Documentation forSolarWinds Observability SaaS

Features and information for users migrated from Papertrail to SolarWinds Observability SaaS

Log destinations

Using SolarWinds Observability SaaS , you can create log destinations for systems that send logs either via HTTPS or via TCP/UDP in a traditional Syslog setup. The connection method is configured when creating a new destination. To create a log destination, go to Logs > Destinations > Create destination.Two types of connections are available in the Create destination wizard:

  • Token-based

    A token-based destination accepts logs sent via HTTPS. These destinations use a provided token for the authentication of POST requests when sending events and can accept single or newline delimited events.

  • Port-based

    A port-based destination accepts logs sent to a dedicated host/port using the Syslog protocol.

    Every created destination appears on the list in the Destinations tab. You can click the destination's name to open its details, view the token or change the destination's description.

Saving logs in SolarWinds Observability SaaS

Log archives in SolarWinds Observability SaaS are saved to a JSON-formatted file, which is then compressed to GNU zipped archive, as opposed to a .tsv format in Papertrail.

API differences between Papertrail and SolarWinds Observability SaaS

The following examples show the syntax of some basic API calls in SolarWinds Observability SaaS :

Last 100 events
curl -X 'GET' \
'https://api.na-01.cloud.solarwinds.com/v1/logs?pageSize=100' \
-H 'accept: application/json' \
-H 'Authorization: Bearer {TOKEN}' \

Query for "payload"
curl -X 'GET' \
'https://api.na-01.cloud.solarwinds.com/v1/logs?filter=payload&pageSize=100' \
-H 'accept: application/json' \
-H 'Authorization: Bearer {TOKEN}' \

Query for data between 12:00am and 12:02am on July 02
curl -X 'GET' \
'https://api.na-01.cloud.solarwinds.com/v1/logs?startTime=2024-07-02T00%3A00%3A00Z&endTime=2024-07-02T00%3A02%3A00Z&pageSize=100' \
-H 'accept: application/json' \
-H 'Authorization: Bearer {TOKEN}' \

In SolarWinds Papertrail, the calls would be constructed as follows:

Last 1000 events
curl -v -H "X-Papertrail-Token: {TOKEN}" https://papertrailapp.com/api/v1/events/search.json

Query for "error"
curl -v -H "X-Papertrail-Token: {TOKEN}" https://papertrailapp.com/api/v1/events/search.json?q=error

SeeSolarWinds Observability SaaS REST API for more information on API and accessing the Swagger documentation.

Differences in SolarWinds Observability search and Papertrail search

Search queries in SolarWinds Observability that are not wrapped in quotes result in terms that contain the query. Only wrapped in quotes results in exact matches, aside from the following exceptions that always use the "contains" matching:

  • sender

  • severity

  • message

  • facility

json.key:value searches behave the same in SolarWinds Observability and Papertrail.

All searches with a key:value syntax is considered a key-value search.