Docs > Configuration > Log Analytics > Exploring Log Data

Exploring Log Data

  1. To visualize the log data, start by selecting the Data Store and Table you intend to analyze from the dropdown menu, and click on Start a New Analysis button.

    • 💡Note: Instead of displaying raw table names on the log analytics pages, the system now displays user-friendly labels for better readability..

2. Now, you can choose the time range. By default, it will show data for the last 1 day.

    • For example, let’s select the time range of the Last 2 days.

3. Once these selections are made, the trend chart and table on the right-hand side of the screen will display values based on the chosen time range

4. Alternatively, if we toggle the live data, it will showcase the latest 500 records from the last 5 minutes.

Visualizing Logs and Patterns

  1. If we look closely at the trend chart, at the top it represents the total number of logs present in the table in the selected time range i.e., Document Count Trend (Approx 1 Lakhs). The Area Chart component enhances the ability to dissect data directly from the graph.

  1. Under the Columns section, select the desired columns to be displayed on the table, for example, we are selecting the “log level” and “module”. On the right-hand side, it will be reflected on the table.

3. In addition, columns can be easily rearranged by dragging them once they have been selected.

4. To check the most frequent values of a particular field in the column, click on the horizontal ellipsis associated with the specific field listed in the Columns section.

5. On clicking, it will showcase the top five values in that column. For instance, if we click on the module field, it will display the top five values in the column, each value representing the numerical value indicating its frequency along with the total percentage of that value acquired in the column.

💡NoteColumn section expansion can be done for all the fields except message because it is unique, descriptive, and unquantified.

6. You can utilize both the filter and filter out options for any specific value to refine the values within the column.

    • Filter for value: This allows you to show the filtered value in the columns. For instance, if you want to filter ‘vuAlert’ in the module field, you can click on the Filter for value option.

    • Filter out value: This feature enables you to display all values except the filtered one in the columns. For example, if you wish to exclude ‘vuAlert’ from the module field, you can select the Filter out value option.

Querying For Logs

There are  two methods available for searching and querying logs:

  1. Using VQL-based Text Queries in Search Bar: You can enter VQL (Vunet Query Language) based text queries directly into the search bar to retrieve specific logs matching your criteria.
  2. Using Filter Operations in Filter Menu: Alternatively, utilize the Build filter menu to construct queries using filter operations. This method allows you to incrementally build simple or compound queries, providing a robust interface for log analysis.

In both cases, these methods enable the creation of powerful queries that facilitate detailed log analysis.

Build Filters

  1. The Build Filter option located next to the search box allows you to add filters. By clicking ‘Add Filter,’ you can select columns and operators to filter specific logs in the table

💡Note:You can add multiple filters at a time by clicking on ‘Add Filter’ more than once. Additionally, even if the columns are not selected in the table, you can still run the search for the particular columns.

2. Please note that the log_uuid filter is no longer supported.

3. For instance, you can search a string-type field such as ‘module’, choose the operator ‘Contains’, specify the term as ‘Vusearch’, and then click on Apply.

4. The filter will be applied successfully and will be visible at the top left below the search bar.

5. You can add multiple filters simultaneously, and each filter will display alongside one another.

💡Note: If multiple filters are added simultaneously, they will operate as an AND operation. Similarly, if you add multiple filters and use VQL separately, the combined filters and VQL will also operate as an AND operation.

6. By clicking on a specific filter, you can modify its configuration, delete the query, or temporarily disable the query.

7. The Filter Actions button on the left allows you to enable, disable, or delete all filters directly.

Using Text Queries in the Search Box

  1. Text-based query syntax can be used in the search box to interact with the system for analytics.
  2. Users can type in VQL-based text queries in the search box and the system will display matching log patterns.
  3. The search box is designed to provide suggestions based on the user’s search history. It will display the ten most recent searches to assist users in finding relevant information quickly.

4. In addition, the platform supports additional query syntax including compound expressions to interact with the logs.

5. For more detailed information, please refer to the VQL page.

Columns Sidebar Toggle

The Columns toggle allows you to control the visibility of the sidebar. By default, the sidebar is visible when the page loads unless there is specific reason to hide it. The Columns toggle, which is enabled by default, lets users hide the sidebar by switching it off. This feature offers flexibility for those who prefer a more streamlined view of the logs without the column options sidebar.

Expand Logs

This allows multiline data, like log messages, to be displayed within cells. Users can expand rows to see specific lines of the log message, although messages longer than approximately four lines will be truncated.

Surrounding logs

  1. When you click the ‘Surrounding Logs‘ button in the Actions column for a specific log in the table, it displays logs that surround the selected log.
  2. This includes the hundred log lines chronologically preceding and following the selected log. Reviewing these surrounding logs helps in understanding the context of the system logs generated around the time the selected log was produced.

💡Note: Any applied filter will be automatically disabled when checking the surrounding logs.

3. The surrounding logs are located by:

    • Temporarily disabling any filters applied.
    • Locating 100 log lines chronologically preceding and succeeding the log line selected
    • While locating the surrounding log lines, the system preserves any table-level filters applied.

💡Note: If all applied filters are disabled when viewing surrounding logs, users can still mute/unmute existing filter pills by clicking on them.

4. Additionally, you can’t add or edit any filters in surrounding logs. Please be aware that any changes to columns selected to be shown on the table from the left side will not be preserved when returning to the main page from the surrounding logs view.

For details on saving, sharing, and exporting searches in Log Analytics, please refer to the Saving and Sharing Searches section

Further Reading

Resources

Browse through our resources to learn how you can accelerate digital transformation within your organisation.

Quick Links