Log Analysis

When to use this skill

• The main job is read-only log triage, not code changes or monitoring design.
• The user wants the first actionable blocker, not a paraphrase of every line.
• The evidence is application, API, worker, proxy, container, pod, browser, CI, or JSON logs.
• The user needs the repeated signature or blast radius summarized after the first failure is isolated.
• The prompt is really "which lines matter / what is the real error / where does the cascade start?" even if the user never says "triage".

Do not use this skill as the main workflow when:

• The logs are Unity / Unreal build, cook, package, editor, or player logs → use game-build-log-triage.
• The real job is instrumentation, dashboards, alerting, ingestion, retention, or observability coverage → use monitoring-observability.
• The likely blocker is already known and the user now needs reproduction, hypotheses, or fixes → use debugging.
• The main job is repeated anomaly/rule hunting across logs or telemetry families rather than first-failure triage → use pattern-detection.

Core idea

log-analysis should act like a packet router, not a giant troubleshooting encyclopedia.