This guide presents the various functionalities and features of the Coralogix Explore Screen.
Filters and Queries
The Filters section is on the left of the Logs tab. It enables the selection of specific values to be queried per filter. Under the SAVE VIEW button you will find the following filters: ADD FILTER, Teams, Application, Subsystem, and Severity.
ADD FILTER – Filters on keyword fields can be added by clicking the ADD FILTER button at the top of the filter section. Filters can also be added by clicking on a JSON field and selecting ADD TO FILTER LIST in the dropdown menu.
Teams – View logs from other teams, if there are multiple teams available.
Application – Filter based on the logs’ inherent Application value.
Subsystem – Filter based on the logs’ inherent Subsystem value.
Severity – Filters logs by severity levels, which are color-coded.
The Filters section shows the count-per-filter value. It will also provide a way to generate a count distribution graph for the filtered key.
Time Selection
The time range of a query can be set, using the Date Range dropdown on the upper right side of the browser window:
This section will default to showing results for the last 15 minutes, and can be changed and filtered by the following:
Tags – This method allows you to search for an application tag and find all logs associated with it.
Custom – Choose an absolute date/time range to filter.
Relative – Choose a time window between (current time – t1) and (current time – t2) Intervals are set in hours, minutes, and seconds.
Quick – Select a predefined query interval with one click. Intervals are set in minutes, hours, and days.
Dragging the mouse across a section of the logs flow graph will zoom into the previous query time range and set a new time interval.
Search Queries
Search queries are conducted mainly using the “Search logs” entry field. You can read about queries in greater detail here. The new logs screen menu options help you build queries based on the log fields. When clicking on a json field value a drop-down menu will open:
In this example, clicking on the option “INCLUDE IN QUERY” will add the expression ‘exists: “resource.attributes.k8s.container.name”’ to the query. Choosing the exclude option will add the expression ‘NOT exists: “resource.attributes.k8s.container.name”’ to the query.
You can also copy the complete JSON path to the clipboard, which can help in building query expressions.
Additionally, if you use the browser search function (Win: Ctrl+F, Mac: Cmd+F) while in the Search Query area, an embedded search box will appear, which will allow you to search through your query for specific terms.
Clearing a Query
Clicking on the x to the right of the query string will delete the query string but will not affect the rest of the query parameters (filters and time window).
Logs vs Archive Queries
Above the Filters section on the left, queries default to ‘Logs’. The ‘Archive query’ allows you to query the data in your S3 archive directly from the Explore screen.
Queries for log data are in Lucene, with an option to use DataPrime if an S3 archive is connected. You will find the tabs for both groups on the left, above the filters:
Logs and Visualizations
Data Types and Formatting
Below is a view of the logs section that appears on the Explore Screen:
There are four tabs to the top left in this section:
Logs – Log query results.
Templates – Loggregation templates, which are logs that are automatically identified and clustered into the same type/origin.
DataMap (BETA) – View and compose maps that combine infrastructure metrics, business metrics, and log data
On the top right panel, there are five options:
Reset – Clears all query parameters (including filters).
Create Alert – This button will bring up the Create Alert prompt, for creating User-Defined Alerts.
Row Formatting – Change the format of how the logs are displayed.
1-Line – logs are condensed into one line.
2-Line – logs are condensed into two lines.
Condensed – the entire log is visible in wrapped format.
JSON – the default view where JSON objects are parsed.
List – presents log data in an easy-to-read list of key-value pairs.
Custom Views
Custom views helps organize specific, relevant log information, as well as views that help other users work and retrieve important data more efficiently.
A View is defined as a query that creates the initial logs set that the view starts with, and columns that define the log data that is visible. “Text” is a special column (or field) that holds the entire log (including metadata). Every field can be removed or added to a view.
The Text column can also be used to personalize the JSON layout with fields, by clicking the column icon, by the { } TEXT header. This will open a menu that allows you to select the fields you want to see, which allows you to save with your view:
Adding a column can be done by clicking on a JSON field and choosing the ADD AS COLUMN option from the dropdown menu. Part of arranging columns to view data, a JSON field can be viewed separately as a custom JSON column.
Note: This menu is also available when clicking on the three dots icon ‘…’ that appears when you mouse over the log number:
Expand Log Text
If the log is in a view that can be expanded, clicking the arrow ‘>’ icon or double-clicking on the log will expand and show the entire log message.
COLUMNS Button
Clicking on the COLUMNS button will open the Manage Columns window. There, fields can be arranged between two lists by dragging them. The APPLY button will update the columns on the logs screen. The Manage Columns window an also be accessed from the SETTINGS menu.
SAVE VIEW Button
The SAVE VIEW button will save the current settings and customizations of the Explore Screen for usage at a later time. This will open a window with options to give the view a name, as well as save the query and filter settings. There is also an option to save the current view as default.
The Private/Shared option allows the view to be kept private or shared between team members.
CONTENT Column
New! Coralogix now offers a CONTENT column, which displays selected keys from your logs, improving visibility for your log’s most important data.
Manage the values displayed in the CONTENT column by clicking on the column settings icon by the CONTENT header. This will open a menu that allows you to select keys known as a Content Keys, used to detect the content in your logs. Use the keys available or add to this list.
Content Keys should contain the string value of one of the existing keys in your logs (i.e. message, msg, log, k8s.log). Content for each log will be extracted according to a predefined ordered list of Content Keys that you create.
Once you have inputted your Content Keys, click APPLY. Edit this list as necessary.
Support
Need help?
Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up.
Feel free to reach out to us via our in-app chat or by sending us an email at [email protected].
Oh no!We didn’t find anything for “”,
