Groups are a way to represent a portion of your logs. Examples:
- Environments, like "Production" or "Staging"
- Geographical locations, like "San Jose datacenter" or "us-west"
- Products or business units, like "Public website" or "Acme systems"
- System roles, like "Web servers" or "Postgres cluster"
Create groups for different sets of senders (typically systems) that you frequently examine logs from.
Senders may be part of multiple groups. For example, a Web server in NYC may be in the groups "Web servers", "NYC colo", and "E-commerce site".
Think of groups and searches as far more flexible equivalents to a log file name. Groups decide which senders should be examined. Searches can further refine the logs that you see from those senders (by log file name/program name and many other attributes, even sender).
When the account was created, Papertrail automatically added a group called All Systems or All Apps that contains every sender. When you create a new group, it will appear on the Dashboard along with that group.
Groups are sets of senders, typically systems. Searches can further constrain which log messages are shown, creating a view of only certain messages from the senders in that group.
A search examines the logs from the senders that are part of that group. When a group is created, Papertrail automatically includes an All events search for you. This search simply applies no further constraints. For example, clicking the All events search within the All Systems group shows all messages from all systems.
Frequently-used searches can be saved within the relevant group. For example, within a "DB servers" group, there might be searches called "Slow queries", "Deadlocks", and "UPDATE queries", each of which provides a different filtered view of the logs.
To change a group's name or add or remove senders, click the name of the group, like SJC datacenter in this screenshot:
On the group detail page, click Edit Settings & Membership in the upper right corner:
On the group settings page, add or remove individual systems by checking or un-checking the box next to the system.
The automatically-created group All Systems or All Apps is not editable.
Yes. See mapping senders to groups.
Yes. Imagine that one search needs to exclude logs from a sender that is a member of the group. For example, there is an existing group called "Web servers" that includes a sender called
www42. In one specific search in the "Web servers" group, logs from
www42 should be excluded.
Because this specific set of systems ("Web servers except www42") is not frequently examined, it probably doesn't justify creating a new group. In that case, use the search query to exclude logs from
abc def "something else" -sender:www42
This will run the
abc def "something else" search, but with an additional operator to exclude logs from any senders whose name contains
The scripts are not supported under any SolarWinds support program or service. The scripts are provided AS IS without warranty of any kind. SolarWinds further disclaims all warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The risk arising out of the use or performance of the scripts and documentation stays with you. In no event shall SolarWinds or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the scripts or documentation.