Hyphen
Log In

Log Analysis

Learn how Hyphen Agent analyzes deployment logs to identify and summarize operational issues, connect findings to follow-up work, and automate incident resolution.

Hyphen Agent can analyze deployment logs, summarize operational issues, and connect findings to follow-up work. Log analysis helps teams move from raw runtime data to prioritized findings without manually combing through logs, which makes incidents and recurring errors faster to understand. Use log analysis when you want Agent to investigate errors, anomalies, or recurring runtime behavior for an app or environment.

Table of Contents

Requirements

Log analysis needs an app and environment that Agent can inspect. Agent uses the log source available for that app:

  • Cloud provider container logs by default.
  • New Relic APM data when the app is connected to New Relic.

For New Relic-backed analysis, configure the New Relic integration and map the APM data to the relevant Hyphen environment. See Setup and Requirements for supported connection patterns.

Automatic and Manual Runs

Policy-driven log analysis tasks run automatically from the effective Agent task policy for each deployment target. Hyphen resolves that policy from matching organization, project, project environment, deployment, or project-and-deployment scope, depending on how your policies are configured.

By default, production environments have log analysis enabled on a daily recurring schedule. Development and custom environments are disabled until a policy enables them. When a policy is disabled or has no recurring schedule, Hyphen does not create scheduled log analysis tasks for that deployment target.

Scheduled policy runs create one-off Log Analysis tasks for the resolved deployment target. The task includes the project, project environment, and deployment references that caused the scheduled run.

If you have permission, ask Hyphen Agent to run log analysis manually for the relevant project and environment. Manual Log Analysis tasks are one-off tasks, not recurring tasks. Agent uses attached project and environment context first; if the request is ambiguous, Agent asks you to choose the intended resource before starting the task.

How It Works

Agent scopes the run to the selected app and environment, then analyzes the available log or APM data for patterns that may explain failures or degraded behavior.

During a run, Agent can:

  • Review available log coverage.
  • Identify findings by category and severity.
  • Explain likely causes and affected runtime behavior.
  • Link findings back to the Agent task and run that produced them.

If GitHub is connected for the app, Agent can also connect findings to repository follow-up. Depending on the finding and repository context, Agent may create a new issue, comment on a matching existing issue, and comment /hyphen so that Agent will attempt to open a pull request to resolve the issue.

Repeat Findings

When Log Analysis finds an issue that matches a previous finding, Hyphen uses a fingerprint based on the repository, affected apps, and error signature to avoid creating duplicate GitHub issues.

If the existing GitHub issue is open, Agent adds a new comment with the latest Log Analysis context instead of creating another issue. This updates the issue record for the latest run, but it does not enqueue another pull request automation run just because the same open issue appeared again.

If the existing issue is closed, Agent checks the issue context before deciding what to do next. Issues that appear intentionally declined or not planned are skipped. Issues that appear fixed wait for a 24-hour reopen delay from the latest fix signal, such as a merged linked pull request, before Agent reopens the issue. After that delay, Agent can reopen the issue, add the latest Log Analysis comment, restore the Hyphen Agent label, and enqueue follow-up automation.

If GitHub no longer returns a recorded issue, Agent skips creating a replacement issue for that fingerprint.

Results

Log analysis results appear in Agent task and run views. A run can include:

  • Coverage metrics showing how much data Agent analyzed.
  • Findings grouped by category and severity.
  • Issue action summaries, including created, commented, or skipped actions.
  • Repository and pull request context when Agent proposes a code change.

Things to Know

  • Log analysis uses cloud provider container logs unless New Relic APM is connected for the app.
  • New Relic-backed analysis depends on the app-to-environment mapping configured in Hyphen.
  • Issue automation is additive. Agent can comment on matching issues, but it does not rewrite existing issue bodies.
  • Pull requests from log analysis require a connected GitHub repository for the affected app.
  • Agent-created pull requests are reviewable and are not merged automatically.