Event viewer
Introduction
The event viewer, also called the log viewer, is a core part of Papertrail. Here is a very short introduction.
Elements
Screenshot
Live tail
When you arrive in the log viewer, Papertrail is showing events as they happen. It's realtime, as if you were logged directly into a system (or hundreds of systems). The tail indicator is lit to indicate that current logs are being shown.
Scroll up or otherwise move away from current logs and the tail indicator darkens.
Current logs (lit) - live
Older logs (darkened( - paused
Changing
To return to current realtime logs, click the darkened tail indicator (or scroll down until the tail indicator is lit again).
Search
Search is integrated into Papertrail's event viewer:
Find anything just by typing what you know. If you've used
Google or GMail, Papertrail search works much the same way,
including phrases ("), logical operators, and
exclusion (-).
Click the upper right Help menu to see example
searches without leaving the log viewer, or read the syntax.
Save searches and create alerts
As the teams uses Papertrail more, some searches will probably be worth accessing again, receiving in email, graphing, or otherwise retaining.
After entering a search query, you'll see a Save
Search button. Click Save Search to retain the query:
Give it a name, and optionally setup a search
alert right away:
Alerts can be created at any time. This new saved search will be shown on the team-wide Papertrail Dashboard, like these:
It will also be accessible from the event viewer's Saved
Searches button:
Context
Finds a message that could use some background? Just click the orange or blue links in the log viewer to see it in context:
The log sender link will show that message in context of all messages from that sender (for example, to see a complete error which occurred on a single system).
The log type link will show that message in context of all requests (for example, to see one HTTP request in context of requests made to a fleet of Web servers).
You'll be looking at the exact same log message and any search query will be retained.
Time seek
To seek directly to any date or time in the searchable history, click the calendar icon:
The time seek will expand:
Enter the desired point and hit Seek To. While
seeked to a time other than the present, the calendar icon will say
so:
Just click it to change the seeked-to time or return to the present. Any search query will remain active.
When you enter a time, the time zone of your local computer is used. Log timestamps are displayed in the time zone in your Papertrail profile. Read more about time zones in distributed environments.
Other
Keyboard shortcuts
Press ? while in the log viewer and all will be
revealed.
Contrast
Change between black on white or white on black:
Multiple companies
You may have access to multiple Papertrail entities representing different companies' logs. Within the log viewer, switch entities at will. See Managing logs from multiple companies.
Filtering
Seeing noisy logs? Although your systems and apps decide which log messages are sent to Papertrail, Papertrail can optionally filter noise on your behalf. See Log filtering.
Colors
Papertrail uses orange and blue for links to show related context, as well as rendering any ANSI color codes present in log messages. Additional colorization can be customized; see Log colorization.
Command-Line Interface
Head over to the papertrail-cli README.