# Log Analysis
### Detailed Analysis Modal
Press `Enter` on the Log Counts panel in the main view to access the comprehensive analysis modal. The modal uses the same receive time architecture as the main dashboard, ensuring consistent and reliable visualization regardless of log timestamp accuracy or clock skew issues.
### Time-Series Heatmap Analysis
#### Understanding the Heatmap
The time-series heatmap is one of Gonzo's most powerful visual analysis tools:
**Time Axis (Horizontal):**
* Shows last 60 minutes in 1-minute buckets
* Reading: `60` = 60 minutes ago, `0` = current minute
* Updates in real-time as new logs arrive
**Severity Axis (Vertical):**
* Each row represents a different log severity level
* Separate tracking for ERROR, WARN, INFO, DEBUG, etc.
* Independent scaling per severity level
**Intensity Indicators:**
```
░ = Low activity (1-25% of max for this severity)
▒ = Medium activity (25-50% of max)
▓ = High activity (50-75% of max)
█ = Very high activity (75-100% of max)
```
#### Reading Heatmap Patterns
{% tabs %}
{% tab title="Incident Detection" %}
**Identifying When Problems Started:**
```
Time: 60 50 40 30 20 10 0
ERROR ░░░░░░░░████████████░░░░░░
WARN ░░░░░░████████████████░░░░
```
**Analysis:**
* Problem started around 40 minutes ago
* Peak error activity 30-20 minutes ago
* Warnings preceded errors (early warning signs)
* System appears to be recovering now
**Use Case:** Incident timeline reconstruction
{% endtab %}
{% tab title="Performance Patterns" %}
**Daily Performance Cycles:**
```
Time: 60 50 40 30 20 10 0
ERROR ░░░░░░░░░░░░░░░░░░░░░░░░░░
WARN ░░░░████░░░░████░░░░████░░
INFO ████░░░░████░░░░████░░░░░░
```
**Analysis:**
* Regular 20-minute cycles in warnings
* High info activity alternating with warnings
* Suggests scheduled job or batch processing
* No critical errors, normal operational pattern
**Use Case:** Capacity planning and optimization
{% endtab %}
{% tab title="Cascade Failures" %}
**System Failure Propagation:**
```
Time: 60 50 40 30 20 10 0
ERROR ░░░░░░░░░░█░░██████████████
WARN ░░░░░░░░█████████████████░
INFO ░░░░░░████████████░░░░░░░░
```
**Analysis:**
* Single error triggered cascade
* Warnings spread quickly after initial error
* Info logs dropped off (services became unresponsive)
* Classic cascade failure pattern
**Use Case:** System resilience analysis
{% endtab %}
{% endtabs %}
#### Heatmap Best Practices
**🔍 Investigation Techniques:**
1. **Start wide, zoom in** - Look for obvious patterns first
2. **Compare severity levels** - How do different levels correlate?
3. **Identify inflection points** - When did patterns change?
4. **Look for cycles** - Are there recurring patterns?
**⚡ Quick Analysis:**
```bash
# Quick heatmap analysis workflow:
1. Press Enter on Counts panel
2. Scan heatmap for obvious spikes or patterns
3. Note correlation between severity levels
4. Identify time ranges for deeper investigation
5. Use time information to filter main log view
```
### Log Statistics Window
Select `i` from the main window to access the **Log Statistics** view. This window provides a general overview of all your logs including top services, severity distribution, most common patterns, and top attributes.
### Log Detail View
Selecting `ENTER` on the Log Viewer in the main Gonzo TUI will drill down into the **Log Detail View**. From this modal you can look at attribute details, time and severity information, and select `i` to get further AI analysis from whatever AI model you've configured. On the right panel you can chat directly with your selected AI model in context to the selected log you are viewing. Nothing is shared with AI unless you explicitly connect to a model of your choice.
