This section describes the fields in the expanded log table.
Clicking the + plus icon on the right of the logs table expands an individual log. This provides an in-depth view of the specific connection log or the HTTP request and response log.
The following are displayed in the expanded table:
Field |
Description |
---|---|
End to End Timing |
The bar is similar to the Analytics tab of the virtual service Details page, though it also contains arrows indicating the HTTP response code. This data is specific to this single connection or HTTP request, whereas the Analytics tab for the virtual service shows an aggregate of all connections or requests. If the arrow under Server RTT is zero, then no response was received from the server. This could be due to an error such as a timed-out server response or because the request was served by the NSX Advanced Load Balancer (such as caching or a policy). |
IP Addresses |
Under End-to-End Timing, IP addresses and service ports indicate the client source address and port being used to initiate a transaction to the virtual service IP address and destination service port. The second address under the (LB) icon is the NSX Advanced Load Balancer source NAT (SNAT) address and source port that is used for communicating with the destination server’s pool, name, IP address, and port. |
Client data |
The column under the Client icon displays the following client information:
|
LB data |
The following information appears under the LB icon in the middle column:
The following fields appear only if applicable:
|
Server and App data |
The third column provides the following information on connection or request and response:
|
View All Headers |
Expands the log display to show additional information for the transaction. View All Headers exist due to the following:
|
Searching Logs
The Search field above the list of client log entries filters the logs according to your specified search terms. You may use either arbitrary search strings or a specific search syntax. For example, entering mobile will filter the logs to all entries that include this string anywhere within the log. The search strings are not case sensitive.
To use the formal search syntax, the search filter may be typed manually, or clicking any blue text within a log entry will generate the filter. For example, clicking Client IP creates “filterclient_ip=A.B.C.D” where A.B.C.D is the client’s IP address. In this example, the logs will be filtered to show only clients with that specific IP address.
When typing a search directly into the Search field, contextual help will show the available options. For instance, typing “client_ip” will show the appropriate operands (described below) such as “ = “.
Example: The filter client_ip= will show the most commonly seen IP addresses, including the number of logs generated by these addresses and the percentage of logs from this address, in this format: 10.30.4.31 - 15924 - (34.7%).
When using the search syntax:
Be aware of whether the log display filter is set to Significant Logs or Non-Significant Logs.
Multiple filters may be selected or created to further refine a search. All filters must be true for the log to match.
Search criteria for strings must be enclosed in quotation marks, such as client_country=”US” or”Connection setup failed”.
The filter can include any combination of informal strings and formal search syntax, such as: iphone client_ip^=”10.30.” Searches may be saved and reused later.
The following operators allow more granular searches for strings, numbers, or IP addresses:
Greater than: >
Greater than or equal: >=
Less than: <
Less than or equal: <=
Not equal: !=
Equals: =
Contains: ~=
Does not contain: !~=
Starts with: ^=
Ends with: $=