Live tail lets you view, search and filter the logs as they are ingested into observIQ. To begin streaming live tail logs, head to the Live Tail menu, in your observIQ account.
- Click the play button to begin streaming logs
- Click the pause button to stop streaming
- Hovering over the live icon gives you the rate at which your logs are ingested
- Scroll through the logs that are ingested
- Scrolling up will automatically pause the stream
- Scrolling down automatically resumes streaming
Enter a search string or query to filter the live-tailed logs. For instance: To live stream only the logs related to one of the laptops in your network, or one single application, enter a query specific to that or simply a search string with the name of the application or device. Do remember that having your logs enriched with additional information in your log pipelines helps in scenarios like this, where this additional information could be used to drill down the most relevant logs. (Cross-reference to that doc)
You may filter the logs during a live tail session or when it is paused based on:
- Severity: severity assigned by the source
- Agent: If there are multiple fleets in your observIQ account, you may choose one specific log agent that you would like live-tailed.
- Source: Filter the logs from a single source in your live tailed view
- Type: Filter based on the system services such as syslog, JournalD, etc.
With Live Tailed logs, your DevOps team is always equipped with the right information in new code rollouts and network additions/deletions. Distributed teams can keep up with the live events in a network by collaboratively viewing the logs being Live Tailed from the deployment to production.
- Your live tail session is set to stream automatically for 15 mins. After the set 15 mins session, clicking the Play button restart live tailing.
- If you navigate to another tab, your logs will continue to stream, until the 15 mins mark is reached
Updated 10 months ago