Last updated at Mon, 06 Nov 2017 21:37:18 GMT
Introducing Visual Search
In our never-ending effort to help you wrangle your infrastructure, we are constantly improving and adding new functionality to Logentries. In that spirit, today we are happy to announce Visual Search. Visual Search is truly a one of a kind feature, it makes the whole process of an investigation shorter and simpler. By automatically visualizing top trends appearing in your data, Visual Search allows you to simply click to drill in and out of datasets to identify trends and anomalies. As you click through your data, Visual Search automatically builds a search query for you. Now, your entire investigation can now be done without ever making a single keystroke. With Visual Search, you will never have to write a query again.
Table of contents
- Explore automatically generated visualizations
- Add new cards
- Save a Visual Search
- Visual Search data types
Explore automatically generated visualizations
To get started with Visual Search, choose the logs you would like to visualize. Then, in the query builder, click the mode drop down and select Visual, like so:
You will now be presented with three visualizations based off of the trends in your log data. You can add data from multiple different sources to this search by selecting additional logs from the left. Below is an example of Apache Access logs being viewed in Visual Search mode.
Without ever typing a query, you can start to search this data by simply clicking on any one of the charts. For example, clicking on the large piece of the pie chart representing 200 status codes will update both the query bar and all of the other visualizations to this new search.
As you continue to click on different parts of the charts the query bar and other visualizations will continue to update. You can also exclude portions of the search query and manipulate boolean values by clicking and pointing.
The chart type of the automatically generated visualizations can be changed to a different format. To change a chart type, click on the gear in the top right corner of the card and then select Edit. On the new panel, you can now change the name, query, and visualization options for the selected card.
Add new cards
You may wish to visualize additional data in your logs beyond the cards Visual Search automatically creates. In this case, you can click on the Add card button and select a key from the drop down.
After adding your new card, you can continue to click and point to drill into the selected log data. All cards can be removed or have their configuration changed.
Save a Visual Search
Now that you have added cards, configured cards, and searched by pointing and clicking. You have your data just the way you want it. You can save this Visual Search so that you can run it again in the future. To save a search click the Save button and give your search a name.
Now you can easily get right back to your same Visual Search anytime in the future by clicking on the Saved drop down and choosing your search.
Visual Search data types
Visual Search works with all log formats that are parsed by Logentries.
These log formats include:
- Combined Log Format (From your Apache and NGINX servers!)
- Syslog Tags
- Key Value Pair (KVP) data
Logentries automatically parses the implied keys of these data formats. Making it easy to search and analyze this data using traditional LEQL queries as well as Visual Search.