Event Viewer (legacy)

Introduction

The event viewer, also called the log viewer, is a core part of Papertrail. This is a short introduction. For a more complete interactive tour, see tour.

We released a new event viewer! Learn more about it here.

Elements

Tail live logs
Search logs
Save searches and create alerts
Log velocity graph
Seek to a time or date
Show related context
Navigate the viewer
Customize the viewer

Screenshot

Live tail

When you arrive in the log viewer, Papertrail is showing events as they happen. It's realtime, as if you were logged directly into a system (or hundreds of systems). Logs are live.

Pause logs

To pause live logs, scroll up or click PAUSE:

Live tail: pause

Resume live tail

When paused on current logs, click LIVE to resume live tail:

Live tail: resume

Return to current and resume live tail

When viewing older logs, click the down arrow or scroll down to return to current logs and resume live tail.

Live tail: jump to current

Search

Search is integrated into Papertrail's event viewer:

Log viewer: search

Find anything just by typing what you know. If you've used Google search, Papertrail search works much the same way, including phrases ("), logical operators (AND, OR), and exclusion (-).

Click the upper right Help menu to see example searches without leaving the log viewer, or read the syntax.

Save searches and create alerts

As your team uses Papertrail more, some searches will probably be worth accessing again, receiving in email, graphing, or otherwise retaining.

After entering a search query, click Save Search to retain the query:

Log viewer: save search

Give it a name, and optionally set up a search alert right away:

Alerts can also be added later.

The saved search will be shown on the team-wide Papertrail Dashboard, like these:

Dashboard: saved search

and will be accessible from the event viewer's Saved Searches button:

Log viewer: saved searches

Log velocity graph

When viewing or searching logs, click the graph button to see patterns in the number of messages:

Velocity graphs help identify patterns or anomalies, reducing the time needed to spot trends or troubleshoot errors. They can also be used to seek to a particular time by clicking a point on the line.

Time seek

To seek directly to any date or time in the searchable history, click the clock icon:

Time picker

The time seek will expand:

Seek to

Enter the desired point and click Seek To. While seeked to a time other than the present, the icon shows the current seek time:

Log viewer: time seeked to

Just click it to change the seek time or return to the present. Any search query will remain active.

When you enter a time, the time zone in your Papertrail profile is used.

Read more about time zones in distributed environments here or here.

Note: Seeking across a DST boundary will jump to a position that is off by 1 hour (details).

Context

Find a message that could use some background? There are four quick ways to put events in context.

Host or program

Click the orange or blue links in the log viewer to see an event in host or program context:

Log viewer: context

The log sender link will show that message in context of all messages from that sender (for example, to see a complete error that occurred on a single system).

The log type link will show that message in context of messages from that program (process) in the current group.

After clicking, you'll be looking at the same log message and any search query will be retained.

Event actions

To bring up the event actions menu, hover over an event and click the + button on the left.

This menu exposes actions to:

copy this event's log line text
link to this event, in the same context you're viewing
show this event in the command-line interface
show this event within events from a system, program, system & program, or group

Shortcut linking to an event by Cmd/Ctrl+click on the + button.

Event selection

While holding Shift, hover over an event and click Event selection icon (selection button) to start a selection. A range can be selected by continuing to hold Shift and clicking a selection button above or below an existing selected event.

Event selection

When there is an active selection, the event viewer URL will update to reflect which events are selected, so that the URL can be shared.

Press Esc to clear a selection.

Click-to-search

You can turn pieces of your log messages into clickable elements. When these are clicked, the event viewer will display all surrounding messages that match the clicked element. This could be an IP, email address, user ID, request ID, domain name, source code filename, or any other part of a log message—you get to decide.

Learn more about how this works →

Navigation

Keyboard shortcuts

Press ? while in the log viewer and all will be revealed.

Multiple companies

You may have access to multiple Papertrail entities representing different companies' logs. Within the log viewer, switch entities at will. See Managing logs from multiple companies.

Customization

Contrast

From your profile, change between black on white or white on black:

Log viewer preferences

Colors

Papertrail uses orange and blue for links to show related context, as well as rendering supported ANSI color codes present in log messages. Additional colorization can be customized; see Log colorization.

Display options

Papertrail provides a few common customizations on demand:

Display options

Use Truncate Message to display each message on one line only. Great for aligning messages to view patterns. Click on a line to expand it.

Use the other options to hide parts of the log message that aren't necessary; for example, Papertrail timestamps if messages have internal timestamps.

Filtering

Seeing noisy logs? Although your systems and apps decide which log messages are sent to Papertrail, Papertrail can optionally filter noise on your behalf. See Log filtering.