Transcript
Sales Engineer at SolarWinds. I'm here to help you increase mean time to value with Loggly. The way you get started with Loggly is at the source browser. Notice in the navigation here, I can hit this little chevron at the bottom to expand the menu and we'll find source setup. We have built into Loggly a variety of modules that you can leverage to ingest your logs into the Loggly system. From there, those logs will be parsed and normalized into a common data structure that's easy to explore with our Field Explorer. The Field Explorer makes it easy to search through the entire volume of logs that have been ingested by Loggly. Filter and narrow those down into key events that are important for you to be made aware of. The best way to get started with the Field Explorer is to look at the screen from the top left over to the right and then down. Loggly supports multiple tabs, so I can have multiple searches going on at once. The cool thing is, if I navigate away from this page or I come back to Loggly on another day, it's going to remember what search options I've put in here in future sessions. I like to stick with the default tab. Looking at what's available to help filter logs, we have different source groups. Now, a source group allows us to partition the environment logically by application stack or by infrastructure. Say you want to look at just network infrastructure, switches, routers, firewalls, or you just want to look at servers and virtual machines. You can create the source groups that make sense for you and use those to filter the log events. In the Search Logs bar, this is where I can apply a global search filter, and we support a variety of syntaxes. I can use a full-text search, or if I need an exact phrase, I just surround that in quotation marks, similar to what you're experienced with other search engines perhaps. We also support Boolean logic, which allows us to provide different search tactics in conjunction with each other to help narrow down the logs that we're interested in. We also support regular expressions and numeric ranges on fields. This brings up an interesting point about fields because, as I mentioned previously, Logly will normalize your log events. We'll organize those by source in the Field Explorer, and we will show you the sources that we've seen over the time range that you've selected up here. You can click the time range and select a date on the calendar, but I like to stick with timeframes that are relative to a time period. I'm looking at now, starting at an hour ago, or I can change the age to a D, and I can look at a day ago. This helps me quickly visualize the log events over time, and I can see quite a large influx of logs over this time period that might be interesting to drill into. But I'm going to stick with one hour from now, up to now, and then I see the different sources here. Apache, for instance. If I click Apache, then I will see the fields that were extracted by Logly. These are all of the log events coming from the Apache source with the fields extracted. Let's say I'm interested in the status codes returned by the web server. If I click status, I'll see a list of status codes that Logly has seen for that time period. Again, if I change the time period, what Logly has seen may fluctuate over time, so we might see additional status fields like so, 500s. 500s indicate an error of some kind, and those might be interesting. I could click that, and that would apply a filter to only the Apache events that contain 500 as the status code. You can see that highlighted here in each log event. Maybe what I'm more interested in is understanding the distribution of status codes. I can use a field action to do that and visualize those events as a pie chart, which helps me understand how many of each type of event we've seen displayed on a chart like this. I can sort this by ascending to make it a little bit easier to read. My 200s, everything's good, all the way up to my 500s, where something's going wrong internally in the web server. Now, to work with the chart types, I can change these to line charts, or I could change these to column charts, which would make more sense for this data set, and split by the status. And then we can see how those log events with the status codes get stacked up over time. Let's go back to these 500 errors. When I apply this filter, I've determined that these are the types of events that I'm really, really interested in over time. So coming back to the Field Explorer, looking at status codes, maybe I'm interested in finding all of the instances where client browsers are trying to download items from our web server that no longer exist at the path that's being referenced. I want to pass this off to some developers to get that cleaned up. I can emphasize that I'm interested in 404s by applying the filter like so, and if I'm interested in creating an alert for this, I can do that by saving the search. If I save the search, I would give it a name, and then I can click Save, or then I can save the search and create an alert from here in the same go. To create an alert, I simply give the alert a name. The Save Search dropdown is already populated with my previous saved search. So realize that the Save Search functionality within Loggly powers not only the alerting system, but also the charts that we use for visualizations on dashboards. I have alerting logic here to send the alert if the account of 404 errors is greater than some number over a certain time frame. I can then send an email to someone, or I can send an alert through a configured endpoint, such as a Slack channel via a webhook, for instance. So Loggly's capabilities go far beyond what I've shown you, but we wanted to give you something to help you get started quickly using Loggly and getting value out of your log events. Thank you.
