Log View

This section gives a quick introduction to the Logs view, which is where you can view individual logs and aggregate multiple servers or logs, and search through logs. This is just a brief overview; for a detailed description of all the powerful features provided by the log view, see Log View Reference.

(1) To search for a specific word or phrase, type it here. Numbers, punctuation, or phrases must be enclosed in quotes. Example searches: error, "503", "customer 1309". See Query Language Reference for a full description of the Scalyr query language.

(2) When you enter a search term, it's packaged into a "chiclet". Click on the chiclet to edit your search, or click the ‘X' to delete that term.

(3) Click here to specify the time range to search. The following options will appear:

(3a) Click on a preset to quickly search that time range.

(3b) Enter the start time for your search. You can enter a time (e.g. 14:30 or 5:05 AM), a date (May 23), or date and time (5/14/2016 2:00 PM), using a wide variety of date and time formats. You can also enter shortcuts like 5h to indicate five hours ago. See Time Syntax Reference for a complete list of options.

(3c) Enter the end time for your search. You can use any of the formats supported by the From time. You can also enter a shortcut beginning with + to specify the amount of time you'd like to search, e.g. +24h or +1d to search a one-day period beginning at the From time.

(4) Click these buttons to scroll to the beginning or end of your time range.

(5) Use this button to continuously view new log messages matching your search. See Live Tail Reference for details.

(6) Use these fields to search a specific server or log file. You can use * as a wildcard at the beginning or end (but not the middle) of a name.

(7) The bar chart shows how many log messages match your search in each time period. You can use it to look for spikes in log volume.

(8) Click "Show Graph" to generate a larger graph of the number of matching log messages. This will give you access to the complete set of graphing tools.

(9) This marker indicates what time period you're scrolled to in the log view. Click anywhere in the bar chart to jump to that point in time.

(10) This area shows the log messages matching your search. You can scroll horizontally to view long messages, and vertically to move through your selected time range. To jump to a specific point in time, click the appropriate spot in the bar chart.

(11) You can also jump to a specific point in time by typing the desired time in this field and pressing Enter.

(12) Select some text to bring up additional options. From here, you can:

  • Click "Filter For" to restrict your search to messages containing the selected text.
  • Click "Exclude" to restrict your search to messages that don't contain the selected text.
  • Click "New Search For" to discard your current search and display all log messages containing the selected text.
  • Click "View Details" to see more information regarding this log message.
  • Click "See In Original Log" to view the raw log file where this message originated.

(13) This area lists the fields Scalyr's parser has found in the log messages matching your search. By default, it shows the most common fields, limited to the number that will fit in your window ("Top Fields"). Click the dropdown and switch to "All Fields" to view all fields; then use the Prev/Next buttons to navigate through the alphabetical list. The number next to each field indicates how many distinct values appear in that field. (If there are more than a few hundred distinct values, the number shown will be an estimate.)

Click on any field to view the most common values in that field:

You can click on any value to restrict your search to log messages having that field value. For numeric fields, click the "Graph Values" button to display a graph of that field (see Graphs). Or click the "Distribution" button to display the distribution of values in that field (see Distributions).

(14) Click on the Display button to open the Log View Settings dialog. There you can limit the fields that will be displayed in the list of log messages, or choose to show/hide other general event data like the timestamp or server/host. If you make changes and hit 'OK' those settings will remain in effect as long as you stay on the search page. Once you leave the search page, those changes will be lost. If you find that every time you go to the search page that you always choose the same few fields to be displayed, or never want to see the server/host for example, you can make the changes you want then click Save As Default. This will save those settings permanently until you modify them in the future.