After you collect data from multiple sources, you need to determine how
that data can help you to resolve your particular problem.
To analyze the data, take the following actions:
- Determine which data sources are most likely to contain information about
the problem, and start your analysis there. For example, if the problem is
related to installation, start your analysis with the installation log files
(if any), rather than starting with the general product or operating system
log files.
- Have a clear understanding of how the various pieces of data relate to
each other. For example, if the data spans more than one system, keep your
data well organized so that you know which pieces of data come from which
sources.
- Confirm that each piece of diagnostic data is relevant to the timing of
the problem by checking timestamps. Note that data from different sources
can have different timestamp formats; be sure to understand the sequence of
the different elements in each timestamp format so that you can tell when
the different events occurred.
The specific method of analysis is unique to each data source, but one
tip that is applicable to most traces and log files is to start by identifying
the point in the data where the problem occurs. After you identify that point,
you can work backward in time through the data in order to unravel the root
cause of the problem.
If you are investigating a problem for which you have comparative data
for a working and nonworking environment, start by comparing the operating
system and product configuration details for each environment.