The following article exclusively pertains to a Graylog Operations feature or functionality. To learn more about obtaining an Operations license, please contact the Graylog Sales team.

Log View is a widget that presents log data in a format similar to common log format; it has the look and feel of a console output. The Log View widget allows you to scroll through log events as new lines populate in real-time.

The Log View widget provides a way to investigate your log events, so you can:

  • Record faults to diagnose and debug.
  • Identify security breaches and other system and network misuses.
  • Perform audits.

The Log View widget allows you to create highly customizable reports and infographics, add reports to your dashboards, and save and retrieve reports in the event you need to review that data. You can add new values, fields, and metrics to build reports that meet your needs.

Hint: Graylog Open Source is limited to exports in CSV, as detailed in Export results as CSV. However, three additional formats are available in Enterprise: JSON, Newline delimited JSON, and Plain Text form.

Log View Usage

To build familiarity with Log View, perform the following actions.

  • Create a new Log View widget.
  • Expand your report with additional fields in the widget.
  • Focus on the widget with an expanded view.
  • Export data from the widget.

Create a Log View Widget

The Log View widget is located on the expandable bar on the left.

To create your first widget:

  1. Click the Create (+) button to extend the menu.
  2. Select Log View to generate the widget in the main UI.

When the button generates a new widget, timestamp, source,and message are presented in plain text format.

Add New Fields to the Report

To build more informed reports, add a new field to the widget. For example, you may need to associate activity between company.org and a response code.

  1. Click the diagonal arrow icon on the right side of a logline.
  2. Review and select one or more options, e.g. https_response_code.

Alternately, add new fields via the chevron icon (mentioned in “Aggregation”).

  1. Click Edit from the menu.
  2. Locate FIELD SELECTION AND ORDER on the bottom left.
  3. Click the dropdown arrow, or type in a value.
  4. Click Add to include the field in your widget.
  5. Press the Update Widget button to save any edits.

Focus on the Widget

When you return to the main Log View UI, identify the X-crossed arrow icon next to the other widget icons.

Click the icon to expand your widget to full view:

Build a Dashboard with Shareable Data

In this section, you will determine a format that best suits your message delivery efforts, and download a report. For example, you might pass on:

  • Plain text data to your peers for analysis (e.g. Log File/Plain Text ).
  • Data to a logging library built in JavaScript (e.g. JSON ).
  • Structured data objects to TCP or UNIX pipes (e.g. NDJSON ).

If configured, you can use the dashboard created in Create a Log View Widget.

Follow these steps:

  1. Click the chevron icon to access the Actions menu (seen in the image above).

  2. Choose Export from the menu to access the dialogue.

    • Output Format — choose from JSON, Log File/Plain Text, NDJSON (Newline-delimited JSON), or CSV.
    • Fields to Export — add additional fields to the pre-defined options chosen in Add New Fields to the Report.
    • Time Range — Click the clock icon to configure an absolute date range. The format is displayed as yyyy-MMM-dd HH:mm:ss.SSS.

  3. Choose all necessary fields, and, if necessary, select Messages limit. Click the Start Download button.