Logs Search View

Kloudfuse platform enables users to search logs instantly, as it ingests log events. The Kloudfuse stack can automatically extract the facets from the log events and make them available for further search and analytics.

There are three approaches for searching logs:

The Search view provides a summarized view of the logs ingested in a selected time range broken down by the severity level. The facets on the left-hand side list the various sources of log events. A source is defined by the kind of application/infra component that is emitting the logs and is set by adding a tag called “source” on corresponding log events. Within the source facets, Kloudfuse automatically detects and lists the various log facets. Kloudfuse lists the facet name (method), the possible facet values, and the counts (cardinality) of each value. Use the facets to narrow down the logs by including or excluding the facets.

The Labels list on the left-hand side allows the user to narrow down the logs by the tags added to the log events by the external environment. “Cloud” lists the tags such as cloud region, availability zone, etc. “Kubernetes” lists tags such as pod_names, Kubernetes service, and so on. “Additional” label lists any other user-defined tags. These tags allow the user to filter the log search scope and results in faster search times. The search box can be used to filter logs by doing any text search. The text search box can be used to enter complex search queries as well.

The log events list presents the filtered logs based on the log query. A query consists of selected facets, labels, and free text search strings for the time range selected by the time picker.

Clicking on an individual log event shows a detailed view of the log event, including its fingerprint, auto-extracted tags, and environment labels.

These sections describe the filters and searches accessible in the Logs search view:

Follow these steps to get to the Logs Search interface:

  1. Click the Logs tab, and then the Search option in the drop-down menu.

    navigate to events list

  2. The Logs interface appears.

Using the Logs Search Interface

The Logs interface has the following information and affordances:

Logs search view
The Logs Search interface

  1. Search bar enables you to search across all logs.

  2. Advanced Search

    When on, Advanced search enables you to write your own queries using FuseQL directly.

  3. Overall interval. The default is Last 5 minutes. Click the drop-down to use the time picker and select the appropriate time interval.

    Time picker

  4. Refresh display: click Refresh (Refresh) to update the display.

  5. View type selector enables you to specify the search view by selecting one of the following modes:

  6. Numerical total is a summary of all records that match the search criteria, with subtotals by log level: debug, error, info, notice, trace, warning.

  7. Compare option, when selected, provides a quick comparison to the values in the preceding time interval.

    This affordance provides clues about a possible seasonality of results.

    For example,

    Interval Comparison

    Now through Last Day

    Same time yesterday

    Last day through less than 1 week

    Same time last week

    Last week through less than 1 month

    Same time last month

    Last month through less than 1 year

    Same time last year
    line plot of previous period

  8. Click the hide timeline (Hide Timeline) icon to remove the graph.

    To show the graph, click show timeline (Show Timeline).

  9. Timeline is the graph of combined counts of the logs.

    Note that the default graph is a stacked bar, metered by log level.

    Hover your cursor over one of the bars to display the detailed numbers for each log level.

    The time series also displays the time to run the query; in this example, it is 1806 ms (1.8 seconds).

  10. The options (Options) menu controls which elements to display in the table:

    You can also use the Lines to show selector to specify how many content lines to display for each log message.

    Control which log elements to display

  11. Click Add to Dashboard to add the results to a dashboard; see Add to Dashboard.

  12. Save Query enables you to save the query for later use. See Save query.

  13. Click Download to save the selected logs to your computer in one of the following formats: CSV, JSON, or TXT. See Download logs.

Add to Dashboard

To add the current results to a dashboard, follow these steps:

  1. In the interface, click the Add to dashboard (Add to Dashboard) button.

  2. The Add panel to dashboard dialog appears.

  3. In the dialog, specify if you want to add to a New Dashboard (default), or an Existing Dashboard:

    • New Dashboard

    • Existing Dashboard

    ][[new]

    1. Select the folder from the drop-down.

    2. Enter the name of the new dashboard.

    3. Enter the panel name for the new chart.

    ][[existing]

    1. Select the folder from the drop-down.

    2. Select the dashboard from the drop-down.

    3. Enter the panel name for the new chart.

Save query

To save the query for later use, follow these steps:

Save log query for later use

  1. In the Logs Search interface, click the save query (Save Query) button.

  2. A dialog window appears.

  3. In the dialog, enter the name of the query you plan to save.

  4. Click Save.

Download logs

Kloudfuse downloads all log data, not just the portions you choose to display:

  • Container name

  • Host

  • Kube Namespace

  • Kube Service

  • Kube Cluster Name

  • Message

  • Pod Name

  • Source

  • Date

To download the selected logs to your computer, follow these steps:

Download menu for logs

  1. In the Logs Search interface, click the download (Download) button.

  2. A dialog window appears, with the following options:

    • Download as CSV

    • Download as JSON

    • Download as TXT

  3. Select one of the options by clicking on it.

  4. The download starts.

  5. Unless you are downloading a very small volume of logs, you will see the Downloading logs progress dialog.

    Progress window for downloading logs

  6. [Optional] Click Interrupt download if you want to stop a very large download.

    Kloudfuse gives you the option to save partial results (all the logs saved to your system buffer at the time you interrupted the download), or to cancel the saving process.