Skip to main content
Medium risk Log statements that fire on every request, every iteration, or every tick. Middleware that logs every incoming request. Loops that log each item. Code that runs constantly and logs every time.

Why it happens

A developer adds logging to understand how code behaves. The code runs more often than expected. A log statement in middleware fires on every request. A log inside a loop fires thousands of times per operation. A background job logs every tick. The log statement isn’t wrong. It’s just in the wrong place.

Example

Middleware logging every request:
{"body": "Incoming request", "http.target": "/api/users", "service.name": "api-gateway"}
{"body": "Incoming request", "http.target": "/api/orders", "service.name": "api-gateway"}
{"body": "Incoming request", "http.target": "/api/products", "service.name": "api-gateway"}
{"body": "Incoming request", "http.target": "/api/users", "service.name": "api-gateway"}
Thousands per minute. Every request. No additional context.
This is a code change. The log statement needs to be moved, removed, or made conditional.
Tero detects this by identifying log events with extremely high volume but low variance. If a log fires 100,000 times with nearly identical content, it’s probably in a hot path.

Open PRs

Remove or relocate the log statement in code.

Create tickets

Alert the team to review the logging pattern.
The fix is usually in code: move the log outside the loop, add a condition, or remove it entirely. Sampling at the edge is a temporary fix but doesn’t address the root cause.

How it works

Tero identifies hot path logs by analyzing volume and variance in your context graph. A log event that fires at extremely high rates with low content variance is flagged. The key signal is the ratio of volume to information. A log that fires 100,000 times and says the same thing each time isn’t providing 100,000 pieces of information. It’s providing one piece of information, repeated.