Skip to content
SuperDev SuperDev Docs

Log Investigation Techniques

Log Investigation Techniques

Section titled “Log Investigation Techniques”

These are the things that make a hard bug tractable, and that turn a noisy log stream into clean evidence you can hand the agent.

Saved Filter Rules

Section titled “Saved Filter Rules”

An inline filter is for the moment. A rule is for the project. When a filter combination keeps proving useful, save it.

  • Save as rule / Save from current filter turns the active filter into a named, reusable rule.
  • A rule has a name, keywords, a type (Include / Exclude), and a logic (AND / OR).
  • Rules live with the project. Click a rule to enable / disable it; manage rules to edit the set.

Build a small library — e.g. an “noise out” exclude rule and an “errors only” include rule — and toggle them per investigation instead of retyping keywords.

Evidence Pins

Section titled “Evidence Pins”

Pins are how you turn raw logs into a report for the agent (or a teammate). They are the unit of evidence.

  • Pin a log line; add a note (“supplement for the agent”) to say why it matters.
  • Time sync aligns other panels to a pinned line’s timestamp, so split panels line up on the same moment.
  • Copy with cursor, copy Markdown, or export .md to take the pins, notes, and context out.

The evidence drawer organizes pins four ways, scoped to current / selected / all:

  • Timeline — all pins across panels (tracks), in time order.
  • Pinned — the flat list of pinned lines and their notes.
  • Segments — two adjacent pins in the same panel automatically form a segment, a bounded window of logs between them. This is how you capture a reproduction window: pin the start, pin the end, and the span between is yours to keep or skip per segment, then export. There is no separate “start / stop recording” — two pins make the window.
  • Preview — the Markdown bundle you are about to copy or export.

The payoff: instead of pasting a wall of logs to your agent, you paste a tight Markdown bundle of pinned lines with notes and aligned timestamps. That is evidence the agent can reason about — see Evidence before cause.

Section titled “Cross-service Trace Search”

One request crosses many services. A Search tab ties them back together: search by traceID, open the trace context, and copy the cross-service path. This is its own workflow — see Cross-service search.

Hand It To The Agent

Section titled “Hand It To The Agent”

Every technique here ends the same way: you produce a bounded, annotated artifact — a saved rule’s output, a pin segment, a pin bundle, a trace context — and give it to the agent. The agent reasons over evidence, not over a guess. Keep the loop tight: Self-healing loop.