Working With the Log Analyzer
The Log Analyzer uses OpenSearch as data storage and OpenSearch Dashboards to analyze the service logs. OpenSearch Dashboards is an open source analytics and visualization tool. You can search, view, and interact with data stored in OpenSearch indices. You can perform advanced data analysis and visualize your data in a variety of charts, tables, and maps in customized dashboards.
Retention period for logs in Log Analyzer is 30 days.
In the log analyzer, you have two options:
Analyze the available data in a pre-configured dashboard (or create your own dashboard):
Inspect the service logs using one of the pre-defined indices (or create your own index):
You can also access both options via the main menu:
Refer to Using Dashboards for details on dashboard usage and to Log Analyzer Indices for more infotmation about indices.
Discover: Searching Your Data
To inspect and search the log data of your services, open the main menu on the start page and select Discover. Option Discover allows you:
to select data for exploration.
to set a time range for the data.
to search your data with DQL.
to filter the results.
to explore the details of your data.
to view individual documents.
to create tables that summarize the contents of the data.
Refer to Inspecting the Logs: Tips & Tricks for more information about the available search languages DQL and Lucene.
Overview on the Discover page:
(1) | Search Query: |
|---|---|
(2) | Time Range: |
(3) | Sidebar: |
(4) | Time Histogramm: |
(5) | Documents Table: |
Displaying Search Results
If you use DQL, your search term is applied to the field(s) set as the default field(s) on the index, search term hits are highlighted:
If no default field is set, DQL searches all fields.
The set default fields are displayed in the left sidebar as Selected fields. The fields are displayed as columns in the content area on the right:
If you want to add a field, hover over a field name in section Available fields and click the appearing Plus option:
Hover over a field name in section Selected fields and click the appearing X option to remove a field:
Expand a document to show the available settings:
To add a setting to the table display, click on its menu item Toggle column in table:
To inspect logs of Scheer PAS Node.js services, you can for example select the following settings to display:
time (displayed by default)
service (= name of the service)
level (= log level)
message (= log message)
context.request.uuid (= UUID of the request)
context.user.loginId (= login name of the user)
Once you have created a query, you are also able to save it for further use, for example in a dashboard.
Expert Tipp
To inspect the logs of a specific service, open the Log Analyzer from within the service details in the PAS Administration.
Docker Setup:
In the service details, open section Logs and use option Open Log Analyzer to inspect logs.
The Log Analyzer will open, showing all logs of this specific service.
Refer to Showing Docker Container Logs and Docker: Showing Logs of a Containerized xUML Service for more details.
Kubernetes Setup:
On a Kubernetes system, section Logs in the service details is divided in two parts: Service Logs and Transaction Logs.
In both parts you can find a button to open the Log Analyzer:
Open Service Logs: Shows the logs filtered by service name and log channel Error.
Open Transaction Logs: Shows the logs filtered by service name and log channel Access.
Refer to Showing Workload Logs and Kubernetes: Showing Logs of a Containerized xUML Service for more details.
Related Documentation: