Documentation forLoggly

View Your Loggly Data

Searches allow you to find the exact data you need quickly and efficiently. If you want to investigate data represented by a portion of the Event Timeline, you can zoom in to view only the events during that portion of the timeline. Searches and source groups can be saved to make future searches easier.

Search for Your Data

Verify you successfully sent the data to Loggly by searching for all the events you just uploaded.

  1. Click the Search tab in the navigation pane.
  2. If you set up a Linux syslog, type logtype:syslog in the Search all logs field.

    If you set up a Windows syslog, type tag:windows in the Search all logs field.

  3. Select Last Hour in the Time Range drop-down and click Search.

Zoom In On Events

Zoom in to view a subsection of events by clicking in the chart and dragging with your mouse until the selection covers the time period you want to review.
zoom-in

Save Your Search

Click the Favorite star and select Save this search as... in the menu.

Create a name for the saved search and click Save.


saved-search

Create a Source Group

Create a source group to easily search log data that comes from a combination of host names, application names, or custom Tags.

To set up a source group, open the Source Groups page using one of the following methods:

  • In the navigation menu, click Source Setup > Source Groups. Click Add New.

  • In the Search or Charts pages, click the source group drop-down menu and select Create Source Groups.

To define your source group:

  1. Enter a name and description for your source group in the Add Source Group page.

  2. Enter the Syslog Host, HTTP Client Host, Syslog Application, or Tag information in the corresponding field to define the sources you would like to include in your source group. You can add multiple values to a single field, which allows all sources defined in that source type's field to be included. You can also define source values in more than one field, which limits the sources to only those that fit both source type definitions.

    For example, if you build a source group with httpd in the Application box and frontend01 and frontend02 in the Syslog Host box, a search using the source group would only show you only httpd logs from both frontend01 and frontend02. The equivalent query for this is syslog.appName:httpd AND (syslog.host:frontend01 OR syslog.host:frontend02).

  3. Click Save.

Next Steps

Now that you've successfully searched for and viewed your log data in Loggly, continue to Analyze Your Loggly Data.

When the APM Integrated Experience is enabled, Loggly shares a common navigation and settings with the other integrated experiences' products. How you navigate Loggly and access its features may vary from these instructions. For more information, go to the APM Integrated Experience documentation.