Logs
Learn about what you may see within Oracle Communications Unified Assurance when you click Logs in the main navigation menu. This lets you view the logs from most Unified Assurance processes. In addition to the main grid that shows the lines logged from a variety of applications, a search bar is shown along with buttons that will change what data is displayed. This document also includes some examples of different searches that can be done using this interface.
Different Controls
There are some additional controls next to the search bar that allow for additional refinement of the results that are displayed.
-
Settings - clicking on this button will show additional options, like adding additional columns to the list.
-
Highlights - clicking on this button will show another text entry box to highlight specific text in the results.
-
Date - clicking on this button will show a date picker to restrict the dates of logs in the results.
-
Stream live - clicking on this button will show a constant stream of logs.
Grid Details
To understand what is being displayed in the grid, this line will be used as a basic example:
12:00:00.275 GenericSNMPPollerd(47) [INFO] Main -> Poll Executed at [1694624400]
Each line contains several distinct pieces of data that can be useful for troubleshooting purposes:
-
12:00:00.275: the time the line was written to the log.
-
GenericSNMPPollerd: the name of the binary that wrote to the log.
-
(47): the application ID that wrote to the log. This ID correlates to the ID field that is displayed in the Jobs and Services UI's.
-
:8: the thread ID that wrote to the log.
Note:
This field normally shows a numerical value, but being "missing" like in this example means that it is the applications main thread that is writing the message to the log.
-
[INFO]: the logging level of the specific message.
-
Main -> Poll Executed at [1694624400]: the message that was written to the log.
The Search Bar
At the top of the UI, there is a search bar that can be used to filter the results displayed for correlation purposes. Search criteria can be either manually entered into the search bar, or viewing the details for a log message will show a button to filter results to that data type and value.
Caution:
Be aware that clicking on one of the fields will replace any text that was previously in the search bar.
Tags
A variety of tags are available for use in the search bar.
Important:
When manually entering text into the search bar, be aware that most of the tags are case sensitive. This means that filtering for level:INFO may return results, but level:info will not.
| Name | Data Type | Sample Data | Description |
|---|---|---|---|
| app | Text | Syslogd | Name of the binary that wrote to the log. |
| appID | Integer | 26 | The application ID that wrote to the log. This ID correlates to the ID field that is displayed in the Jobs and Services UI's. |
| agent.hostname | Text | unified-assurance.example.com | The host FQDN of the server that wrote to the log. |
| agent.name | Text | unified-assurance.example.com | The host FQDN of the server that wrote to the log. |
| host.name | Text | unified-assurance.example.com | The host FQDN of the server that wrote to the log. |
| level | Text | DEBUG | The logging level of the specific message. |
| log.file.path | Text | /opt/assure1/logs/EventSyslog.log | The full path to the log file. |
| message | Text | Main -> Checking for reload | The message that was written to the log. |
| pid | Integer | 55214 | The process ID of the binary that wrote to the log. For Services, this value can be displayed in the "Last PID" column, but may not be accurate if the application is restarted. Jobs will not display this value. |
| thread | Integer | 4 | The thread ID that wrote to the log. |
Search Examples
Single tags can be used to look for specific data. Here are a few examples:
-
If no tags are used, the search will be applied against the "message" part of the log:
poll -
If searching for multiple words, double quotes will be needed to search properly. As an example, this filter will return any message with the word poll or the word cycle:
poll cycleHowever, if double quotes are used, only lines that match exactly will be returned. As an example, this filter will return any message with the words poll cycle:
"poll cycle" -
This will show all logs from the Unified Assurance Broker:
app:BrokerdThis will show all logs from the Unified Assurance Event Syslog Aggregator:
app:Syslogd -
This will show logs from many applications with the logging level set to "INFO":
level:INFO -
This will show all logs from the "unified-assurance.example.com" server, which may be needed in multi-server environments:
host.name:"unified-assurance.example.com"
Multiple tags can be added together to do complex searches through the logs:
-
This will show all logs from the Unified Assurance Broker or the Unified Assurance Event Syslog Aggregator:
(app:Syslogd OR app:Brokerd) -
This will show all logs from the Unified Assurance Event Syslog Aggregator, but only with the logging level set to "INFO":
(app:Syslogd AND level:INFO)
See Query String Syntax in the Elasticsearch documentation for additional information about the query language.