Build Log Analysis query configurations with saved views, alerts, exclusion rules, and archiving.
Last verified: May 2026
Build Log Analysis query configurations with saved views, alerts, exclusion rules, and COS archiving.
Required Fields
instanceNameviewsOutput will appear here...Log Analysis ingestion has crept up to $2,000/month — far more than the engineering team expected. You audit the log volume by source, find that health-check probes account for 40% of ingestion, and add exclusion rules to drop them at the agent. Next month's ingestion is half. You also build saved views for the top error patterns so on-call doesn't need to remember query syntax during incidents.
IBM Log Analysis (powered by LogDNA) is the cloud-native log aggregation service for IBM Cloud workloads, with a query language, alerting, archiving, and exclusion rules. The IBM Log Analysis Query Builder produces views (saved queries), alert definitions, exclusion rules, and archiving configurations. Output is JSON-ready for the IBM Log Analysis API and configuration-as-code for the alerts.
The builder collects the Log Analysis instance, query definitions (with the LogDNA query syntax: hosts, apps, levels, search terms), saved view names, alert thresholds, exclusion rules, and archive bucket configuration. Output is JSON suitable for direct API submission and a `terraform` block that wires the configuration into the Log Analysis instance.
Tag log lines with structured fields (service, env, request_id) at the application layer. Searching unstructured logs is slow and error-prone; structured logs make the query language actually useful.
Set alert sensitivity to match your tolerance for false alarms. An alert that pages on a single error log line will burn out your on-call rotation; an alert that requires 50 error log lines in 5 minutes catches real problems without false positives.
Was this tool helpful?
Disclaimer: This tool runs entirely in your browser. No data is sent to our servers. Always verify outputs before using them in production. AWS, Azure, and GCP are trademarks of their respective owners.