range settings — so it can be executed instantly. Saving common investigation queries reduces mean time to resolution during incidents.
4 / 5
The ___ dashboard shows log volume by service, making it easy to see which service is generating the most noise.
A log volume dashboard charts the number of log entries (or error entries) per service over time. Unusual spikes in log volume from a specific service are often the first visible symptom of an incident before alerts fire.
5 / 5
Post-incident analysis shows: 'The error ___ with deployment X.' What does this finding mean?
'The error correlates with deployment X' means the spike in errors began at the same time as a specific deployment, making that deployment the prime suspect for the root cause. Correlation does not prove causation — but it focuses the investigation.