Cognition: Analytics
How to read your Cognition data in the Skytells Console and CLI. Covers all Console views, every CLI command, and common investigation workflows.
Your Cognition data is available in the Cognition Console ↗ and through the skytells cognition CLI commands. The Console gives you a visual UI with dedicated views for each event type and an AI analysis tab. The CLI gives you the same data in the terminal, which is useful for incident investigation and scripted checks.
Cognition requires a Pro plan or higher. See Plans for a tier comparison, or Upgrade to Pro ↗ directly.
Console
Console: Cognition Console ↗
Open the Console in your browser and navigate to Cognition in the left sidebar under Build & Deploy. Select your project if prompted — the project shown in Cognition corresponds to the projectId you configured in the SDK. Find your project ID on the Projects page.
Views
| View | What it shows |
|---|---|
| Overview | A summary of application health: error counts, anomaly count, security event count, runtime status, and recent activity |
| Errors | All captured error events with parsed stack frames, breadcrumbs, user context, severity, and environment. Filter by tag, level, or time range |
| Security Threats | Detected security events grouped by threat type and severity. Includes request context, matched pattern, and AI-assisted remediation notes |
| Runtime Health | Time-series charts for all six Runtime Observer metrics: event loop lag, heap usage, CPU, GC pauses, active handles, and HTTP metrics |
| Anomalies | Anomaly events triggered by threshold breaches, with actual vs. threshold values and correlation with error spikes |
| Live | A real-time event stream. See errors, snapshots, and security events as they arrive |
| AI Analysis | The Cognition AI engine at work. It correlates events, surfaces root causes, and takes the actions you've configured. Set up what it monitors, what triggers action, and how it responds, directly from this tab |
Common Tasks
Investigate an error spike:
- Go to the Errors view and look at recent events.
- Check the stack frames, breadcrumbs, and user context to understand what happened.
- Switch to Runtime Health to see if an anomaly coincided with the spike.
Review suspicious activity:
- Open Security Threats.
- Look at the severity, which pattern matched, and the request that triggered it.
- Decide whether to patch your application, block a route, or tighten scanner thresholds.
Diagnose a performance problem:
- Go to Runtime Health.
- Check event loop p99 lag, heap growth rate, and GC max pause over time.
- Cross-reference with Anomalies to see exactly when thresholds were crossed.
CLI
The skytells cognition command group provides terminal access to every Cognition data surface. Useful for incident investigation, scripted monitoring, CI/CD checks, and on-call workflows.
For CLI authentication and initial setup, see CLI reference.
You need to be authenticated (skytells login) and have a project access key linked (skytells link <key>) before using CLI cognition commands. Pass --project <id> to target a specific project, or rely on the linked key.
Overview
Display a high-level summary of application health for a given time window:
skytells cognition overview| Option | Description |
|---|---|
--project <id> | Specify a project ID |
--hours <n> | Time window in hours (e.g., 24 for last 24 hours) |
--json | Output as JSON |
# Last 24 hours summary
skytells cognition overview --hours 24
# Specific project
skytells cognition overview --project my-api-service
# JSON output for scripting
skytells cognition overview --project my-api-service --jsonErrors
List captured error events:
skytells cognition errors| Option | Description |
|---|---|
--project <id> | Project ID |
--limit <n> | Maximum number of errors to display |
--offset <n> | Skip N errors (pagination) |
--json | Output as JSON |
# Recent errors
skytells cognition errors --limit 10
# Paginate
skytells cognition errors --limit 20 --offset 20
# JSON for processing
skytells cognition errors --jsonSecurity Events
List security threat events:
skytells cognition security| Option | Description |
|---|---|
--project <id> | Project ID |
--limit <n> | Maximum number of events |
--offset <n> | Pagination offset |
--json | Output as JSON |
# List security events
skytells cognition security --limit 10
# JSON output for automation
skytells cognition security --jsonRuntime Snapshots
View runtime performance snapshots:
skytells cognition runtime| Option | Description |
|---|---|
--project <id> | Project ID |
--limit <n> | Maximum number of snapshots |
--offset <n> | Pagination offset |
--json | Output as JSON |
# View recent snapshots
skytells cognition runtime --limit 10
# JSON for scripting
skytells cognition runtime --jsonAnomalies
List threshold-breach anomaly events:
skytells cognition anomalies| Option | Description |
|---|---|
--project <id> | Project ID |
--limit <n> | Maximum number of anomalies |
--offset <n> | Pagination offset |
--json | Output as JSON |
# Check for anomalies
skytells cognition anomalies
# JSON for alerting integration
skytells cognition anomalies --jsonLive Events
List recent events with support for incremental polling:
skytells cognition events| Option | Description |
|---|---|
--project <id> | Project ID |
--limit <n> | Maximum number of events |
--since <event-id> | Fetch only events after this event ID (for continuous polling) |
--json | Output as JSON |
# List recent events
skytells cognition events --limit 50
# Poll for new events since a specific event
skytells cognition events --since evt-100 --jsonPolling pattern — for continuous monitoring without the Console:
#!/bin/bash
LAST_EVENT=""
while true; do
if [ -z "$LAST_EVENT" ]; then
RESULT=$(skytells cognition events --limit 1 --json)
else
RESULT=$(skytells cognition events --since "$LAST_EVENT" --json)
fi
echo "$RESULT"
LAST_EVENT=$(echo "$RESULT" | jq -r '.[-1].id // empty')
sleep 60
doneTime-Series Metrics
View request rates, error rates, and latency percentiles over time:
skytells cognition timeseries| Option | Description |
|---|---|
--project <id> | Project ID |
--hours <n> | Time window in hours |
--json | Output as JSON |
# Last 24 hours
skytells cognition timeseries --hours 24
# Last week
skytells cognition timeseries --hours 168
# JSON for dashboard integration
skytells cognition timeseries --hours 24 --jsonCommon Workflows
Daily Health Check
# High-level overview for the last 24 hours
skytells cognition overview --hours 24
# Check for errors
skytells cognition errors --limit 10
# Look for security events
skytells cognition security --limit 10
# Check for anomalies
skytells cognition anomaliesIncident Investigation
# 1. Start with a short summary
skytells cognition overview --hours 6
# 2. Check recent errors for root cause
skytells cognition errors --limit 20
# 3. Review security events
skytells cognition security
# 4. Check runtime health
skytells cognition runtime --limit 10
# 5. Look at time-series patterns
skytells cognition timeseries --hours 6
# 6. Stream recent events
skytells cognition events --limit 50Related
- Quickstart — Verify your first events in the Console
- Runtime Observer — What runtime metrics are collected
- Security Scanner — What security events look like
- CLI reference — Authentication and CLI setup
- Console: Projects — Find your project ID
How is this guide?
Transport & Buffer
How @skytells/cognition holds events in a bounded ring buffer, batches them, compresses the payload, and delivers to dsn.skytells.ai with automatic retries.
AI Report
The Skytells AI engine audits your Cognition event data and generates a structured report covering errors, threats, runtime health, and recommended actions. Available in Console under Cognition / AI Analysis.