Logs

Learn about what you may see within Oracle Communications Unified Assurance when you click Logs in the main navigation menu. The Logs UI lets you view the logs from most Unified Assurance processes.

By default, the UI shows you:

A control bar containing:
- The saved query used to find logs.
- The time range of logs to display.
- Buttons for rerunning the search, seeing a live stream of logs, and saving the settings to the default query.
When the query is static, a graph with a count of logs over time.
When the query is streaming live, a table containing the live stream of logs as they occur.
Patterns of logs groups, which you can select to filter the graph and stream.
A table containing the static logs that matched the query the last time it was run.
A control panel on the left where you can select fields to filter the log table by or view top and rare field values.

Seeing a Live Stream of Logs

When you first load the Logs UI, the saved query is run one time, and you see a static set of logs that match the query.

To see a live stream of logs, click the Live button and select a refresh interval. The stream will refresh according to the interval.

You can stop the live stream by clicking the Stop button.

Note:

Leaving the stream running for longer than ten minutes may crash your browser.

Understanding Logs

Each log message appears as a separate row in the log table. The table contains three columns:

View: Click the icon in a cell to see the log in table or JSON format.
Time: The timestamp for the log. Click the column header to sort by this column.
Source: The log details.

The log details are generally in the following format:

@timestamp <timestamp> level <LEVEL> event.dataset <source_name(source_id)> message <message>

where:

<timestamp> is the time the log was written, in YYYY-MM-DD HH:MM:SS.S format.
<LEVEL> is the log level. This can be FATAL, ERROR, WARN, INFO, or DEBUG.
<source_name(source_id)> is the name and ID of the application, service, microservice, or binary that wrote the log. For example, RunMechanizations(3), DatabaseWatchdog(50), or fcom-processor(fcom-processor-1234567-89abc).

For applications that are run as jobs or services, the ID is the job or service ID shown in the Jobs or Services UI.

For microservices, the ID is the name of the Kubernetes pod for the microservice, shown in the Microservice Workloads UI.
<message> is the actual log message. For some logs, all of the information is included in the message instead of parsed separately.

Searching the Logs with the Discover Application

You can edit the default query with a different OpenSearch Piped Processing Language (PPL) query, or you can use the OpenSearch Dashboards Discover application to construct OpenSearch Dashboards Query Language (DQL) queries interactively.

To search the logs using the Discover application:

Access the Discover application by doing one of the following:
- From the Logs page, in the control bar, click the PPL menu and select DQL - Opens in Discover.
- From the main Unified Assurance navigation menu, select Analytics, then Events, and then Discover.
By default, the eventanalytics-* index pattern is selected. Change it to logs-*.
Optionally, adjust the time range and add filters as needed. You can filter by a variety of fields, including application name or ID, log level, and log message.
Enter search terms.

The Discover application searches for terms entered in the search bar in all fields, not just the message. For example, if you enter broker in the search bar, all logs with the word broker in any field are returned. This can include all logs added by the Brokerd service and logs from different applications that mention the term broker in their message.

You can also expand any log in the results list to see its fields, and click the icons in the first column to use that field or value to filter the list.

See the OpenSearch documentation for more information about PPL and DQL:

About Saved Queries

The default query shows all logs. If you have different queries that you use frequently, you can create saved queries for them using the OpenSearch Saved Objects UI.

See Managing Log Analytics Queries.

Any saved searches you have imported are accessible by selecting Logs from the breadcrumb bar at the top of the Logs UI or from the OpenSearch menu, under Observability.

Caution:

It is possible to change the default query and save changes by clicking the Save button. However, your changes will apply for all users with permission to access the Logs UI. Entering a new name when you save updates the name of the default query; it does not save it as a new query.

If you accidentally delete or save changes to the default query, you can reimport it.

Title and Copyright Information

Concepts

G18223-01