The following article exclusively pertains to a Graylog Enterprise feature or functionality. To learn more about obtaining an Enterprise license, please contact the Graylog Sales team.

Log View is a widget that presents log data in a format similar to common log format; it has the look and feel of a console output. The Log View widget allows you to scroll through log events as new lines populate in real-time.

The Log View widget provides a way to investigate your log events, so you can:

  • Record faults to diagnose and debug.
  • Identify security breaches and other system and network misuses.
  • Perform audits.

The Log View widget allows you to create highly customizable reports and info graphics, add reports to your dashboards, and save and retrieve reports in the event you need to review that data. You can add new values, fields, and metrics to build reports that meet your needs.

Hint: Graylog Open Source is limited to exports in CSV, as detailed in Export results as CSV. However, three additional formats are available in Enterprise: JSON, Newline delimited JSON, and Plain Text form.

Log View Usage

To build familiarity with Log View, perform the following actions.

  • Create a new Log View widget.
  • Expand your report with additional fields in the widget.
  • Focus on the widget with an expanded view.
  • Export data from the widget.

Create a Log View Widget

The log view widget option is located on the expandable bar on the left. To create your first widget:

  1. Click the Create (+) button to extend the menu.
  2. Select Log View to generate the widget in the main UI.

When the button generates a new widget, timestamp, source,and message are presented in plain text format.

Add New Fields to the Report

To build more informed reports, add a new field to the widget. For example, you may need to associate activity between company.org and a response code.

  1. Click the diagonal arrow icon on the right side of a log line.
  2. Review and select one or more options, e.g. https_response_code.

Alternately, add new fields via the chevron icon (mentioned in Aggregation).

  1. Click Edit from the menu.
  2. Locate FIELD SELECTION AND ORDER on the bottom left.
  3. Click the drop down arrow, or type in a value.
  4. Click Add to include the field in your widget.
  5. Press the Update Widget button to save any edits.

Focus on the Widget

Locate the Focus this widgeticon in the main log view interface. Click to expand the widget to full view.

Build a Dashboard with Shareable Data

In this section, you will determine a format that best suits your message delivery efforts, and download a report. For example, you might pass on:

  • Plain text data to your peers for analysis (e.g. Log File/Plain Text ).
  • Data to a logging library built in JavaScript (e.g. JSON ).
  • Structured data objects to TCP or UNIX pipes (e.g. NDJSON ).

If configured, you can use the dashboard created above in the Create a Log View Widget section.

Follow these steps:

  1. Click the chevron icon to access the Actions menu (seen in the image above).
  2. Choose Export from the menu to access the dialogue.
  3. Output Format — choose from JSON, Log File/Plain Text, NDJSON (Newline-delimited JSON), or CSV.
  4. Fields to Export — add additional fields to the pre-defined options chosen in Add New Fields to the Report.
  5. Time Range — Click the clock icon to configure an absolute date range. The format is displayed as yyyy-MMM-dd HH:mm:ss.SSS.
  6. Choose all necessary fields, and, if necessary, select Messages limit.
  7. Click the Start Download button.