Searches allow you to find the exact data you need quickly and efficiently. If you want to investigate data represented by a portion of the Event Timeline, you can zoom in to view only the events during that portion of the timeline. Searches and source groups can be saved to make future searches easier.
Verify you successfully sent the data to Loggly by searching for all the events you just uploaded.
- Click the Search tab in the navigation pane.
If you set up a Linux syslog, type logtype:syslog in the Search all logs field.
If you set up a Windows syslog, type tag:windows in the Search all logs field.
- Select Last Hour in the Time Range drop-down and click Search.
Zoom in to view a subsection of events by clicking in the chart and dragging with your mouse until the selection covers the time period you want to review.
Click the Favorite star and select Save this search as... in the menu.
Create a name for the saved search and click Save.
To set up a source group, open the Source Groups page using one of the following methods:
In the navigation menu, click Source Setup > Source Groups. Click Add New.
In the Search or Charts pages, click the source group drop-down menu and select Create Source Groups.
To define your source group:
Enter a name and description for your source group in the Add Source Group page.
Enter the Syslog Host, HTTP Client Host, Syslog Application, or Tag information in the corresponding field to define the sources you would like to include in your source group. You can add multiple values to a single field, which allows all sources defined in that source type's field to be included. You can also define source values in more than one field, which limits the sources to only those that fit both source type definitions.
For example, if you build a source group with
httpdin the Application box and
frontend02in the Syslog Host box, a search using the source group would only show you only httpd logs from both frontend01 and frontend02. The equivalent query for this is
syslog.appName:httpd AND (syslog.host:frontend01 OR syslog.host:frontend02).
Now that you've successfully searched for and viewed your log data in Loggly, continue to Analyze Your Loggly Data.
When the APM Integrated Experience is enabled, Loggly shares a common navigation and enhanced feature set with the other integrated experiences' products. How you navigate the product and access its features may vary from these instructions. For more information, go to the APM Integrated Experience documentation.