Log Management

The power of the ELK stack while relieving you of Elasticsearch management hassle, infrastructure, and high expert staff costs.

ELK as a Service, Fully Managed

Fully managed Elasticsearch in the Cloud.  Elasticsearch API and fully integrated Kibana give you the power of the ELK stack while relieving you of Elasticsearch management hassle, infrastructure, and high expert staff costs.
  • Ship data with your favorite data shipper – Logstash, Filebeat, rsyslog, Logagent, and many others
  • Correlate logs with infrastructure and application metrics
  • Extract business KPIs from logs to build rich reports and dashboards
  • Automatic field and type detection with smart mappings and templates
  • Field editor to explicitly control your log structure and types
  • Query your data via Elasticsearch API with Elasticsearch Query DSL
  • Use integrated Kibana, Sematext Cloud UI, Grafana, Apache Zeppelin – anything that speaks Elasticsearch – including curl

Powerful Searching and Filtering

If you know how to search with Google, you’ll know how to search your logs in Sematext Cloud.
  • Use AND, OR, NOT operators – e.g. (error OR warn) NOT exception
  • Group your AND, OR, NOT clauses – e.g. message:(exception OR error OR timeout) AND severity:(error OR warn)
  • Don’t like Booleans?  Use + and – to include and exclude – e.g. +message:error -message:timeout -host:db1.example.com)
  • Use explicitly field references – e.g. message:timeout
  • Need a phrase search? Use quotation marks – e.g. message:”fatal error”
  • Use range queries to find all logs with numeric values in the given range. Need to find HTTP error logs? Range query to the rescue — status:[400 TO 499]
  • Use wildcards when in doubt (e.g. err*)

Syslog Support

Syslog comes in many flavors of message formats, protocols and daemons. You can see this as a big blob of legacy that you have to drag around, or as a rich set of possibilities to pick from and profit. Either way, Sematext Cloud will support pretty much every flavor known to mankind:
  • There are copy-pastable configurations for all major syslog daemons: traditional syslogd, rsyslog, syslog-ng and nxlog
  • Send logs in traditional RFC-3164 message format or the newer RFC-5424
  • Send syslog events as JSON over socket
  • Traditional UDP syslog will work, of course, but you can also send data over TCP for more reliability. Even more reliability is provided by RELP. If you need encryption, you can use TLS syslog.

Alerting on Logs

You can alert on metrics, as well as logs.
  • It’s simple: run a query, save it as alert query, optionally select additional notification hooks like Slack, PagerDuty, etc.
  • Use query filters to narrow down on logs you really want to alert on – e.g. severity:ERROR
  • Use threshold-based alerts if you have specific thresholds and know what is alarming. Get notified when the number of logs hits the threshold.
  • Use anomaly detection to be alerted on sudden abnormalities in your logs and let statistical algorithms find abnormal log counts.

Live Tail

Live Tail provides a real-time view of your logs as they stream into Sematext Cloud. Say you deployed new code. With Live Tail you will immediately see new errors as they are logged in real-time.
  • It’s like “tail -f” on all your logs in a single place. No, not your terminal!
  • Combine Live Tail with queries and filters to narrow the live log stream to only logs of interest. Yes, like “tail -f | grep”
  • Automatically tags logs that match any of your Saved Queries or Alert Queries
  • Really handy when deploying – everyone on the team sees new errors right away and can quickly go in and fix them

Log Event Context

Once you’ve found a log event of interest a single click will expose its context.
  • Locate the log message with the error that broke your app.  Then use Log Event Content to see what happened before and after.
  • It’s like “grep -C 5 myapp.log”, but across all your logs, not in just one log file.