Searching Log Entries

To inspect and search the log data of your services, open the main menu on the start page and select Discover. Option Discover allows for

selecting log data for exploration.
setting a time range for the log data.
searching the logs with DQL.
filtering the results.
exploring the details of log entries.
configuring tables that show the search results.

Refer to Inspecting the Logs: Tips & Tricks for more information about the available query languages: DQL and Lucene.

Overview on the “Discover” Page

(1)	Search Query: Enter your search term here. Read Inspecting the Logs: Tips & Tricks or the official OpenSearch documentation to get detailed information about the query languages.
(2)	Time Range: Click here to set a time range for the log data you want to inspect.
(3)	Sidebar: Use the sidebar to select your index pattern and to access the list of available fields.
(4)	Time Histogram: Shows the time range of the displayed data. To view the count of log documents for a given time, drag the mouse over the histogram.
(5)	Documents Table: All log documents/data available for the set time range are displayed here. You can customize the table (e.g. which columns are displayed) and adapt it to your needs.

Displaying Search Results

If you use DQL, your search term is applied to the field(s) set as the default field(s) on the index, search term hits are highlighted:

If no default field is set, DQL searches all fields.

The set default fields are displayed in the left sidebar as Selected fields. These fields are displayed as columns in the content area on the right:

If you want to add a field, hover over a field name in section Available fields and click the appearing Plus option:

Hover over a field name in section Selected fields and click the appearing X option to remove a field:

Expand a log document to show the fields that are available with this document:

To add a field to the table display, click on its menu item Toggle column in table:

Once you have created a query, you are also able to save it for further use, for example in a dashboard.

Expert Tipp

To inspect the logs of a specific service, open the Log Analyzer from within the service details in the PAS Administration.

Docker Setup:

In the service details, open section Logs and use option Open Log Analyzer to inspect logs.
The Log Analyzer will open, showing all logs of this specific service.
Refer to Showing Docker Container Logs and Docker: Showing Logs of a Containerized xUML Service for more details.

Kubernetes Setup:

On a Kubernetes system, section Logs in the service details is divided in two parts: Service Logs and Transaction Logs.
In both parts you can find a button to open the Log Analyzer:

Open Service Logs: Shows the logs filtered by service name and log channel Error.
Open Transaction Logs: Shows the logs filtered by service name and log channel Access.

Refer to Showing Workload Logs and Kubernetes: Showing Logs of a Containerized xUML Service for more details.

Query Example xUML Service

With xUML services it is a common task to search for log errors with a certain error domain. To filter for a dedicated error domain (RESTLM in this example), add a filter for log.domain:

Field: log.domain
Operator: is
Value: RESTLM

As a result, the search results are filtered for logs with the given domain:

Query Example Node.js

To inspect logs of Scheer PAS Node.js services, you can for example select the following fields to be displayed:

time (displayed by default)
service (= name of the service)
level (= log level)
message (= log message)
context.request.uuid (= UUID of the request)
context.user.loginId (= login name of the user)

Overview on the “Discover” Page

Displaying Search Results

Query Example xUML Service

Query Example Node.js

Related Content