What can I do on the Discover page?

Discover is your landing page. Discover gives you the tools you need to explore your logs - access, search, filter all of the logs in your index.

Selected and Available Fields

Fields are objects that discovered and parsed from your logs by our log agent and indexed by observIQ Cloud. You can use these fields to filter, sort your logs - create more advanced searches.

By default, 2 fields will be selected by default: severity and type. Selected fields will visible as a column in the log viewer to the right. Note: the time and summary fields will always be present in the logs viewer, despite not being selected fields.

As your logs are ingested, you'll see the Available fields section begin to populate as new fields are discovered.

Selecting a field gives you additional options as well: seeing the % of occurrences of the field's value present in the last X records, as well as allow you the +/- filter for that value as well.

Time Period Controls

With the Time Period controls, you can specify a relative, absolute time period to search your logs. You can also set the time range to Now if you're looking for your recent set of logs. Adjusting the Time range directly reflects what's displayed in the histogram and log viewer below. The default behavior to search and display logs from the last 15 minutes.

Filter and Search

  • Search: allows you to search the contents of your logs. Note: depending on your
  • Filter: allows you to filter your logs with fields and operators
    • Severity:
    • Agent:
    • Source:
    • Type:
  • Save Searches and Filters

You can use a combination of searching and filtering to narrow down what you're looking for. You can also save a filter, query, or a combination of both for future use.

Log Viewer

Provides you a view of all incoming log messages within the provided time period. You can expand your log event by clicking the right-facing arrow which turns into a downward-facing arrow. This provides a human-readable view of the contents of your log message, including all of the fields. Expanding the document also allows you to view your event in context using the View Surrounding Documents function, as well as provide a focused view of the event as well using the View Single Document function.

You can find more information about the contents of a log event in observIQ Cloud here: Log Contents

Additionally, to make filtering easier, you can hover over fields and use the +/- buttons to quickly add filters to your filter bar.