Use the left nav in the logs UI as an easy workflow through all logs, attributes, patterns, live-tail logging, and queries. Manage your log data by dropping or parsing data, creating data partitions, and setting up alerts. Hash or mask any sensitive data in your logs with obfuscation expressions and rules. Get more details about specific logs and their attributes from the center nav.
To explore your logging data, follow this basic workflow.
To spot suspicious spikes or drops in log messages, click Patterns on the left nav.
To look at logs for a specific time period, click that point (or click and drag an area) on the chart, or use the time picker.
The left nav includes options to help you narrow the focus of your initial search results or to quickly find outliers.
If you're not sure where to start, click Attributes on the left nav, then select additional values as needed. For example, if a host listed under the hostname attribute is generating significantly more error messages than the others, select that value to apply it to your search.
To manage the amount of log data collected and to store fewer logs, create drop filter rules that avoid collecting data you don't need.
If applicable, log messages indicate a severity level (INFO, DEBUG, etc.). Select a log message to view its details as a table of attributes or as JSON.
To see which attributes are included in a log message, click the log line.
To help troubleshoot problems related to a specific value in the log details, show surrounding logs for the attribute's details.
To get more details in extremely long messages, expand the data stored as blobs.
By default, the logs UI shows all your logs, but you can also search with keywords or phrases to find the results you want. For example:
process failed
You can also use the search field with type-ahead dropdowns to select an attribute, operator, and value. For example:
service_name equals my service
To help your query focus on the details you need, add or remove attributes by doing either of the following:
On the left nav, select Attributes, select the values you want, then click Query logs.
On the logs table, click the + icon to add an attribute, then click on it to add it to the query.
To switch from the Lucene-syntax search bar to a NRQL query, click the NRQL button beside the search bar. There is no direct equivalence between NRQL and Lucene, and this means that the NRQL query will often be simpler and not as complex, but this gives you a helpful start for building a query with the same data.
You can write NRQL queries on log events without losing your filters with the NRDB query builder. Click the NRQL button to the right of the Logs search bar, then start querying.
Focusing on the most useful logs can help you with:
Optimizing performance: To organize data within an account and to optimize query performance, create data partition rules.
Reviewing deployments: To immediately see how your system responds to deployments or other app changes, enable live-tail logging.
Bypassing unrelated details: To view all the logs for a specific value, review the attributes list in the Log details for the selected log, then continue to add or remove attributes as needed.
Finding the root cause: To help identify an issue's root cause before it occurred or its impact after an event, click ... in the Log details to show surrounding logs.
Getting more context: To see logs related to other telemetry data for your apps and hosts, use logs in context.
Once you've narrowed down the set of logs with filters and then opened a specific log, you can see related distributed traces. As long as you've set up distributed tracing and there are sampled traces related to logs, you'll see an option to view them. This is a quick way to view trace information without going to the main distributed tracing page.
If you open the Log details pane and see a Distributed trace section, you have two options to view span traces in a waterfall view:
Click directly on the trace name or click the icon with an arrow on the right, which opens up the waterfall focus view that highlights trace spans with errors.
Alternatively, you can click Explore to open an unfiltered waterfall where you can click through all the spans.
Use any of the core New Relic UI functions to explore your data (specific account, time range, metrics and events, query builder, etc.) and share the data with charts, add to dashboards, etc. For more information, see the examples in this document.
Export
To export a subset of your logs to share, users can leverage our dedicated Export feature in the Logs UI. This feature will allow an export of up to 5000 log records in either CSV or JSON format. The log records will be downloaded locally on your machine in the /Downloads/ folder of your current browser.
Permissions
For details on permissions by user type, see User type.
You can create a custom role that restricts the NRQL drop rules capability and limits the creation of drop filters. If needed, you can also add the restriction to basic users. Learn more about drop rules.
Save your views
You can save your logs query, table configuration, time range, and attribute grouping in a saved view, so that you can quickly return to it later. To save a log analytics view after you've configured the view:
From any of the UI pages in the Your logs section, click Saved views on the right, then click Create new.
Give the current view a name.
Select which aspects from the current view you want to save.
Select permissions for your team members' access.
Examples
Here are a few examples of how you can use our logs UI to get detailed information.
You can create alert conditions directly in the logs UI:
Search for results that you want to alert on; for example, service_name:"your service" "fatal error".
Click the bell icon beside the query bar.
Complete the procedure
Review the NRQL query that will power the alert condition.
After you save the alert condition, you can view it in the UI, where you can make additional changes as needed.
From the Logs UI, you can add log data as a table widget to a dashboard. You can also create log tables with metrics and events or the query builder in New Relic.
On the right, click Saved views and select a saved view. Or, search for results you want to plot; for example, service_name:"checkout service" "process failed".
Click Add to dashboard, then fill out the details to add the log chart as a table to an existing or new dashboard.
Then, from your dashboard you can:
Use standard dashboard widget functions, such as copying, editing, deleting, and more.
Click any log row to show details about it.
Update your query to add more columns.
Query log data from other available accounts, and add more charts (for example, as comparative data) to your dashboard.
Click Open in logs to go directly to the Logs UI for additional troubleshooting.
To have a better understanding of what was happening on the host at the time an error occurred in your app, you must be able to see logs in context. Then, to troubleshoot related errors:
Go to APM > Errors inbox or APM > (select an app) > Events > Error analytics, and select an error trace.
From the error trace details, click Open in logs.
Browse the related log details.
To identify the host generating the error, click ... for your choice, then click Show surrounding logs.
To troubleshoot latency this way, you must be able to see logs in context. Then, to have a better understanding of how your systems were operating when performance noticeably slowed:
From the app's Summary page, click Distributed tracing, then select a particularly slow trace.
From the trace Details, click Logs.
Links to logs in New Relic
Depending on your New Relic subscription, you can access your logs from several places in the New Relic UI. For some of these options, you must be able to see logs in context.
ヒント
Let your app's agent forward log data directly to New Relic with APM logs in context. No need to install or maintain additional third-party software!
