Skip to main content

Live Tail

Note

Without the Log Read role, you cannot enter the menu.

Home > Select Project > Log > Live Tail

In Live Tail, you can easily check the log data stream on the monitoring screen without accessing the server console. You can select necessary logs from numerous logs and quickly recognize the desired logs through the highlight function.

Live tail

In Live Tail, complex logs can be easily accessed. You can search the logs in real time by using the functions such as Filter or Highlight, if necessary. The log data search cycle is 2 seconds.

The major terms are as follows:

  • Category: Unit for log collection and inquiry
  • Content: Log messages
  • Search Key: It is generated through the log parser settings.
  • Tag: Key to search the collected logs

Agent option

If the agent option is set, the log levels are collected and the colors for each log level appear as follows:

Log level color

Note

Setting the agent options

  • The agent options are as follows:

    # whatap.conf
    weaving=log4j-2.17
    weaving=logback-1.2.8

  • In Java agent 2.2.22 or later, it can be used when setting log4j-2.17 or logback-1.2.8 in the weaving setting. It is required to restart the agent.

  • The log level is determined based on the level and type among the parsed keywords. When there are keys parsed as level and type, and the parsed values have FATAL, CRITICAL, ERROR, WARN, WARNING, and INFO, the log level color appears.

Filter area

Apply Filter

When a filter is applied, the logs that match the specified conditions are filtered. You can enter multiple filters. OR (||) if the filters have the same tags, otherwise AND (&&).

You can specify a filter by directly entering a value in the input field or clicking the Filter field. Filter tags are entered in the following order: Search key, Operator, and Search value. If you select Search icon Search, the data with the filter applied can be viewed in the number-s3 area.

Note

Guide UI

The Guide UI is provided under the input field as follows:

Log filter

Entry of the search key, operator, and search value

  • Upon entry of the search key, recommended values are provided by distinguishing for general index, reserved word index, and numeric index.

  • When entering an operator, for a general index search key, == and != options are provided at the bottom. In case of the numeric index, the >, <, <=, >=, ==, and != options are provided.

  • Upon entry of the search value for matched search (>, <, <=, >=, ==), it is highlighted in blue, In case of excluded search (!=), it is highlighted in red.

  • Upon entry of the search value, you can search using the case-sensitive option.

Note

If the filter tags exceed 2 lines, you can fold it by selecting the Icon Fold icon.

Adding filter tags

  • You can enter text in the input field and add more items by using the Enter and Tab keys on your keyboard.

  • You can add recommended values by clicking them in the Guide UI below the input field.

  • In the Guide UI below the input field, you can select recommended values with the up/down arrow keys on the keyboard and add tags by using the Enter and Tab keys.

Deleting filter tags

  • A tag can be deleted with the Backspace key.

  • You can delete a tag by selecting the X icon for it.

  • You can delete all tags by selecting the Delete All X icon in the input field.

Exceptional cases for application of filters

  • In the tag with a numeric index (search key that ends with .n), only numbers can be input for the search value.

  • Duplicate ‘search key’ and ‘search value’ cannot be entered.

  • Searching is not possible if there is a tag whose search key or search value is missing. Invalid tags appear in gray.

Note

  • You cannot enter a category with the Live Tail search key.

  • The expression under the entered filter value is a preview of the filter expression for querying the log data.

Applying non-parsing keyword filters

You can search the logs containing keywords that have not been parsed, or for which no index has been created. In this case, all logs in the specified range are fully scanned. Therefore, the search speed may be slower compared to the indexed key. For standardized log data, it is recommended to search using the index key through Log parser setting.

Applying non-parsing keyword filters

  1. Select Category.

  2. In the Filter field, enter a desired keyword for a search after leaving spaces on the content basis.

    e.g. content *select*

  3. Click Search to view the logs.

Note
  • In case of Live Tail, all logs can be viewed. Thus, the category is not required to be specified.

  • For more information about the parser configuration, see the following.

Modifying the filter

Enter a value in the filter and then click the specified value to modify it.

Modifying the filter

  • You can modify the filter by entering text again in the input field.

  • You can modify the recommended values by selecting them in the Guide UI below the input field.

Search Key

In the following image, the blue boxed part is the search key for parsing. In Log Configuration, you can register and set the parsing logic in Log parser setting tab with the search key.

Search key

Filter input syntax

A tag consists of a search key and a search value. In the following example, the search key is exception and the search value is UnknownHostException. The example searches for the log data that includes an exception (UnknowHostException) that is generated when the server cannot connect the host because the IP address and domain address do not match among the collected log data.

Tag structure

Search key types

Search key typesSearch key formatMeaningExample for Search key and search valueSeach example
String keywordkeywordFile Name- Key: fileName
- Value: /data/whatap/logs/yard.log		fileName:/data/whatap/logs/yard.log
Numeric keywordkeyword.nResponse Time- Key: response_time.n
- Value: 2945		response_time.n>=2945
Reserved keyword
(predefined keyword)		@keywordTransaction ID- Key: @txid
- Value: 85459614215434144		-
Log body's keywordcontentLog body- Key: content
- Value: user input		content: *ERROR*
Note

Content search key

  • The content search key searches the bodies of unindexed logs. For example, if you enter content *ERROR*, the logs containing ERROR are searched among the log bodies.

  • If you do not know which keywords need to be used for indexing, use the content search keys to identify the logs containing problematic keywords. Afterwards, you can improve the search performance by setting a parser with the keyword through the log parser settings in Log setting and creating indexes.

Common syntaxes

Syntax typeDescriptionExample
==searchValueSearches for the logs that match the search value.exception==RuntimeExceptionexception
!=searchValueSearches for the logs that exclude the search value.exception!=RuntimeException
*searchValueSearches for the logs ending with the search value.word==*hello
searchValue*Searches for the logs starting with the search value.word==hello*
*searchValue*Searches for the logs that contain the search value in the middle.word==*hello*
*search*Value*Searches for the logs that contain the search value.word==*he*llo*
re:{regexr}Searches for the logs that match a regular expression.caller==re:^i\.w\.a\.w\.s\.v\.r\.
**Searches all logs that match the search key.

Syntax in case the search key has a numeric value (keyword.n)

The following syntax is supported only when the search key is in keyword.n format.

  • Search values must only be numbers.

  • No prefix is attached to the value of the .n keyword. All keywords other than .n must be attached with a prefix.

    For example, +>searchValue is invalid.

Syntax typeDescriptionExample
>searchValueSearches for the logs containing values greater than the search value.response_time.n>3000
>=searchValueSearches for the logs containing values greater than or equal to the search value.response_time.n>=3000
==searchValueSearches for the logs containing the same search value.response_time.n==3000
!=searchValueSearches for the logs that contain values different from the search value.response_time.n!=3000
<searchValueSearches for the logs containing values less than the search value.response_time.n<3000
<=searchValueSearches for the logs containing values less than or equal to the search value.response_time.n<=3000

Content highlight area

The highlight function is provided to easily identify the desired keywords among the log data.

Live tail contents highlight

  • In the Leader line a keyword field, enter a keyword to highlight, and then click Search iconSearch.

    e.g. select

  • As shown in the example, the keyword within the content is highlighted in the Leader line b log list.

  • You can filter by single or multiple keywords.

  • If you select Full screen icon Full screen, the logs and timestamps appear in the full screen.

Multi-keyword condition

When highlighting with multiple keywords, write as follows:

String to inputDescriptionResult
a b cSeparate each keyword with a space.a, b, c
"Whatap is good."To include spaces in keywords, wrap them in '' or "".Whatap is good.
"Whatap\\ is good."If \ is included in the keyword surrounded by "", enter it as \\.Whatap\ is good.

Setting the highlight color

By selecting Icon Highlight, you can set the keyword and its color for highlighting.

Highlight

  • In addition, enter the keyword to set the color for.

  • If you click Color on the left of the input field, available colors appear.

  • Basically, different highlighting by the level (WARN, ERROR, FATAL) is applied.

  • The settings are saved in Project Rules.

Table settings

  • Right of the area Table settings menu is available in Live Tail, Log search, and Log Trend.

  • Icon If you select Table settings, the Add a Column and Table Content Setting options appear.

    Log Table setting

    1. Column Settings

    • Add a Column: You can add a column to the table by selecting a tag.

    • Set column order: If a column is added, the column is added to the column sequence setting. Drag a desired column to change the column order.

    1. Table settings

    Log Table Content Setting

    • Content display or not

      • The checked items do not appear in the table. By default, both Log and Tag are all checked to display two items.
      • If you deselect the Tag as follows, the log's Tag does not appear in the table.

        Log table tag invisible

    • Tag Management

      • When you add a tag in the tag management list, the log tags are listed in the added order. The sequences of tags can be changed by dragging.
      • If you disable an added tag, the disabled tag does not appear.
Note

Live Tail, Log Search, and Log Trend menus within the same project share the table settings.