Skip to content

Log Explorer

After log data is collected into the system, you can view all the log data reported in the current workspace in Log > Explorer.

Note

If the role of the currently logged-in account has set "Only show rules related to me" in Log > Data Access, the queried log content will be affected accordingly.

View Modes

To meet the needs of viewing and analysis in different scenarios, the Explorer supports multiple display modes.

List

Each field of the log occupies a separate column, displaying all field contents completely, allowing you to intuitively view the detailed information of each log.

Stacked List

Except for the time field (time), all other fields will be merged into the same column and displayed in multiple lines within the cell:

In the stacked mode, you can perform visual operations on specific fields:

All Logs

Display the collected raw log data.

Line Break

In the stacked list, if a single log contains a large amount of data information, clicking the "Line Break" button will make the message part of the log display independently.

Pattern Analysis

The Log Explorer provides efficient clustering functionality, which can analyze the similarity of logs based on the message field and automatically display the most recent 50 logs. You can also customize the clustering fields. After selecting a time range in the Time Widget, the system will analyze 10,000 logs within that period and aggregate similar entries.

In the Pattern Analysis list, you can manage the data through the following operations:

  • Click & to sort the number of documents (default is descending order);

  • Click to choose to display 1 line, 3 lines, 10 lines, or all content.

  • Click to export all clustered log data.

Charts

Based on count, last, first, count_distinct operation modes, filter data under by conditions:

  • Top List
  • Time Series
  • Pie Chart
  • Treemap
  • Grouped Table Chart