Scalyr Tips + Tricks

Copy and search selection

Dragging a selection of log text (or double clicking to select all) will let you right-click and copy the term. You can also narrow your search on the selected text by clicking filter for, exclude it from the current search or start a new search with it included:

Explore new terms without closing the current search

When refining a search, it's sometimes useful to duplicate the browser tab to explore new terms without losing the current search. In Google Chrome, right-click on the tab and select duplicate and continue refining in the new tab.

Use our command-line utility to download search results

The query command allows you to not only search and filter your logs, but retrieve raw log data as well. The following command lets you get the latest 1000 entries in the log tagged as source=accessLog and download them in csv format with the columns status and uriPath. scalyr query '$source="accessLog"' --output=csv --columns='status,uriPath' --count=1000

Use the Search Action Menu

Click the "Actions" button on the left hand side of the search bar to display actions you can perform on your current search. This menu lets you save a search or access previously saved searches.

  • Save search - Displays a dialog box that will save the search to either your personal or team's list of saved searches. These are available in the Search menu at the top of the page.
  • Edit search text - Edit the search field directly.
  • Start over - Erase your current search (the Search, Server/Host, and Log fields), allowing you to start a fresh search over all of your logs.
  • Get permalink - Get a link to this search.
  • Add to dashboard - Add this search to an existing dashboard, or start a new dashboard with this search.
  • Add as Alert - Create a new alerting rule, which will trigger if the number of matches to your current search goes above or below a level you specify.

Set Default Search Time Span

By default all searches are performed for the past four hours. You can customize this by modifying the /scalyr/logs configuration file. Add a defaultSearchTimeSpan property to the JSON file. The value can be any time string between 5 minutes and 4 hours; e.g. "10 minutes" or "2 hours". If you have a large log volume, using a shorter time span can speed up searches.

{
    ...

    defaultSearchTimeSpan: "20 minutes"
}

Set See In Original Log / Thread Time Window

When you click on a log line in the search page, an options bar is displayed that allows you take actions such as "Inspect Fields" or "See In Original Log". The "See In Original Log" action shows you all events from the same log file on that server/host around the time of the selected event. By default we do a search for all the events from that log file for an hour before the event you select and an hour after. To narrow your time range and speed up the results you can set originalLogOrThreadTime in /scalyr/logs with a max time of 1 hour e.g. "1 second" or "5 minutes". This would display the event in question and all other events from that log for the amount of time you specify before and after your highlighted event. If you have a large log volume, using a shorter time span can speed up searches.

{
    ...

    originalLogOrThreadTime: "30 seconds"
}