Skip to content

Latest commit

 

History

History
389 lines (287 loc) · 16.7 KB

use-logs-ui.mdx

File metadata and controls

389 lines (287 loc) · 16.7 KB
Raw
title tags metaDescription redirects
Use Logs UI
Logs
Log management
UI and data
How to use the Logs UI in New Relic to explore your data.
/docs/explore-your-data-new-relic-logs-ui
/docs/logs/new-relic-logs/ui-data/explore-your-data-new-relic-logs-ui
/docs/logs/log-management/ui-data/explore-your-data-new-relics-log-analytics
/docs/logs/log-management/ui-data/explore-your-data-log-analytics
/docs/logs/log-management/ui-data/explore-logs-data
/docs/logs/log-management/ui-data
/docs/logs/log-management/ui-data/use-logs-ui
/docs/logs/log-management/ui-and-data

import logsLogsUi from 'images/logs_screenshot-full_logs-ui.png'

import logsPatterns from 'images/logs_screenshot-crop_patterns.png'

import logsLogDetails from 'images/logs_screenshot-crop_log-details.png'

import logsSurroundingLogs from 'images/logs_screenshot-crop_surrounding-logs.png'

import logsDtLogs from 'images/logs_screenshot-full_dt-logs.png'

import logsTracesinContext from 'images/logs_screenshot-crop_traces-in-context.png'

Use our Logs UI to:

  • Spot interesting or significant patterns in your logs.
  • Examine more context around a particular log line.
  • Explore and manipulate your logging data with filters and parsing rules.
  • Query and share the data with charts, add to dashboards, etc.
  • Organize your account's log data, and optimize query performance with data partitions.
  • Set up alert conditions for problems you want to prevent.

To stay up to date with new capabilities and improvements, subscribe to our RSS feed for Logs release notes.

Screenshot of Logs UI with details

**[one.newrelic.com](https://one.newrelic.com/all-capabilities) > Logs**: To explore and manage your logs, use the left nav. To view detailed information, click any log line.

Find the logs UI [#find-ui]

To find the logs UI, from one.newrelic.com, select Logs.

Explore your log data [#ui-workflow]

Use the left nav in the Logs UI as an easy workflow through all logs, attributes, patterns, live-tail logging, and queries. Manage your log data by dropping or parsing data, creating data partitions, and setting up alerts. Hash or mask any sensitive data in your logs with obfuscation expressions and rules. Get more details about specific logs and their attributes from the center nav.

To explore your logging data, follow this basic workflow.

Go to our Logs UI at one.newrelic.com > Logs.

If you use our EU region data center, go to one.eu.newrelic.com > Logs.

If you have not customized your New Relic navigation bar, go to one.newrelic.com, click Browse data, and select Logs.

<Collapser id="workflow-patterns" title="2. Look for patterns."

Screenshot of Log patterns UI

  • To spot suspicious spikes or drops in log messages, click Patterns on the left nav.
  • To look at logs for a specific time period, click that point (or click and drag an area) on the chart, or use the time picker.

<Collapser id="workflow-focus" title="3. Narrow your focus."

The left nav includes options to help you narrow the focus of your initial search results or to quickly find outliers.

  • If you're not sure where to start, click Attributes on the left nav, then select additional values as needed. For example, if a host listed under the hostname attribute is generating significantly more error messages than the others, select that value to apply it to your search.
  • To make your log messages easier to query and understand, use our built-in parsing rules, or create your own parsing rules for attributes that match a particular value.
  • To manage the amount of log data collected and to store fewer logs, create drop filter rules that avoid collecting data you don't need.

<Collapser id="workflow-details" title="4. Examine log details."

Screenshot of Log details UI including severity level

If applicable, log messages indicate a severity level (INFO, DEBUG, etc.). Select a log message to view its details as a table of attributes or as JSON.

  • To see which attributes are included in a log message, click the log line.
  • To help troubleshoot problems related to a specific value in the log details, show surrounding logs for the attribute's details.
  • To get more details in extremely long messages, expand the data stored as blobs.

<Collapser id="workflow-search" title="5. Query and search."

By default, the Logs UI shows all your logs, but you can also search with keywords or phrases to find the results you want. For example:

process failed

You can also use the search field with type-ahead dropdowns to select an attribute, operator, and value. For example:

service_name equals my service

To help your query focus on the details you need, add or remove attributes by doing either of the following:

  • On the left nav, select Attributes, select the values you want, then click Query logs.
  • On the logs table, click the + icon to add an attribute, then click on it to add it to the query.

For more information, see the logs query syntax documentation.

<Collapser id="workflow-related" title="6. Get related logs."

Focusing on the most useful logs can help you with:

  • Optimizing performance: To organize data within an account and to optimize query performance, create data partition rules.
  • Reviewing deployments: To immediately see how your system responds to deployments or other app changes, enable live-tail logging.
  • Bypassing unrelated details: To view all the logs for a specific value, review the attributes list in the Log details for the selected log, then continue to add or remove attributes as needed.
  • Finding the root cause: To help identify an issue's root cause before it occurred or its impact after an event, click ... in the Log details to show surrounding logs.
  • Getting more context: To see logs related to other telemetry data for your apps and hosts, use logs in context.

<Collapser id="workflow-related" title="7. Dive deep into distributed traces."

Once you've narrowed down the set of logs with filters and then opened a specific log, you can see related distributed traces. As long as you've set up distributed tracing and there are sampled traces related to logs, you'll see an option to view them. This is a quick way to view trace information without going to the main distributed tracing page.

If you open the **Log details** pane and see a **Distributed trace** section, you have two options to view span traces in a waterfall view:

* Click directly on the trace name or click the icon with an arrow on the right, which opens up the waterfall focus view that highlights trace spans with errors.
    <img
      style={{ align: "left",width: "85%" }}
      title="Screenshot showing how to reach the log details page"
      alt="Screenshot showing how to reach the log details page"
      src={logsTracesinContext}
    />
* Click **Explore** to open an unfiltered waterfall where you can click through all the spans.

<Callout variant="tip">
  If you need help using the trace waterfall, see [Understand and use the distributed tracing UI](/docs/distributed-tracing/ui-data/understand-use-distributed-tracing-ui/).
</Callout>

<Collapser id="share" title="8. Share your findings."

Use any of the core New Relic UI functions (specific account, time range, metrics and events, query builder, etc.) to share the data with charts, add to dashboards, etc. For more information, see the examples in this document.

UI Permissions [#ui-permissions]

By default core and full users have unlimited access to all features in the Logs UI. Basic users will have access to only some of the Log UI features. The list below outlines the Logs UI capabilities for basic users.

Included for Basic Users:

  • Ability to search for logs
  • Ability to view log patterns, parsing rules, partitions, drop filters, and obfuscation rules and expressions for our Data Plus customers.
  • Ability to create drop filters
  • Ability to create private views

Creating drop filters can also be limited by restricting the NRQL Drop Rules capability. A custom role can be created to restrict this capability and added on to the basic users if required. This drop rule capability is outlined here in our capability defintions:

Save your views [#saved-views]

You can save your logs query, table configuration, time range, and attribute grouping in a saved view, so that you can quickly return to it later. To save a log analytics view after you've configured the view:

  1. Click Saved views in the Logs UI left nav, then click Save current view.
  2. Give your saved view the name you want for it to be listed in the Saved views list.
  3. Select which aspects from the current view you want to save.
  4. Select the permission level if you want others to view or edit, then save this view.

Examples [#examples]

Here are a few examples of how you can use the Logs UI to get detailed information.

You can create alert conditions directly in the Logs UI: 
1. Go to **[one.newrelic.com](https://one.newrelic.com/all-capabilities) > Logs**.
2. Search for results that you want to alert on; for example, `service_name:"your service" "fatal error"`.
3. From the **Manage data** section on the left nav, click **Create alert condition**.
4. Complete the **Create an alert condition** section, then review the NRQL query that will power the alert condition.


After you save the alert condition, you can view it in the alerts UI, where you can make additional changes as needed.

<Collapser id="dashboard" title="Add log charts to a dashboard."

From the **Logs** UI, you can add log data as a [table widget](/docs/query-your-data/explore-query-data/use-charts/chart-types/#widget-table) to a dashboard. You can also create log tables with metrics and events or the query builder in New Relic.

1. Go to **[one.newrelic.com](https://one.newrelic.com/all-capabilities) > Logs**.
2. Select a saved view. Or, search for results you want to plot; for example, `service_name:"checkout service" "process failed"`.
3. Click **Add to dashboard**, then fill out the details to add the log chart as a table to an existing or new dashboard.

Then, from your dashboard you can:

* Use standard dashboard widget functions, such as copying, editing, deleting, etc.
* Click any log row to show details about it.
* Update your query to add more columns.
* Query log data from other available accounts, and add more charts (for example, as comparative data) to your dashboard.
* Click **Open in logs** to go directly to the **Logs** UI for additional troubleshooting.

<Collapser id="troubleshoot-error" title="Troubleshoot an error (logs in context)."

To have a better understanding of what was happening on the host at the time an error occurred in your app, you must be able to see [logs in context](/docs/logs/logs-context/configure-logs-context-apm-agents/). Then, to troubleshoot related errors:

1. Go to **APM > Errors inbox** or **APM > (select an app) > Events > Error analytics**, and select an error trace.
2. From the error trace details, click **Open in logs**.
3. Browse the related log details.
4. To identify the host generating the error, click **...** for your choice, then click **Show surrounding logs**.


<img
  title="APM Errors inbox UI with logs"
  alt="Screenshot of APM Errors inbox UI with logs"
  src={logsSurroundingLogs}
/>

<Collapser id="troubleshoot-latency" title="Troubleshoot latency (logs in context)"

To troubleshoot latency this way, you must be able to see [logs in context](/docs/logs/logs-context/configure-logs-context-apm-agents/). Then, to have a better understanding of how your systems were operating when performance noticeably slowed:

1. Go to **[one.newrelic.com](https://one.newrelic.com/all-capabilities) > APM & services > (select an app)**.
2. From the app's **Summary** page, click **Distributed tracing**, then select a particularly slow trace.
3. From the trace **Details**, click **Logs**.


<img
  title="APM Distributed tracing UI with logs"
  alt="Screenshot of APM Distributed tracing UI with logs"
  src={logsDtLogs}
/>

Links to logs in New Relic [#links]

Depending on your New Relic subscription, you can access your logs from several places in the New Relic UI. For some of these options, you must be able to see logs in context.

Let your app's agent forward log data directly to New Relic with [APM logs in context](/docs/apm/new-relic-apm/getting-started/get-started-logs-context). No need to install or maintain additional third-party software! 
  <th>
    Do this...
  </th>
</tr>

  <td>
    * Go to **[one.newrelic.com](https://one.newrelic.com/all-capabilities) > Logs**.
    * EU region data center [(if available)](/docs/using-new-relic/welcome-new-relic/get-started/our-eu-us-region-data-centers/): Go to **[one.eu.newrelic.com/](https://one.eu.newrelic.com) > Logs**.
  </td>
</tr>

<tr>
  <td>
    From your app in APM
  </td>

  <td>
    Go to **[one.newrelic.com](https://one.newrelic.com/all-capabilities) > APM**, select an app, then use any of these options:

    * **Triage > Logs**
    * **Triage > Errors inbox > (select an error) > Logs**
    * **Events > Errors > (select an error) > See logs**
  </td>
</tr>

<tr>
  <td>
    From distributed tracing
  </td>

  <td>
    Go to **[one.newrelic.com](https://one.newrelic.com/all-capabilities) > APM & services > (select an app) > Distributed tracing > (select a trace) > Logs**.
  </td>
</tr>

<tr>
  <td>
    From a host in your infrastructure
  </td>

  <td>
    Go to **[one.newrelic.com](https://one.newrelic.com/all-capabilities) > Explorer** or **Infrastructure > Hosts > (select a host) > Logs**.
  </td>
</tr>

<tr>
  <td>
    From Kubernetes
  </td>

  <td>
    Go to **[one.newrelic.com](https://one.newrelic.com/all-capabilities) > Explorer > Kubernetes cluster explorer > (select a cluster) > (select a pod or container) > See logs**.
  </td>
</tr>

<tr>
  <td>
    From an entity
  </td>

  <td>
    Go to **[one.newrelic.com](https://one.newrelic.com/all-capabilities) > Explorer > (select an entity) > Logs**.
  </td>
</tr>
To view logs...
Directly from the Logs UI

If you haven't already, create your free New Relic account below to start monitoring your data today.