Intermediate Reading #structured-logs #json-logs #observability

Reading Structured Logs

5 exercises on reading JSON log entries — understand timestamp, level, service, message, and traceId fields; interpret severity levels; and correlate entries across microservices.

Structured log field guide
  • timestamp — ISO 8601 UTC time; read chronologically to trace event sequences
  • level — INFO (normal) / WARN (abnormal, not broken) / ERROR (failure) / FATAL (crash)
  • service — which microservice wrote this entry
  • traceId — links all log entries across services for one request
  • Extra fields carry business context (userId, lockDurationSeconds, etc.)
0 / 5 completed
1 / 5
📋 JSON Log Stream
{"timestamp":"2024-04-10T09:14:03.221Z","level":"INFO","service":"auth-service","message":"User login successful","userId":"u-8821","traceId":"abc-123-def"}
{"timestamp":"2024-04-10T09:14:07.554Z","level":"WARN","service":"auth-service","message":"Failed login attempt: invalid password","userId":"u-8821","traceId":"abc-124-ghi","attempt":2}
{"timestamp":"2024-04-10T09:14:09.102Z","level":"WARN","service":"auth-service","message":"Failed login attempt: invalid password","userId":"u-8821","traceId":"abc-125-jkl","attempt":3}
{"timestamp":"2024-04-10T09:14:10.887Z","level":"ERROR","service":"auth-service","message":"Account locked after 3 failed attempts","userId":"u-8821","traceId":"abc-126-mno","lockDurationSeconds":900}
{"timestamp":"2024-04-10T09:14:11.003Z","level":"ERROR","service":"api-gateway","message":"Downstream auth-service returned 423 Locked","traceId":"abc-126-mno","upstreamStatus":423}
Read the JSON log stream. A user reports they cannot log in. Which log entry most directly explains why, and what is the root cause?