You can search for and filter log events on the Explore Logs page by using queries. You can use fields in your search criteria for efficient log monitoring and view logs in real time. You can also save queries, clone queries and modify them, compare query results from multiple systems, share queries and their results with other users, and pin queries to the pinboard.
To access this page, expand the main menu on the VMware Aria Operations for Logs (SaaS) user interface and click Explore Logs.
The Explore Logs user interface contains several elements such as:
Actions Menu
The actions menu has several controls for working with a query.
| Action Controls | Description |
|---|---|
| Favorite | Marks the query as favorite. and displays all queries marked as favorite. |
| Save | Saves the query for future reference.Provide details such as name and description to save the query. |
| Compare | Opens the Compare Logs page and adds the query to compare with other queries based on multiple criteria. To learn more, see Compare Logs. |
| Pin | Pins the query to your pinboard. Pinning a query allows you to temporarily recall run queries or compare two or more queries. To learn more, see Pin Queries to the Pinboard. |
| Create Alert | Opens the Create a new alert page to create an alert based on this query. To learn how to create an alert, see Define an Alert. |
| Export | Exports the results of the query as chart data or logs. You can:
To learn more, see Export Logs. |
| More Options | Provides options to:
|
Search Options
You can use search options to enter one or more queries and filter them according to your business requirements.
You can write a simple query that returns a set of records and then use options such as sort and filter to analyze them. Or you can write a more advanced query to perform statistical analysis and visualize the results in a chart to identify a particular trend.
See Examples of Search Queries to learn about different types of queries you can run on the Explore Logs page.
Search options include the following elements:
| Element | Description |
|---|---|
| Search bar | The search bar is where you enter your query. You can use the TAB button or the ENTER button to separate one or more search criteria. Individual fields are joined with the AND operator and partial match does not return any results. |
| Partition | Displays a list of partitions from which you can query logs. You can select one of the following:
To learn more about partitions, see Log Partitions. |
| Time Picker | Select the time range for which you want to display the query data. The default time range is five minutes. You can select a preset time range or click Custom to select a custom time range. You can also choose to view the search results based on:
|
| Live Tail | Displays logs in real time. You can either enter a search query and click Live Tail, or use a saved or favorite query to view real time logs for that query. The logs corresponding to your query are streamed in the Live Tail page. For more information, see Explore Logs in Real Time. |
| Display Query as Text | Displays the query as text for better readability. |
| Add Filters | Apply filters to view log events that match one or more conditions. Supported filter functions differ for string and numeric fields. To learn more about adding a filter, see Examples of Search Queries. |
Chart View
The chart view displays search results as one of multiple available chart types. On the charts view, you can:
- Select the chart type from the Visualization type drop-down menu. To learn more, see Chart Types for Logs.
- Use Aggregate Functions on Log Results.
- Group Logs During Search.
- View the Context of a Log.
Results View
The results view displays query results in a table. You can view the search results by:
- Stream - Displays the search result as a log stream with Ingest Time Stamp and Text columns by default.
- Types - Categorizes the search result by event types such as count of events or size of events. To learn more, see Event Types.
- Alerts - Displays all the alerts triggered during the selected time range. You can expand an alert listing to view the alert details, description, and query.
- Event Trends -
Displays the trend of events to observe the current progression of each event type as compared to 10 times the selected time range.
For example, if you have selected the time range as five minutes, logs are compared for the last 50 minutes. If you have selected the time range as 30 minutes, logs are compared for the last five hours.To learn more, see Event Trends.
You can also categorize search results based on fields. To learn more, see Fields in VMware Aria Operations for Logs (SaaS).
