Logs
This section explains what a user may see in the Unified Assurance software when using the Logs navigation pane in the main user interface, which gives users to view the logs from most Unified Assurance processes. Besides the main grid that shows the lines logged from a variety of applications, a search bar is shown along with buttons that will change what data is displayed. This guide also includes some examples of different searches that can be done using this interface.
Grid Details
To understand what is being displayed in the grid, this line will be used as a basic example:
Jul 26 14:20:00.237 assure1v5.federos.com GenericSNMPPollerd: (35): [INFO] <> Main -> Poll Executed at [1564168800]
Each line contains several distinct pieces of data that can be useful for troubleshooting purposes:
-
Jul 26 14:20:00.237: the date and time the line was written to the log.
-
assure1v5.federos.com: the host FQDN of the server that wrote to the log.
-
GenericSNMPPollerd: the name of the binary that wrote to the log.
-
(35): the application ID that wrote to the log. This ID correlates to the ID field that is displayed in the Jobs and Services UI's.
-
[INFO]: the logging level of the specific message.
-
<>: the thread ID that wrote to the log.
Note:
This field normally shows a numerical value, but being "blank" like in this example means that it is the applications main thread that is writing the message to the log.
-
Main -> Poll Executed at [1564168800]: the message that was written to the log.
Additionally, several of the fields can be clicked on, which are then put into the search bar for filtering purposes. This can be done with the following fields:
WARNING:
Be aware that clicking on one of the fields will replace any text that was previously in the search bar.
-
Host FQDN
-
Binary name
-
Application ID
-
Logging level
-
Thread ID
The Search Bar
At the bottom of the UI, there is a search bar that can be used to filter the results displayed for correlation purposes. Data can be either manually entered into the search bar, or clicking on one of the fields in the grid can add a filter to the search bar.
Tags
A variety of tags are available for use in the search bar.
Important:
When manually entering text into the search bar, be aware that most of the tags are case sensitive. This means that filtering for level:INFO may return results, but level:info will not.
| Name | Data Type | Sample Data | Description |
|---|---|---|---|
| app | Text | Syslogd | Name of the binary that wrote to the log. |
| appID | Integer | 26 | The application ID that wrote to the log. This ID correlates to the ID field that is displayed in the Jobs and Services UI's. |
| beat.hostname | Text | assure1v5.federos.com | The host FQDN of the server that wrote to the log. |
| beat.name | Text | assure1v5.federos.com | The host FQDN of the server that wrote to the log. |
| host.name | Text | assure1v5.federos.com | The host FQDN of the server that wrote to the log. |
| level | Text | DEBUG | The logging level of the specific message. |
| log.file.path | Text | /opt/assure1/logs/EventSyslog.log | The full path to the log file. |
| message | Text | Main -> Checking for reload | The message that was written to the log. |
| pid | Integer | 55214 | The process ID of the binary that wrote to the log. For Services, this value can be displayed in the "Last PID" column, but may not be accurate if the application is restarted. Jobs will not display this value. |
| source | Text | /opt/assure1/logs/EventSyslog.log | The full path to the log file. |
| thread | Integer | 4 | The thread ID that wrote to the log. |
Search Examples
Single tags can be used to look for specific data. Here are a few examples:
-
If no tags are used, the search will be applied against the "message" part of the log:
poll -
If searching for multiple words, double quotes will be needed to search properly. As an example, this filter will return any message with the word poll or the word cycle:
poll cycleHowever, if double quotes are used, only lines that match exactly will be returned. As an example, this filter will return any message with the words poll cycle:
"poll cycle" -
This will show all logs from the Unified Assurance Broker:
app:Brokerd -
This will show all logs from the Unified Assurance Event Syslog Aggregator:
app:Syslogd -
This will show logs from many applications with the logging level set to "INFO":
level:INFO -
This will show all logs from the "assure1v5-pres1.federos.com" server, which may be needed in multi-server environments:
host.name:"assure1v5-pres1.federos.com"
Multiple tags can be added together to do complex searches through the logs:
-
This will show all logs from the Unified Assurance Broker or the Unified Assurance Event Syslog Aggregator:
(app:Syslogd app:Brokerd) -
This will show all logs from the Unified Assurance Broker or the Unified Assurance Event Syslog Aggregator, but only with the logging level set to "INFO":
(app:Syslogd OR app:Brokerd) AND level:INFO
Additional documentation is available about the query language, and is available here.
Different Controls
There are two additional controls next to the search bar that allow for additional refinement of the results that are displayed.
-
All Systems - The default value of the button, so results from any log in any file on any server will be displayed.
-
If the button is clicked on, a list of all of the servers that are part of the environment will be displayed. A single server can be clicked on to limit the results to only those from that single server.
-
This button may also show a host FQDN if one is clicked on in the grid.
-
-
Now - The default value of the button, and is used to limit the time frame of results that are displayed. If a value is entered into this field, that value will be used as the start time for logs to be displayed. Possible values include:
-
A time in either 12-hour or 24-hour format. If this is used, the starting date will be assumed to be today.
-
A date in M/D/YY or M/D/YYYY. If this is used, the starting time will be assumed to be midnight.
-
A combination of date and time.
-