diff --git a/modules/ROOT/assets/image-source-files/logs-calandar-icon-hf.graffle b/modules/ROOT/assets/image-source-files/logs-calandar-icon-hf.graffle new file mode 100644 index 00000000..02ca239f Binary files /dev/null and b/modules/ROOT/assets/image-source-files/logs-calandar-icon-hf.graffle differ diff --git a/modules/ROOT/assets/image-source-files/logs-column-options-hf.graffle b/modules/ROOT/assets/image-source-files/logs-column-options-hf.graffle new file mode 100644 index 00000000..2501b862 Binary files /dev/null and b/modules/ROOT/assets/image-source-files/logs-column-options-hf.graffle differ diff --git a/modules/ROOT/assets/image-source-files/logs-delete-filter-hf.graffle b/modules/ROOT/assets/image-source-files/logs-delete-filter-hf.graffle new file mode 100644 index 00000000..9fb34070 Binary files /dev/null and b/modules/ROOT/assets/image-source-files/logs-delete-filter-hf.graffle differ diff --git a/modules/ROOT/assets/image-source-files/logs-delete-icon-hf.graffle b/modules/ROOT/assets/image-source-files/logs-delete-icon-hf.graffle new file mode 100644 index 00000000..0546cdcf Binary files /dev/null and b/modules/ROOT/assets/image-source-files/logs-delete-icon-hf.graffle differ diff --git a/modules/ROOT/assets/image-source-files/logs-message-expanded-hf.graffle b/modules/ROOT/assets/image-source-files/logs-message-expanded-hf.graffle new file mode 100644 index 00000000..515286e4 Binary files /dev/null and b/modules/ROOT/assets/image-source-files/logs-message-expanded-hf.graffle differ diff --git a/modules/ROOT/assets/image-source-files/logs-save-icon-hf.graffle b/modules/ROOT/assets/image-source-files/logs-save-icon-hf.graffle new file mode 100644 index 00000000..3ef08668 Binary files /dev/null and b/modules/ROOT/assets/image-source-files/logs-save-icon-hf.graffle differ diff --git a/modules/ROOT/assets/image-source-files/logs-search-hf.graffle b/modules/ROOT/assets/image-source-files/logs-search-hf.graffle new file mode 100644 index 00000000..41aaba74 Binary files /dev/null and b/modules/ROOT/assets/image-source-files/logs-search-hf.graffle differ diff --git a/modules/ROOT/assets/image-source-files/logs-top5-hf.graffle b/modules/ROOT/assets/image-source-files/logs-top5-hf.graffle new file mode 100644 index 00000000..dc3a540c Binary files /dev/null and b/modules/ROOT/assets/image-source-files/logs-top5-hf.graffle differ diff --git a/modules/ROOT/assets/image-source-files/logs-top5-icon-hf.graffle b/modules/ROOT/assets/image-source-files/logs-top5-icon-hf.graffle new file mode 100644 index 00000000..2ae918de Binary files /dev/null and b/modules/ROOT/assets/image-source-files/logs-top5-icon-hf.graffle differ diff --git a/modules/ROOT/assets/images/logs-calandar-icon-hf.png b/modules/ROOT/assets/images/logs-calandar-icon-hf.png new file mode 100644 index 00000000..656f7289 Binary files /dev/null and b/modules/ROOT/assets/images/logs-calandar-icon-hf.png differ diff --git a/modules/ROOT/assets/images/logs-column-options-hf.png b/modules/ROOT/assets/images/logs-column-options-hf.png new file mode 100644 index 00000000..dcde044f Binary files /dev/null and b/modules/ROOT/assets/images/logs-column-options-hf.png differ diff --git a/modules/ROOT/assets/images/logs-delete-filter-hf.png b/modules/ROOT/assets/images/logs-delete-filter-hf.png new file mode 100644 index 00000000..b3cfb2c4 Binary files /dev/null and b/modules/ROOT/assets/images/logs-delete-filter-hf.png differ diff --git a/modules/ROOT/assets/images/logs-delete-icon-hf.png b/modules/ROOT/assets/images/logs-delete-icon-hf.png new file mode 100644 index 00000000..9f361286 Binary files /dev/null and b/modules/ROOT/assets/images/logs-delete-icon-hf.png differ diff --git a/modules/ROOT/assets/images/logs-message-expanded-hf.png b/modules/ROOT/assets/images/logs-message-expanded-hf.png new file mode 100644 index 00000000..c9a2747f Binary files /dev/null and b/modules/ROOT/assets/images/logs-message-expanded-hf.png differ diff --git a/modules/ROOT/assets/images/logs-save-icon-hf.png b/modules/ROOT/assets/images/logs-save-icon-hf.png new file mode 100644 index 00000000..0f85a839 Binary files /dev/null and b/modules/ROOT/assets/images/logs-save-icon-hf.png differ diff --git a/modules/ROOT/assets/images/logs-search-hf.png b/modules/ROOT/assets/images/logs-search-hf.png new file mode 100644 index 00000000..168f28e7 Binary files /dev/null and b/modules/ROOT/assets/images/logs-search-hf.png differ diff --git a/modules/ROOT/assets/images/logs-top5-hf.png b/modules/ROOT/assets/images/logs-top5-hf.png new file mode 100644 index 00000000..796de623 Binary files /dev/null and b/modules/ROOT/assets/images/logs-top5-hf.png differ diff --git a/modules/ROOT/assets/images/logs-top5-icon-hf.png b/modules/ROOT/assets/images/logs-top5-icon-hf.png new file mode 100644 index 00000000..4053a0a8 Binary files /dev/null and b/modules/ROOT/assets/images/logs-top5-icon-hf.png differ diff --git a/modules/ROOT/nav.adoc b/modules/ROOT/nav.adoc index b1e08a84..f10158b5 100644 --- a/modules/ROOT/nav.adoc +++ b/modules/ROOT/nav.adoc @@ -40,6 +40,7 @@ *** xref:raw-data.adoc[] *** xref:log-search-query-syntax.adoc[Log Search Query Syntax] ** xref:logs-jp-ca.adoc[] +** xref:logs-search-hf.adoc[] * xref:telemetry-exporter.adoc[Exporting Telemetry Data] * xref:reports.adoc[Viewing Reports] * xref:tools.adoc[] diff --git a/modules/ROOT/pages/logs-search-hf.adoc b/modules/ROOT/pages/logs-search-hf.adoc new file mode 100644 index 00000000..348e738c --- /dev/null +++ b/modules/ROOT/pages/logs-search-hf.adoc @@ -0,0 +1,377 @@ += Searching for Logs +//EXPERIENCE ROLLOUT BANNER FOR THIS PAGE TO REMOVE ONCE ROLLOUT IS COMPLETE +:page-notice-banner-message: From May through June 2026, Anypoint Monitoring introduces and enhanced Log Search experience that's available on a rolling basis. This experience replaces previous log search experiences in all supported Anypoint Platform cloud regions (including US, EU, Japan, and Canada). +:page-info-pills: anypoint-pricing-titanium + +//feature tier: +Get logs on your Mule apps from Anypoint Monitoring. On https://anypoint.mulesoft.com/monitoring[US] and https://eu1.anypoint.mulesoft.com/monitoring[EU] Clouds, Anypoint Monitoring aggregates log files so you can manage, search for, filter, and analyze your logs. These features support: + +* Comparative analysis and pattern identification across Mule apps +* Focused log searches to isolate key data +* Shared log searches and CSV downloads + +[[log-search-overview]] +//don't change order of numbers in graphic or calloutlist +image::logs-search-hf.png["Log Search UI"] + +[calloutlist] +. Search for log fields to display or remove from the log *Results* table. Hover over a field name to add or remove the column, and to display top-5 values from the field. + +* *Selected fields*: Lists columns added to the log *Results* table. +* *Available fields*: Lists columns you can add to the log *Results* table. +. Search for specific words in log fields, including log *Message* fields. Use image:logs-save-icon-hf.png["",20,20] (Save) to save named searches for future use, and to select, update, or delete saved searches. When searching, try a whole-word search if a partial word search does not return a result. +. Set the time range for logs in the *Results* table using the clickable image:logs-calandar-icon-hf.png["",20,20] (Calendar) or date range. If you select a relative or absolute date range, the *Refresh* button toggles to an *Update* button to use for applying your date range. +. *Refresh* is for manually refreshing the logs in the *Results* table. ++ +To set an auto-refresh rate in seconds, minutes, or hours, use image:logs-calandar-icon-hf.png["",20,20] (Calendar), and configure the *Refresh every* setting. +. Create and use <>. Filters <>. +. Review log counts by the selected date range. Timestamp units vary depending on the date or time range you select. The longer the range, the longer the timestamp period on the horizontal axis, which can display averages over 30 second, 12 hour, or weekly intervals, for example. +. Use the *Results* table to review the results of your log search. You can also use *Download as CSV* to download up to 10,000 rows of log data. +. Filter by the value in a cell of the *Results* table by hovering over the cell and clicking to add (*+*) or remove (*-*) the filter. + +[[search-logs]] +== Search for Logs + +Use *Log Search* to capture the logs you want to review. You can use the Search bar, a filter (including filters created with Query DSL), or combination the Search bar and a filter. + +* <> +* <> + +[[search-bar]] +=== Query Logs from the Search Bar + +Use the Search bar with or without <> to capture the logs that you want to review. + +. Select an absolute or relative date-time range to review. ++ +For date-time range , see <>. +. Optionally, add or remove columns (available fields) from the log *Results* table. +. Provide a search query using any of these methods: + +* Provide a query in the Search bar: + +** Use words or quotes around multiple words or strings with special characters, such as `"HTTP GET"`, `"ab12c345-abc6-789d-e1fa-b124c5de6789"`, or `"https://api.mycompany.com:443"`. ++ +Without quotes, multi-word searches are treated as the query `HTTP OR GET`, where `OR` is a logical operator, and special characters can affect the search. For partial word searches, you can use pattern matching characters in your search, such as `myap*`, or `appId: mya?p`. +** Use a <> to search within a specific log field, such as `appId: myapp` for an application named `myapp`. +** Use logical operators, such as `appId=myap* AND `"forbidden (403)"`. +** Escape special characters that aren't surrounded by ++ +For a list of supported operators, see xref:log-search-query-syntax.adoc#boolean-operators[Boolean Operators]. +* Use filters as needed to narrow or expand the scope of log results. ++ +For guidance, see <>. +. Review search results in the *Results* table: + +image:logs-message-expanded.png["Expanded Log Message"] + +[calloutlist] +. To expand log entry and view log fields, click *>* in the *Time* field for a log entry. ++ +The arrow head points down (*⌄*) after you click it. +. The expanded log (*Expanded document*) includes *Table* and *JSON* views. +. For long, truncated log messages, use *Table* view to get full message by clicking the *>* in table's *Message* field. +. Get more context on the log by clicking *View surrounding logs* and specifying a number of logs that precede and follow your log, or use *View log* to open the log entry in a dedicated page. + +For more detail, see xref:log-search-query-syntax.adoc[]. + +[[search-filters]] +=== Use Search Filters + +Create, edit, and apply log search filters. You can use selectable fields and operators, or you can use the JSON-based OpenSearch Query Domain-Specific Language (Query DSL) for more complex filters. To save a filter for future use, see <>. + +* <> +* <> +* <> + +[[filter-simple]] +==== Create a Basic Filter + +For filters that have + +. Click *Add filter*. +. Select a log field name, or use the field's identifier (such as `appId`) for Query DSL filters. ++ +See <> for log fields and identifiers. +. Select an operator, and provide any required operands: +* `is`: Contains the value you provide +** Example: `Application is my-app` +** Filter label: `appId: my-app` + +* `is not`: Doesn't contain the value you provide +** Example: `Application is not my-app` +** Filter label: `NOT appId: my-app` + +* `is one of`: Contains a match a value in the list of values that you provide +** Example: `Application is one of my-app another-app yet-another-app` +** Filter label: `appId: is one of my-app another-app yet-another-app` + +* `is not one of`: Doesn't match any value in the list of values you provide +** Example: `Application is not one of my-app another-app yet-another-app` +** Filter label: `NOT appId: is one of my-app another-app yet-another-app` + +* `exists`: Identifies a field that contains a value +** Example: `Class exists` +** Filter label: `class: exists` + +* `does not exist`: Identifies a field that contains an empty value +** Example: `Class does not exist` +** Filter label: `NOT class: exists` + +. Optionally: + +* Provide a custom label for the filter. ++ +A short label is useful for long filter names. +* Save your filter so that you can reuse it. ++ +For guidance, see <>. + + +[[filter-query-dsl]] +==== Create a Filter with Query DSL + +//TODO: NEED QUERY DSL VERSION TO LINK TO (latest is 3.6 or earlier?) + +You can use OpenSearch Query DSL to create a filter. To learn the basics of Query DSL, see https://docs.opensearch.org/latest/query-dsl/[Query DSL] in the OpenSearch documentation. + +. Click *Add a filter*. +. Click *Edit Query DSL*. + +. Provide your query, and click *Save*. ++ +This example shows a query for `log-level` INFO: ++ +[source,text,linenums] +---- +{ + "query": { + "match": { + "log-level": { + "query": "INFO", + "type": "phrase" + } + } + } +} +---- ++ +This example shows a complex query that retrieves worker ID values greater than 0 and less than 20. +[source,text,linenums] +---- +{ + "query": { + "range": { + "workerId": { + "gte": 0, + "lte": 20 + } + } + } +} +---- + +For more information, see <>. + +//// +[NOTE] +Some complex search queries don't have an equivalent in the search filter values UI, so you can only create and view such queries in the query UI. +//// + +[[filter-top5]] +==== Use Top 5 Log Field Values to Create a Filter + +Get a list of top-5 log values from the list of fields used for columns in the *Results* table. For example, you can get a list of the top-5 apps or log messages ranked by the percentage of matches, such as 19% of log messages that match. + +image::logs-top5-hf.png["Top 5 Application Fields Example", width=50%] + +. Hover over a field, such as *Application*, from the list of log field names. +. Click image:logs-top5-icon-hf.png["",20,20] (Top 5) to open the list of top-5 values for the field. +. Click *+* (Add) to create a search filter for this value. +. Optionally, save the search filter for future reuse. ++ +For guidance, see <>. + +From a value in the top-5 list, you can also create a filter that includes (*+*) or excludes (*-*) a top-5 value, such as including your app (*appID: myapp*) or excluding your app (*NOT appID: myapp*). + +[[time-range]] +=== Select a Log Date and Time Range + +By default Logs Search retrieves the last 15 minutes of logs. You can use and absolute or relative the date-time range: + +* Absolute: Specific date and time to start and end the search. The end time default to *now*. +* Relative: A configurable number of seconds, minutes, hours, days, weeks, months, or years before (such as *Days ago*) or after (such as *Days from now*) the current date and time. + +To select the date-time range, use any of these options: + +* Click image:logs-calandar-icon-hf.png["",20,20] (Calendar), and use *Quick select* or *Commonly used* options: + +** Select the last number of *seconds*, *minutes*, *hours*, *days*, *weeks*, *months*, or *years* +** Select a commonly used option, such as *Today*, *This week*, last number of minutes, hour, or days, *Last 1 year*. + +* Click *Show dates* or the date-time range in Logs Search: + +** Click *Absolute* to pick a specific start date and time for your log search. +** Click *Relative*, and set a number of seconds, minutes, hours, days, weeks, months, or years from now for your log search. ++ +You can opt to round to the day. + +[[refresh-logss]] +== Refresh Log Data (Manually and Automatically) + +You can refresh log data manually and on a regular basis: + +* To refresh manually, click *Refresh*. +* To auto-refresh on a regular basis: + +. Click image:logs-calandar-icon-hf.png["",20,20] (Calendar). +. Under *Refresh every*, provide a number and time unit (seconds, minutes, or hours), such as *5 minutes*. +. Click *Start* to initiate the autorefresh process. + +== Download Log Results as a CSV File + +Download log search results for up to 10,000 log records into a CSV file. + +. Add fields that you want in your report to the log *Results* table. ++ +For guidance, see TODO_TODO. +. Run your search query. ++ +For guidance, see TODO_TODO. +. Click *Download as CSV*. + +[[save-search]] +== Save and Apply Saved Log Search Queries + +Save search queries as reusable filters. After using a saved search query, you can clear the query filter so that it doesn't affect search results. You can also permanently delete a saved search. + +* To save a search: + +. Run a search query that you intend to save. ++ +For guidance, see TODO_TODO +. Click image:logs-save-icon-hf.png["",20,20] (Save). +. Click *Save as new*. +. Provide a name for your search, and click *Save* + +* To use a saved search: + +. Click image:logs-save-icon-hf.png["",20,20] (Save). +. Click the saved search to apply the search. ++ +Notice that the search appears as a search filter. + +* To clear a saved search from a search query that is filtering your results, use either of these methods: + +** Click image:logs-save-icon-hf.png["",20,20] (Save), hover over the saved search, and then click *Clear*. +** Hover the filter and click *x*. For example, if *my saved app* is a saved search, you can click *x* to clear it without deleting: ++ +image:logs-delete-filter-hf.png["Delete a Filter", width=25%] ++ +The saved filter remains available in your list of saved searches. Unsaved search filters don't persist when you click *x*. + +* To delete a saved search: + +. Click image:logs-save-icon-hf.png["",20,20] (Save). +. Hover over the saved search to delete. +. Click image:logs-delete-icon-hf.png["",30,30] (Delete). + +//// +[[share-logs]] +== Share Logs + +TODO_TODO: THIS IS GETTING IMPLEMENTED + +VERIFY/EDIT AS NEEDED FOR NEW UI: +You can share the URL to your logs. + +. From Logs, click *Share*. +. Select *Share* to load the URL of your log page to a *Share Log Search Link* field. +. Click *Copy*. +//// + +== Move and Remove Columns in the Results + +After adding optional columns to the log *Results* table, such as *Application* and *Log level*, you can move and remove them. The *Time* and *Message* columns are not removable. However, you can move *Message* after adding optional columns. + +* Hover over the column heading, such as *Log level*, to reveal column options. ++ + + +** To move a column, use the arrow to move the column to the left or right. +** To remove a column, click the *x*. +** To sort the data in the column in ascending or descending order, click its up-down arrow to toggle the sorting order. + +[[data-retention-management]] +== Data Retention and Management for Logs + +//VERIFY STILL TRUE +Log storage limits for your subscription tier determine your retention, and isn't based on a set amount of time. For details, see xref:performance-and-impact.adoc#data-retention-limits[Data Retention Limits]. + +//VERIFY STILL TRUE +For other limitations on logs, see xref:performance-and-impact.adoc#logging-data-management[Logging Data Management]. + +== Format Customized Logs in On-Prem Servers for Proper Indexing + +TODO:TODO_TODO VERIFY + +Logs produced by apps with customized logging (by changing the pattern layout in the `log4j2.xml` file) might not get indexed correctly into Anypoint Monitoring. To ensure correct indexing, use the Mule default pattern layout, which is one of the following: + +* ``, or +* `` + +For applications deployed to CloudHub and Anypoint Runtime Fabric with customized time zones: + +Don't override the default JVM timezone for applications deployed to CloudHub and Anypoint Runtime Fabric with customized time zones. The timezone must be UTC. Changing the timezone to a local timezone causes logs to be indexed in Anypoint Monitoring with incorrect timestamps. + +== Reference + +Get descriptions of fields and filter options: + +* <> +* <> +* <> + +[[field-names]] +=== Log Field Names + +Log field names in the UI have field identifiers that appear in filters labels and <>. <> require field identifiers. + +* *Application* (`appId`): Name of the application +* *Class* (`class`): Class name +* *Environment* (`envId`): Environment identifier +* *Event* (`event`): Identifier for the associated Mule event +* *Log level* (`log-level`): Log value such as INFO, WARN, ERROR +* *Logger* (`logger`): Name of the logger +* *Message* (`message`): Log message +* *Timestamp* (`timestamp`): Date and time of the a log entry +* *Worker* (`workerId`): Identifier for the associated worker + + +[[filter-global-options]] +=== Global Filter Options + +TODO:TODO_TODO + +Global filter options: + +* *Enable all* to enable all your filters +* *Disable all* to disable +// * *Pin all* +// * *Unpin all* +* *Invert inclusion* +* *Invert enabled/disabled* + +[[filter-individual-options]] +=== Individual Filter Options + +TODO:TODO_TODO + +For individual filters, you can: + +//* *Pin across all apps* +//* *Unpin across all apps* +* *Edit filter* to change the filter configuration +* *Include results* to include the filter's results in the *Results* table +* *Exclude results* to apply the *NOT* operator to the filter, which excludes its results from the *Results* table +* *Temporarily disable* to retain the filter without using it to return search results; toggles with *Re-enable* +* *Delete* to permanently delete the filter diff --git a/modules/ROOT/pages/logs-us-eu.adoc b/modules/ROOT/pages/logs-us-eu.adoc index 9f28d046..f3428871 100644 --- a/modules/ROOT/pages/logs-us-eu.adoc +++ b/modules/ROOT/pages/logs-us-eu.adoc @@ -62,8 +62,8 @@ To search the logs, type your search query into the log search field and press * * Search for a term, such as `"Info Dynamic Logging"`. + Without quotes, the query returns results for matches to each term. -* Use a wildcard in your search, such as `resourceId=hellowor*`. -* Use logical operators, such as `resourceId=hellowor* AND "Info Dynamic Logging"`. +* Use a wildcard in your search, such as `appId=myap*`. +* Use logical operators, such as `appId=myap* AND "Info Dynamic Logging"`. [[search-filter]] === Search with a Filter