By Chris Tozzi
APM or Log Management? If you deploy and manage an application, these are the two key techniques available to you for helping to ensure that the application meets availability and performance expectations. One of them is application performance management, or APM, though you can also find it referred to as ‘application performance monitoring’ or simply ‘tracing’. The other is log analytics and management.
It may be tempting to assume that you need only one or the other in order to keep your application running healthfully. But that is not the case. To understand why let’s explore the differences and similarities between APM and log management, and why you need both to gain the greatest level of visibility.
What is APM?
Put simply, APM is the art and science of ensuring that an application both remains available and responds to user requests within an acceptable amount of time. (More broadly speaking, APM can also involve goals such as optimizing code or reducing infrastructure costs, but we’ll stick to the simpler definition for now.)
APM tools help to achieve these goals by monitoring metrics such as whether an application or service is responding at all, how quickly it is responding and how much memory, network bandwidth or CPU time it is consuming.
APM encompasses a variety of different techniques and approaches. Depending on which types of APM tools you use, and which features you leverage within them, your APM strategy could include processes such as:
- Real user monitoring, or RUM, which uses actual user data to assess the health of an application. Real User Monitoring is a type of monitoring technology for digital businesses that analyzes customers’ digital experiences by looking at how online visitors are interacting with a website or application, analyzing everything from page load events to AJAX requests to Apdex Score and frontend application crashes. Learn more in What is RUM or Real User Monitoring? Real user monitoring is also known as End-user experience monitoring (EUEM) or Digital experience monitoring (DEM) and as such it’s a part of APM (see RUM vs. APM to learn more and get the most of your RUM solution). Looking for a comprehensive RUM solution? Sign up today to receive an exclusive BETA invite to Sematext Experience.
- Synthetic monitoring, which relies on synthetic interactions to monitor an application.
- Network monitoring, which analyzes network traffic as a way of monitoring application availability and performance.
- Distributed tracing, which is helpful for monitoring the execution of an application at the level of the code itself, rather than the infrastructure that hosts it. Learn more in OpenTracing: Distributed Tracing Emerging Industry Standard.
Because there are so many different ways to approach APM, it’s best to think of APM as an overall strategy for managing application performance and availability, rather than a specific method.
What is Log Management?
Log management, meanwhile, means what it sounds like: It’s the practice of managing all of the log data produced by your applications and infrastructure.
Log management can be broken down into several smaller processes, including:
- Log aggregation or log shipping, which refers to the process of collecting logs from disparate sources and moving them to a central location.
- Log storage and archiving, which involves establishing and implementing the right strategy for storing log files over the long term, as well as deleting it after a retention period has ended.
- Controlling the quality of log data by addressing missing entries, out-of-sync timestamps, redundant logs, and so on.
- Ensuring the security and privacy of logs, which sometimes contain highly sensitive information or data that is subject to regulations such as the GDPR.
- Log enrichment, which entails adding more information to logs that helps to contextualize data, such as inserting geographic data based on IP addresses.
- Log analysis, or the process of making sense of log data. (Some folks might consider log analysis to be part of APM more than log management — We’ll explain why in a moment.)
The extent of your log management operation will vary depending on factors such as how many logs you have to manage, how widely distributed your infrastructure is (highly distributed infrastructures make log aggregation more challenging, as do hybrid infrastructures where log data has to move between on-premises and cloud-based environments in a secure way) and which types of log data are available to you. Some types of services generate fewer log data than others; for example, cloud-based serverless computing environments create minimal log data, while an on-premises data center typically churns out quite a bit.
To go further into log management basics, resources and tips & tricks, check out our What is Log Management guide. Also, check out our eBook on Log Management & Analytics basics to learn more about logging.
APM vs. Log Management
What’s the difference between APM and log management, then?
The simple answer is that they serve two quite distinct purposes. APM helps you manage application performance, while log management is all about managing the data inside logs — which in turn ensures that, when it comes time to perform APM, you have complete and accurate data for tracking the availability and performance of applications and infrastructure.
Thus, APM and log management are closely related because log data is one of the critical data sources available to you for performing APM. While logs are not the only source of valuable application metrics for your APM tools (you can also leverage data like stack traces, as noted above), the logs created by applications, servers, network infrastructure and more offer detailed windows into the ways in which an application is performing.
To put it another way: Without effective log management, you can’t do APM effectively.
This does not mean, however, that the sole purpose behind log management is to support APM. Log management helps to achieve other goals, such as securing sensitive data, creating audit trails and reports for compliance purposes, and helping to identify long-term trends that are not always evident from APM tools, which are typically designed to focus only on the immediate state of an application.
Conclusion: Why you need APM and log management
What all of the above means is that, in order to manage an application effectively, you need APM as well as log management. They’re not an either/or proposition.
Without properly managed logs that make data from across an environment available to APM tools, you’ll lack a critical source of data for APM. (You’ll also likely run into other problems that extend beyond the realm of APM, such as the risk of non-compliance for failure to manage log data effectively.) And without APM, you will not be able to make sense of log data in order to understand how your application is performing; nor will you be able to troubleshoot problems and prevent problems from recurring.
Sematext Cloud, which supports APM and log management, provides the holistic set of functionality required to perform both tasks effectively.
Chris Tozzi has worked as a journalist and Linux systems administrator. He has particular interests in open source, agile infrastructure, and networking. He is Senior Editor of content and a DevOps Analyst at Fixate IO. His latest book, For Fun and Profit: A History of the Free and Open Source Software Revolution, was published in 2017.