Skip to main content

Log Search

Note

Without the Log Read role, you cannot enter the menu.

Home > Select Project > Dashboard > Log Search

In Log Search, you can search a large number of integrated logs under various conditions and specify the desired logs. Multiple search conditions can be specified with parsed keys and values, so only the log data that matches the desired conditions are extracted.

The searched log data is imported to the dynamic page line by line. If the scroll reaches the bottom, the next data is automatically retrieved and displayed.

The major terms are as follows:

  • Category: Unit for log collection and inquiry
  • Content: Log messages
  • Search Key: It is generated through the log parser settings.
  • Tag: Key to search the collected logs

Log search

Request Data

  • If the scroll reaches the bottom, the next data is retrieved. You can view 10,000 logs at a time.

  • number-s You can see the total number of logs viewed from the upper left of the log table.

  • Log data can be queried in chronological order. On the upper right of the number-s log table, select a desired search method among Oldest and Newest.

  • After specifying the time range, select Apply to finish the search time setting, and then select Search icon Search to search for data.

  • On the upper right of the number-s log table, select the 전체 화면 아이콘 Log full screen icon, you can see the Log and Timestamp in the full screen.

  • If the agent option is set, the log levels are collected and the colors for each log level appear as follows:

    Log level color

    Note

    Setting the agent options

    • The agent options are as follows:

      # whatap.conf
      weaving=log4j-2.17
      weaving=logback-1.2.8
    • In Java agent 2.2.22 or later, it can be used when setting log4j-2.17 or logback-1.2.8 in the weaving setting. It is required to restart the agent.

    • The log level is determined based on the level and type among the parsed keywords. When there are keys parsed as level and type, and the parsed values have FATAL, CRITICAL, ERROR, WARN, WARNING, and INFO, the log level color appears.

    Note

    You can change the column width by dragging an edge of the log table column.

Checking the log content

Note

What is content?

Content means the log messages.

  • The first line of the log column is the log's parsed key and value, and the second line is the log's content.
  • number-s For each row (log) of the log table, the Icon More button exists. If you select the Icon More button, you can check the entire content of the log like number-s.

  • If you select a tag in the log, a drop-down menu appears that allows you to perform Copy, Search, Exclusion search, and Adjacent Log.

Filter

Apply Filter

In Time selector on the left of , you can specify the time range. On the right, When a filter is applied, the logs that match the specified conditions are filtered. You can enter multiple filters. OR (||) if the filters have the same tags, otherwise AND (&&).

You can specify a filter by directly entering a value in the input field or clicking the Filter field. Filter tags are entered in the following order: Search key, Operator, and Search value. If you select Search icon Search, the data with the filter applied can be viewed in the number-s3 area.

Note

Guide UI

The Guide UI is provided under the input field as follows: You can close the Guide UI via the ESC key when your mouse cursor is over the input field or filter tag.

Log filter

Entry of the search key, operator, and search value

  • Upon entry of the search key, recommended values are provided by distinguishing for general index, reserved word index, and numeric index.

  • When entering an operator, for a general index search key, == and != options are provided at the bottom. In case of the numeric index, the >, <, <=, >=, ==, and != options are provided.

  • Upon entry of the search value for matched search (>, <, <=, >=, ==), it is highlighted in blue, In case of excluded search (!=), it is highlighted in red.

  • Upon entry of the search value, you can search using the case-sensitive option.

Note
  • If the filter tags exceed 2 lines, you can fold it by selecting the Icon Fold icon.

  • After entering a filter tag, you can use the Shift and Tab keys simultaneously in the input field to go to the previous filter tag.

  • After entering a filter tag, you can use the Tab key in the input field to go to the next filter tag.

Adding filter tags

  • You can enter text in the input field and add then add more items by using the Enter key or Tab key on your keyboard.

  • You can add recommended values by clicking them in the Guide UI below the input field.

  • In the Guide UI below the input field, you can select recommended values with the up/down arrow keys on the keyboard and add tags by using the Enter and Tab keys.

Deleting filter tags

  • A tag can be deleted with the Backspace key.

  • You can delete a tag by selecting the X icon for it.

  • You can delete all tags by selecting the Delete All X icon in the input field.

Filter favorites

The filter favorites feature is provided. You can select the Favorites icon Favorites icon on the right of the input window to add, delete, and select desired filter search conditions in the favorites. Favorites can store up to 50 cases.

Log filter favorites

Exceptional cases for application of filters

  • In the tag with a numeric index (search key that ends with .n), only numbers can be input for the search value.

  • Duplicate ‘search key’ and ‘search value’ cannot be entered.

  • Searching is not possible if there is a tag whose search key or search value is missing. Invalid tags appear in gray.

Applying non-parsing keyword filters

You can search the logs containing keywords that have not been parsed, or for which no index has been created. In this case, all logs in the specified range are fully scanned. Therefore, the search speed may be slower compared to the indexed key. For standardized log data, it is recommended to search using the index key through Log parser setting.

Applying non-parsing keyword filters

  1. Select Category. It is required to set the category.

  2. In the Filter field, enter a desired keyword for a search after leaving spaces on the content basis.

    e.g. content *select*

  3. Click Search to view the logs. Several logs are viewed first. You can view a maximum of 10,000 logs per each search.

  4. You can make additional inquiries by scrolling down and selecting View more at the bottom.

    View more

Note
  • Among all logs, 10,000 logs are viewed for a server search range. The default range for a server search is 200,000, but the ratio may differ depending on the total log volume.
  • For more information about the parser configuration, see the following.

Modifying the filter

Enter a value in the filter and then click the specified value to modify it.

Modifying the filter

  • You can modify the filter by entering text again in the input field.

  • You can modify the recommended values by selecting them in the Guide UI below the input field.

Search Key

The search key Indicates an identifier for accessing a desired value within the log data. The actual data for the search key is the search value. The tags on the left number-s area are the search keys parsed for each category. You can enter filters by selecting tags. The orange tag is the category, and the blue tag is the search key.

For example, AppLog and AppStdOut in number-s are categories. The tags below such as oid are search keys parsed. In Management > Log Configuration, you can register and set the parsing logic in Log parser setting with the search key.

Filter input syntax

A tag consists of a search key and a search value. In the following example, the search key is exception and the search value is UnknownHostException. The example searches for the log data that includes an exception (UnknowHostException) that is generated when the server cannot connect the host because the IP address and domain address do not match among the collected log data.

Tag structure

Search key types

Search key typesSearch key formatMeaningExample for Search key and search valueSeach example
String keywordkeywordFile Name- Key: fileName
- Value: /data/whatap/logs/yard.log
fileName:/data/whatap/logs/yard.log
Numeric keywordkeyword.nResponse Time- Key: response_time.n
- Value: 2945
response_time.n>=2945
Reserved keyword
(predefined keyword)
@keywordTransaction ID- Key: @txid
- Value: 85459614215434144
-

Common syntaxes

Syntax typeDescriptionExample
==searchValueSearches for the logs that match the search value.exception==RuntimeExceptionexception
!=searchValueSearches for the logs that exclude the search value.exception!=RuntimeException
*searchValueSearches for the logs ending with the search value.word==*hello
searchValue*Searches for the logs starting with the search value.word==hello*
*searchValue*Searches for the logs that contain the search value in the middle.word==*hello*
*search*Value*Searches for the logs that contain the search value.word==*he*llo*
re:{regexr}Searches for the logs that match a regular expression.caller==re:^i\.w\.a\.w\.s\.v\.r\.
**Searches all logs that match the search key.

Syntax in case the search key has a numeric value (keyword.n)

The following syntax is supported only when the search key is in keyword.n format.

  • Search values must only be numbers.

  • No prefix is attached to the value of the .n keyword. All keywords other than .n must be attached with a prefix.

    For example, +>searchValue is invalid.

Syntax typeDescriptionExample
>searchValueSearches for the logs containing values greater than the search value.response_time.n>3000
>=searchValueSearches for the logs containing values greater than or equal to the search value.response_time.n>=3000
==searchValueSearches for the logs containing the same search value.response_time.n==3000
!=searchValueSearches for the logs that contain values different from the search value.response_time.n!=3000
<searchValueSearches for the logs containing values less than the search value.response_time.n<3000
<=searchValueSearches for the logs containing values less than or equal to the search value.response_time.n<=3000

Log tagging options

When you select a log tag, the following drop-down menu appears. You can find the Search, Exclusion search, and Adjacent Log options.

Log tag dropdown menu

  • Search

    If you select the Search option, the tags that correspond to Filter are entered with the inclusion (==) condition.

  • Exclusion search

    If you select the Exclusion search option, the tags that correspond to Filter are entered with the exclusion (!=) condition.

  • Adjacent Log

    If you select the Adjacent Log option, the Adjacent Log detail window appears. Search for the logs of the target server and the logs in time zones adjacent to the selected log. You can click Time selector to see the logs in adjacent time zones. Reference logs appear with a blue background.

    Log tag - adjacent logs

Content highlighting

The highlight function is provided to easily identify the desired keywords among the log data.

Search log contents highlight

  • In the Leader line a keyword field, enter a keyword to highlight, and then click Search icon Search.

    e.g. select

  • As shown in the example, the keyword within the content is highlighted in the Leader line b log list.

  • You can filter by single or multiple keywords.

  • If you select Full screen icon Log full screen, the Log and Timestamp appear in the full screen.

Multi-keyword condition

When highlighting with multiple keywords, write as follows:

String to inputDescriptionResult
a b cSeparate each keyword with a space.a, b, c
"Whatap is good."To include spaces in keywords, wrap them in '' or "".Whatap is good.
"Whatap\\ is good."If \ is included in the keyword surrounded by "", enter it as \\.Whatap\ is good.

Setting the highlight color

By selecting Icon Highlight, you can set the keyword and its color for highlighting.

Highlight

  • In addition, enter the keyword to set the color for.

  • If you click Color on the left of the input field, available colors appear.

  • Basically, different highlighting by the level (WARN, ERROR, FATAL) is applied.

  • The settings are saved in Project Rules.

Setting the table

Column settings

Right of the area, select column icon Column settings. You can add columns or set order.

  • Adding columns

    You can add columns to the table by selecting tags. If you unselect the log column, you cannot see Log view detail setting. Be sure to select at least one column.

  • Setting the column order

    When you add a column, the column is added to Display columns. Drag a desired column to change the order of the columns.

Log view detail setting

Log Table Content Setting

On the right of , select Configuration icon Log view detail setting. content and Tag are all checked and two items are also displayed. Be sure to select any of content and Tag.

Unchecked items are not displayed in the table. If you deselect the Tag as follows, the log's Tag does not appear in the table.

Log table tag invisible

When you add tags in the Tag management list, the tags in the log are listed in the order you added. You can change the order of the tags by dragging them. f you disable an added tag, the disabled tag does not appear.

Note
  • Column settings and Log view detail setting can be used in Live Tail, Log Search, and Log Trend.

  • In the same project, the Live Tail, Log Search, and Log Trend menus share Column settings and Log view detail setting.