Log Search
Without the Log Read role, you cannot enter the menu.
Home > Select Project > Log > Log Search
In Log Search, you can search a large number of integrated logs under various conditions and specify the desired logs. Multiple search conditions can be specified with parsed keys and values, so only the log data that matches the desired conditions are extracted.
The searched log data is imported to the dynamic page line by line. If the scroll reaches the bottom, the next data is automatically retrieved and displayed.
The major terms are as follows:
- Category: Unit for log collection and inquiry
- Content: Log messages
- Search Key: It is generated through the log parser settings.
- Tag: Key to search the collected logs
Request Data
-
If the scroll reaches the bottom, the next data is retrieved. You can view 10,000 logs at a time.
-
You can see the total number of logs viewed from the upper left of the log table.
-
Log data can be queried in chronological order. On the upper right of the log table, select a desired search method among Oldest and Newest.
-
After specifying the time range, select Apply to finish the search time setting, and then select Search to search for data.
-
On the upper right of the log table, select the Log full screen icon, you can see the Log and Timestamp in the full screen.
-
If the agent option is set, the log levels are collected and the colors for each log level appear as follows:
NoteSetting the agent options
-
The agent options are as follows:
# whatap.conf
weaving=log4j-2.17
weaving=logback-1.2.8 -
In Java agent 2.2.22 or later, it can be used when setting log4j-2.17 or logback-1.2.8 in the weaving setting. It is required to restart the agent.
-
The log level is determined based on the
level
andtype
among the parsed keywords. When there are keys parsed aslevel
andtype
, and the parsed values have FATAL, CRITICAL, ERROR, WARN, WARNING, and INFO, the log level color appears.
NoteYou can change the column width by dragging an edge of the log table column.
-
Checking the log content
What is content?
Content means the log messages.
- The first line of the log column is the log's parsed key and value, and the second line is the log's content.
-
For each row (log) of the log table, the More button exists. If you select the More button, you can check the entire content of the log like .
-
If you select a tag in the log, a drop-down menu appears that allows you to perform Copy, Search, Exclusion search, and Adjacent Log.
Filter
Apply Filter
In Time selector on the left of , you can specify the time range. On the right, When a filter is applied, the logs that match the specified conditions are filtered. You can enter multiple filters. OR (||
) if the filters have the same tags, otherwise AND (&&
).
You can specify a filter by directly entering a value in the input field or clicking the Filter field. Filter tags are entered in the following order: Search key
, Operator
, and Search value
. If you select Search, the data with the filter applied can be viewed in the area.
Guide UI
The Guide UI is provided under the input field as follows: You can close the Guide UI via the ESC key when your mouse cursor is over the input field or filter tag.
Entry of the search key, operator, and search value
-
Upon entry of the
search key
, recommended values are provided by distinguishing for general index, reserved word index, and numeric index. -
When entering an
operator
, for a general index search key,==
and!=
options are provided at the bottom. In case of the numeric index, the>
,<
,<=
,>=
,==
, and!=
options are provided. -
Upon entry of the
search value
for matched search (>
,<
,<=
,>=
,==
), it is highlighted in blue, In case of excluded search (!=
), it is highlighted in red. -
Upon entry of the
search value
, you can search using the case-sensitive option.
-
If the filter tags exceed 2 lines, you can fold it by selecting the Fold icon.
-
After entering a filter tag, you can use the Shift and Tab keys simultaneously in the input field to go to the previous filter tag.
-
After entering a filter tag, you can use the Tab key in the input field to go to the next filter tag.
Adding filter tags
-
You can enter text in the input field and add then add more items by using the Enter key or Tab key on your keyboard.
-
You can add recommended values by clicking them in the Guide UI below the input field.
-
In the Guide UI below the input field, you can select recommended values with the up/down arrow keys on the keyboard and add tags by using the Enter and Tab keys.
Deleting filter tags
-
A tag can be deleted with the Backspace key.
-
You can delete a tag by selecting the X icon for it.
-
You can delete all tags by selecting the Delete All X icon in the input field.
Filter favorites
The filter favorites feature is provided. You can select the Favorites icon on the right of the input window to add, delete, and select desired filter search conditions in the favorites. Favorites can store up to 50 cases.
Exceptional cases for application of filters
-
In the tag with a numeric index (
search key
that ends with.n
), only numbers can be input for thesearch value
. -
Duplicate ‘search key’ and ‘search value’ cannot be entered.
-
Searching is not possible if there is a tag whose
search key
orsearch value
is missing. Invalid tags appear in gray.
Applying non-parsing keyword filters
You can search the logs containing keywords that have not been parsed, or for which no index has been created. In this case, all logs in the specified range are fully scanned. Therefore, the search speed may be slower compared to the indexed key. For standardized log data, it is recommended to search using the index key through Log parser setting.
-
Select Category. It is required to set the category.
-
In the Filter field, enter a desired keyword for a search after leaving spaces on the
content
basis.e.g.
content *select*
-
Click Search to view the logs. Several logs are viewed first. You can view a maximum of 10,000 logs per each search.
-
You can make additional inquiries by scrolling down and selecting View more at the bottom.
- Among all logs, 10,000 logs are viewed for a server search range. The default range for a server search is 200,000, but the ratio may differ depending on the total log volume.
-
For more information about the parser configuration, see the following.
Modifying the filter
Enter a value in the filter and then click the specified value to modify it.
-
You can modify the filter by entering text again in the input field.
-
You can modify the recommended values by selecting them in the Guide UI below the input field.
Search Key
The search key Indicates an identifier for accessing a desired value within the log data. The actual data for the search key is the search value. The tags on the left area are the search keys parsed for each category. You can enter filters by selecting tags. The orange tag is the category, and the blue tag is the search key.
For example, AppLog and AppStdOut in are categories. The tags below such as oid are search keys parsed. In Log > Log Configuration, you can register and set the parsing logic in Log parser setting tab with the search key.
Filter input syntax
A tag consists of a search key and a search value. In the following example, the search key is exception
and the search value is UnknownHostException
. The example searches for the log data that includes an exception (UnknowHostException
) that is generated when the server cannot connect the host because the IP address and domain address do not match among the collected log data.
Search key types
Search key types | Search key format | Meaning | Example for Search key and search value | Seach example |
---|---|---|---|---|
String keyword | keyword | File Name | - Key: fileName - Value: /data/whatap/logs/yard.log | fileName:/data/whatap/logs/yard.log |
Numeric keyword | keyword.n | Response Time | - Key: response_time.n - Value: 2945 | response_time.n>=2945 |
Reserved keyword (predefined keyword) | @keyword | Transaction ID | - Key: @txid - Value: 85459614215434144 | - |
Common syntaxes
Syntax type | Description | Example |
---|---|---|
==searchValue | Searches for the logs that match the search value. | exception==RuntimeExceptionexception |
!=searchValue | Searches for the logs that exclude the search value. | exception!=RuntimeException |
*searchValue | Searches for the logs ending with the search value. | word==*hello |
searchValue* | Searches for the logs starting with the search value. | word==hello* |
*searchValue* | Searches for the logs that contain the search value in the middle. | word==*hello* |
*search*Value* | Searches for the logs that contain the search value. | word==*he*llo* |
re:{regexr} | Searches for the logs that match a regular expression. | caller==re:^i\.w\.a\.w\.s\.v\.r\. |
** | Searches all logs that match the search key. |
Syntax in case the search key has a numeric value (keyword.n)
The following syntax is supported only when the search key is in keyword.n
format.
-
Search values must only be numbers.
-
No prefix is attached to the value of the
.n
keyword. All keywords other than.n
must be attached with a prefix.For example,
+>searchValue
is invalid.
Syntax type | Description | Example |
---|---|---|
>searchValue | Searches for the logs containing values greater than the search value. | response_time.n>3000 |
>=searchValue | Searches for the logs containing values greater than or equal to the search value. | response_time.n>=3000 |
==searchValue | Searches for the logs containing the same search value. | response_time.n==3000 |
!=searchValue | Searches for the logs that contain values different from the search value. | response_time.n!=3000 |
<searchValue | Searches for the logs containing values less than the search value. | response_time.n<3000 |
<=searchValue | Searches for the logs containing values less than or equal to the search value. | response_time.n<=3000 |
Log tagging options
When you select a log tag, the following drop-down menu appears. You can find the Search, Exclusion search, and Adjacent Log options.
-
Search
If you select the Search option, the tags that correspond to Filter are entered with the inclusion (
==
) condition. -
Exclusion search
If you select the Exclusion search option, the tags that correspond to Filter are entered with the exclusion (
!=
) condition. -
Adjacent Log
If you select the Adjacent Log option, the Adjacent Log detail window appears. Search for the logs of the target server and the logs in time zones adjacent to the selected log. You can click Time selector to see the logs in adjacent time zones. Reference logs appear with a blue background.
Content highlighting
The highlight function is provided to easily identify the desired keywords among the log data.
-
In the keyword field, enter a keyword to highlight, and then click Search.
e.g.
select
-
As shown in the example, the keyword within the content is highlighted in the log list.
-
You can filter by single or multiple keywords.
-
If you select Log full screen, the Log and Timestamp appear in the full screen.
Multi-keyword condition
When highlighting with multiple keywords, write as follows:
String to input | Description | Result |
---|---|---|
a b c | Separate each keyword with a space. | a, b, c |
"Whatap is good." | To include spaces in keywords, wrap them in '' or "" . | Whatap is good. |
"Whatap\\ is good." | If \ is included in the keyword surrounded by "", enter it as \\ . | Whatap\ is good. |
Setting the highlight color
By selecting Highlight, you can set the keyword and its color for highlighting.
-
In addition, enter the keyword to set the color for.
-
If you click Color on the left of the input field, available colors appear.
-
Basically, different highlighting by the level (WARN, ERROR, FATAL) is applied.
-
The settings are saved in Project Rules.
Setting the table
Column settings
Right of the area, select Column settings. You can add columns or set order.
-
Adding columns
You can add columns to the table by selecting tags. If you unselect the log column, you cannot see Log view detail setting. Be sure to select at least one column.
-
Setting the column order
When you add a column, the column is added to Display columns. Drag a desired column to change the order of the columns.
Log view detail setting
On the right of , select Log view detail setting. content and Tag are all checked and two items are also displayed. Be sure to select any of content and Tag.
Unchecked items are not displayed in the table. If you deselect the Tag as follows, the log's Tag does not appear in the table.
When you add tags in the Tag management list, the tags in the log are listed in the order you added. You can change the order of the tags by dragging them. f you disable an added tag, the disabled tag does not appear.
-
Column settings and Log view detail setting can be used in Live Tail, Log Search, and Log Trend.
-
In the same project, the Live Tail, Log Search, and Log Trend menus share Column settings and Log view detail setting.