Documentation forSolarWinds Observability SaaS

Collect logs

When you configure an entity for SolarWinds Observability SaaS, log monitoring may automatically begin. Logs and other data may be detected at the same time. For example, SolarWinds Observability SaaS may receive logs from a cloud monitored host, as well as logs created by host monitoring agents. You can also send logs directly to SolarWinds Observability SaaS for ingestion and analysis.

These logs can be monitored to track activity, analyze trends, and alert you to problems with the host or device from which the logs came.

Use the Logs Explorer to view all logs. If ingested logs are associated with a monitored entity, that entity's logs can also be seen in a tab in the Entity Explorer.

SolarWinds Observability SaaS also offers a simple command-line interface (CLI) to retrieve, search, and tail logs and perform account operations (such as registering systems). For more information on using CLI, refer to Command-line client for SolarWinds Observability.

Monitor logs in SolarWinds Observability SaaS

Use the OTel-based SolarWinds Observability Agent to collect and send logs, or configure your application or host to send logs directly to the SolarWinds Observability endpoint URL using an ingestion API token. Logs can be sent via HTTPS or syslog, or from your cloud provider with an AWS lambda function or Azure event function.

To collect logs for a services entity monitored by an APM library, configure the library to include trace context with the application logs, send application logs using syslog, and associate the syslog logs with the service entity. Application logs can also be sent via HTTPS, but the logs may not be able to be associated with the service entity.

In order to get the best results and to ensure that the host, app, and severity are correctly parsed, it is recommended to format logs sent to the HTTP collector as syslog.

To send logs with the SolarWinds Observability Agent or using HTTPS or syslog, complete the following steps:

  1. In SolarWinds Observability SaaS, click Add Data at the top.

  2. In the Add Data dialog Intro, click Collect and analyze my logs.

  3. Click Manual Configuration.

  4. Create or select an API ingestion token to use when sending your logs by doing either of the following:

    • Select Generate New Token and enter an Ingestion Token Name, then click Next.
    • Select Use Existing Token and select an ingestion token from the list, then click Next.

  5. Select a message logging standard to send your logs.

  6. Select whether to send a single log, or bulk logs.

  7. Follow the configuration instructions provided to start sending logs.

  8. Click View Logs.

For detailed instructions on how to send logs in specific scenarios, see: