The Logs Explorer is your home base for troubleshooting and exploration:
In this view you can:
Build up a context to explore your logs in your log explorer view first by selecting the proper time range then by using the search bar to filter your Logstream and Log Analytics.
The time range feature allows you to display logs in the Logstream or Log Analytics within a given time period. It appears directly under the search bar as a timeline. The timeline can be displayed or wrapped up with the Show timeline check box in the Logstream option panel.
Quickly change the time range by selecting a preset range from the dropdown:
Use facets, measures, tags, or even free text search to filter your Logstream and Log Analytics with dedicated context. The search bar and url automatically reflect your selections.
Follow the guide to search your logs for a detailed explanation of all the Log Explorer search features, including use of wildcards and queries of numerical values.
Use saved views to automatically configure your log explorer with a preselected set of facets, measures, searches, time ranges, and visualizations. Check the dedicated saved views documentation to learn more.
Export your current log visualization with the share functionality:
Use the share button to send your current log explorer view to a CSV file, team member, or create a monitor:
| Button | Description |
|---|---|
| Export to Monitor | Export the query applied to your logstream to create the query for a new log monitor. |
| Export to CSV | Export your current logstream view with its selected columns to a CSV file. You can export up to 5,000 logs at once. |
| Share View | Share a link to the current view with your teammates through Email, Slack, and more. See all Datadog notification integrations available. |
| Button | Description |
|---|---|
| Export to Monitor | Export the query applied to your log analytics to create the query for a new log monitor. |
| Export to Dashboard | Export the current analytic as a widget to an existing or new dashboard. |
| Generate new Metric | Generate a new metric out of the current analytic query. |
Switch between the Log Search and the Log Analytics modes by clicking on the Log Mode button in the upper left corner of the page:
The Log Search is the list of logs that match the selected context. A context is defined by a search bar filter and a time range.
The Log Search is displayed in the logs table.
Configure the logs table content according to your needs and preferences with the “Options” button. Among your custom attributes, only faceted or measures attributes are available for columns.
Log results are sorted by date—the most recent on top by default. You can also inverse-sort by date, with the least recent (within the limits of the time range) on top.
Click on any log line to open the log panel and see more details about it: raw message, extracted attributes, and tags (with host, service, and source tags on top).
Some standard attributes—for instance, error.stack, http.method, or duration—have specific highlighted displays in the Log Panel for better readability. Make sure you extract corresponding information from your logs and remap your attributes with standard attribute remappers.
Interact with the attributes names and values in the lower JSON section to:
Interact with the upper reserved attributes section:
host of the log.trace_id attribute in the log: refer to trace injection in logs) or append search request with the service of the log.source of the log.The View in context button updates the search request in order to show you the log lines dated just before and after a selected log—even if they don’t match your filter. This context is different according to the situation, as Datadog uses the Hostname, Service, filename, and container_id attributes, along with tags, in order find the appropriate context for your logs.
Use the Share button to share the log opened in side panel to other contexts.
Ctrl+C / Cmd+C copies the log JSON to your clipboard.After having gone through Datadog processing, log parsing, and having facets and measures over the important attributes, you can graph log queries and see maximums, averages, percentiles, unique counts, and more.
Follow the log graphing guide to learn more about all the graphing options.
Investigating large volumes of log data can be time consuming: you can spend hours on them and still understand only a fraction of them. However, applicative logs often look the same with some fraction of them varying. These what we call patterns.
In the Log Explorer, patterns can be surfaced automatically to bring structure to the problem and help you quickly see what matters—exclude what’s irrelevant.
Find out more in the Log Patterns section
After being processed with the help of pipelines and processors, your logs attributes can be indexed as facets or measures in order to be accessible for your context creation and Log Analytics.
Note:
To leverage the most out of your Log explorer view, make sure your logs attributes follow Datadog attribute naming convention.
Facets on Reserved Attributes are available by default.
A facet displays all the distinct members of an attribute or a tag and provides some basic analytics, such as the number of logs represented. Facets allow you to pivot or filter your datasets based on a given attribute. To filter, select the values that you want to see.
Create a Facet:
To start using an attribute as a facet or in the search, click on it and add it as a facet:
Once this is done, the value of this attribute is stored for all new logs and can be used in the search bar, the Facet Panel, and in the Log Analytics query.
A measure is a attribute with a numerical value contained in your logs.
Create a Measure:
To start using an attribute as a measure, click on a numerical attribute of your log:
Once this is done, the value of this attribute is stored for all new logs and can be used in the search bar, the Facet Panel, and in the Log Analytics query.
Select the Measure Unit:
Each measure has its own unit that is then used for display in the Log Explorer columns, Log stream widgets in dashboards, and Log Analytics.
