Skip to content

logs-search-hf.adoc

Latest commit

 

History

History
377 lines (278 loc) · 15.8 KB

logs-search-hf.adoc

File metadata and controls

377 lines (278 loc) · 15.8 KB

Searching for Logs

Get logs on your Mule apps from Anypoint Monitoring. On US and EU Clouds, Anypoint Monitoring aggregates log files so you can manage, search for, filter, and analyze your logs. These features support:

  • Comparative analysis and pattern identification across Mule apps

  • Focused log searches to isolate key data

  • Shared log searches and CSV downloads

Log Search UI

  1. Search for log fields to display or remove from the log Results table. Hover over a field name to add or remove the column, and to display top-5 values from the field.

    • Selected fields: Lists columns added to the log Results table.

    • Available fields: Lists columns you can add to the log Results table.

  2. Search for specific words in log fields, including log Message fields. Use (Save) to save named searches for future use, and to select, update, or delete saved searches. When searching, try a whole-word search if a partial word search does not return a result.

  3. Set the time range for logs in the Results table using the clickable (Calendar) or date range. If you select a relative or absolute date range, the Refresh button toggles to an Update button to use for applying your date range.

  4. Refresh is for manually refreshing the logs in the Results table.

    To set an auto-refresh rate in seconds, minutes, or hours, use (Calendar), and configure the Refresh every setting.

  5. Create and use search filters. Filters persist only if you save them.

  6. Review log counts by the selected date range. Timestamp units vary depending on the date or time range you select. The longer the range, the longer the timestamp period on the horizontal axis, which can display averages over 30 second, 12 hour, or weekly intervals, for example.

  7. Use the Results table to review the results of your log search. You can also use Download as CSV to download up to 10,000 rows of log data.

  8. Filter by the value in a cell of the Results table by hovering over the cell and clicking to add (+) or remove (-) the filter.

Search for Logs

Use Log Search to capture the logs you want to review. You can use the Search bar, a filter (including filters created with Query DSL), or combination the Search bar and a filter.

Query Logs from the Search Bar

Use the Search bar with or without search filters to capture the logs that you want to review.

  1. Select an absolute or relative date-time range to review.

    For date-time range , see Select a Log Date and Time Range.

  2. Optionally, add or remove columns (available fields) from the log Results table.

  3. Provide a search query using any of these methods:

    • Provide a query in the Search bar:

      • Use words or quotes around multiple words or strings with special characters, such as "HTTP GET", "ab12c345-abc6-789d-e1fa-b124c5de6789", or "https://api.mycompany.com:443".

        Without quotes, multi-word searches are treated as the query HTTP OR GET, where OR is a logical operator, and special characters can affect the search. For partial word searches, you can use pattern matching characters in your search, such as myap*, or appId: mya?p.

      • Use a field identifier to search within a specific log field, such as appId: myapp for an application named myapp.

      • Use logical operators, such as appId=myap* AND `"forbidden (403)".

      • Escape special characters that aren’t surrounded by

        For a list of supported operators, see Boolean Operators.

    • Use filters as needed to narrow or expand the scope of log results.

      For guidance, see Use Search Filters.

  4. Review search results in the Results table:

Expanded Log Message

  1. To expand log entry and view log fields, click > in the Time field for a log entry.

    The arrow head points down () after you click it.

  2. The expanded log (Expanded document) includes Table and JSON views.

  3. For long, truncated log messages, use Table view to get full message by clicking the > in table’s Message field.

  4. Get more context on the log by clicking View surrounding logs and specifying a number of logs that precede and follow your log, or use View log to open the log entry in a dedicated page.

For more detail, see log-search-query-syntax.adoc.

Use Search Filters

Create, edit, and apply log search filters. You can use selectable fields and operators, or you can use the JSON-based OpenSearch Query Domain-Specific Language (Query DSL) for more complex filters. To save a filter for future use, see Save and Apply Saved Log Search Queries.

Create a Basic Filter

For filters that have

  1. Click Add filter.

  2. Select a log field name, or use the field’s identifier (such as appId) for Query DSL filters.

    See Log Field Names for log fields and identifiers.

  3. Select an operator, and provide any required operands:

    • is: Contains the value you provide

      • Example: Application is my-app

      • Filter label: appId: my-app

    • is not: Doesn’t contain the value you provide

      • Example: Application is not my-app

      • Filter label: NOT appId: my-app

    • is one of: Contains a match a value in the list of values that you provide

      • Example: Application is one of my-app another-app yet-another-app

      • Filter label: appId: is one of my-app another-app yet-another-app

    • is not one of: Doesn’t match any value in the list of values you provide

      • Example: Application is not one of my-app another-app yet-another-app

      • Filter label: NOT appId: is one of my-app another-app yet-another-app

    • exists: Identifies a field that contains a value

      • Example: Class exists

      • Filter label: class: exists

    • does not exist: Identifies a field that contains an empty value

      • Example: Class does not exist

      • Filter label: NOT class: exists

  4. Optionally:

Create a Filter with Query DSL

You can use OpenSearch Query DSL to create a filter. To learn the basics of Query DSL, see Query DSL in the OpenSearch documentation.

  1. Click Add a filter.

  2. Click Edit Query DSL.

  3. Provide your query, and click Save.

    This example shows a query for log-level INFO:

    {
  "query": {
    "match": {
      "log-level": {
        "query": "INFO",
        "type": "phrase"
      }
    }
  }
}

    This example shows a complex query that retrieves worker ID values greater than 0 and less than 20.

{
  "query": {
    "range": {
      "workerId": {
        "gte": 0,
        "lte": 20
      }
    }
  }
}

For more information, see valid Query DSL field names.

Use Top 5 Log Field Values to Create a Filter

Get a list of top-5 log values from the list of fields used for columns in the Results table. For example, you can get a list of the top-5 apps or log messages ranked by the percentage of matches, such as 19% of log messages that match.

Top 5 Application Fields Example

  1. Hover over a field, such as Application, from the list of log field names.

  2. Click (Top 5) to open the list of top-5 values for the field.

  3. Click + (Add) to create a search filter for this value.

  4. Optionally, save the search filter for future reuse.

From a value in the top-5 list, you can also create a filter that includes (+) or excludes (-) a top-5 value, such as including your app (appID: myapp) or excluding your app (NOT appID: myapp).

Select a Log Date and Time Range

By default Logs Search retrieves the last 15 minutes of logs. You can use and absolute or relative the date-time range:

  • Absolute: Specific date and time to start and end the search. The end time default to now.

  • Relative: A configurable number of seconds, minutes, hours, days, weeks, months, or years before (such as Days ago) or after (such as Days from now) the current date and time.

To select the date-time range, use any of these options:

  • Click (Calendar), and use Quick select or Commonly used options:

    • Select the last number of seconds, minutes, hours, days, weeks, months, or years

    • Select a commonly used option, such as Today, This week, last number of minutes, hour, or days, Last 1 year.

  • Click Show dates or the date-time range in Logs Search:

    • Click Absolute to pick a specific start date and time for your log search.

    • Click Relative, and set a number of seconds, minutes, hours, days, weeks, months, or years from now for your log search.

      You can opt to round to the day.

Refresh Log Data (Manually and Automatically)

You can refresh log data manually and on a regular basis:

  • To refresh manually, click Refresh.

  • To auto-refresh on a regular basis:

    1. Click (Calendar).

    2. Under Refresh every, provide a number and time unit (seconds, minutes, or hours), such as 5 minutes.

    3. Click Start to initiate the autorefresh process.

Download Log Results as a CSV File

Download log search results for up to 10,000 log records into a CSV file.

  1. Add fields that you want in your report to the log Results table.

    For guidance, see TODO_TODO.

  2. Run your search query.

    For guidance, see TODO_TODO.

  3. Click Download as CSV.

Save and Apply Saved Log Search Queries

Save search queries as reusable filters. After using a saved search query, you can clear the query filter so that it doesn’t affect search results. You can also permanently delete a saved search.

  • To save a search:

    1. Run a search query that you intend to save.

      For guidance, see TODO_TODO

    2. Click (Save).

    3. Click Save as new.

    4. Provide a name for your search, and click Save

  • To use a saved search:

    1. Click (Save).

    2. Click the saved search to apply the search.

      Notice that the search appears as a search filter.

  • To clear a saved search from a search query that is filtering your results, use either of these methods:

    • Click (Save), hover over the saved search, and then click Clear.

    • Hover the filter and click x. For example, if my saved app is a saved search, you can click x to clear it without deleting:

      Delete a Filter

      The saved filter remains available in your list of saved searches. Unsaved search filters don’t persist when you click x.

  • To delete a saved search:

    1. Click (Save).

    2. Hover over the saved search to delete.

    3. Click (Delete).

Move and Remove Columns in the Results

After adding optional columns to the log Results table, such as Application and Log level, you can move and remove them. The Time and Message columns are not removable. However, you can move Message after adding optional columns.

  • Hover over the column heading, such as Log level, to reveal column options.

    • To move a column, use the arrow to move the column to the left or right.

    • To remove a column, click the x.

    • To sort the data in the column in ascending or descending order, click its up-down arrow to toggle the sorting order.

Data Retention and Management for Logs

Log storage limits for your subscription tier determine your retention, and isn’t based on a set amount of time. For details, see Data Retention Limits.

For other limitations on logs, see Logging Data Management.

Format Customized Logs in On-Prem Servers for Proper Indexing

TODO:TODO_TODO VERIFY

Logs produced by apps with customized logging (by changing the pattern layout in the log4j2.xml file) might not get indexed correctly into Anypoint Monitoring. To ensure correct indexing, use the Mule default pattern layout, which is one of the following:

  • <PatternLayout pattern="%-5p %d [%t] [event: %X{correlationId}] %c: %m%n" />, or

  • <PatternLayout pattern="%d [%t] %-5p %c - %m%n" />

For applications deployed to CloudHub and Anypoint Runtime Fabric with customized time zones:

Don’t override the default JVM timezone for applications deployed to CloudHub and Anypoint Runtime Fabric with customized time zones. The timezone must be UTC. Changing the timezone to a local timezone causes logs to be indexed in Anypoint Monitoring with incorrect timestamps.

Reference

Get descriptions of fields and filter options:

Log Field Names

Log field names in the UI have field identifiers that appear in filters labels and saved search labels. Query DSL filters require field identifiers.

  • Application (appId): Name of the application

  • Class (class): Class name

  • Environment (envId): Environment identifier

  • Event (event): Identifier for the associated Mule event

  • Log level (log-level): Log value such as INFO, WARN, ERROR

  • Logger (logger): Name of the logger

  • Message (message): Log message

  • Timestamp (timestamp): Date and time of the a log entry

  • Worker (workerId): Identifier for the associated worker

Global Filter Options

TODO:TODO_TODO

Global filter options:

  • Enable all to enable all your filters

  • Disable all to disable

  • Invert inclusion

  • Invert enabled/disabled

Individual Filter Options

TODO:TODO_TODO

For individual filters, you can:

  • Edit filter to change the filter configuration

  • Include results to include the filter’s results in the Results table

  • Exclude results to apply the NOT operator to the filter, which excludes its results from the Results table

  • Temporarily disable to retain the filter without using it to return search results; toggles with Re-enable

  • Delete to permanently delete the filter