Event viewer

Introduction

The event viewer, also called the log viewer, is a core part of Papertrail. This is a short introduction. For a more complete interactive tour, see tour.

Elements

Screenshot

search-and-tail

Live tail

When you arrive in the log viewer, Papertrail is showing events as they happen. It’s realtime, as if you were logged directly into a system (or hundreds of systems). Logs are live.

Pause logs

To pause live logs, scroll up or click PAUSE:

livetail_pause.png

Resume live tail

When paused on current logs, click LIVE to resume live tail:

livetail_live.png

Return to current and resume live tail

When viewing older logs, click the down arrow or scroll down to return to current logs and resume live tail.

livetail_return.png

Search

Search is integrated into Papertrail’s event viewer:

log-viewer-search.jpg

Find anything just by typing what you know. If you’ve used Google search, Papertrail search works much the same way, including phrases ("), logical operators (AND, OR), and exclusion (-).

Click the upper right Help menu to see example searches without leaving the log viewer, or read the syntax.

Save searches and create alerts

As your team uses Papertrail more, some searches will probably be worth accessing again, receiving in email, graphing, or otherwise retaining.

After entering a search query, click Save Search to retain the query:

log-viewer_save-search.jpg

Give it a name, and optionally set up a search alert right away: log-viewer_save-search-form.jpg

Alerts can also be added later.

The saved search will be shown on the team-wide Papertrail Dashboard, like these:

log-viewer_dashboard-saved-search.jpg

and will be accessible from the event viewer’s Saved Searches button:

log-viewer-saved-searches.jpg

Time seek

To seek directly to any date or time in the searchable history, click the clock icon:

time_picker.jpg

The time seek will expand:

seek_to.jpg

Enter the desired point and click Seek To. While seeked to a time other than the present, the icon shows the current seek time:

log-viewer_time-seeked.jpg

Just click it to change the seek time or return to the present. Any search query will remain active.

When you enter a time, the time zone in your Papertrail profile is used.

Read more about time zones in distributed environments here or here.

Note: Seeking across a DST boundary will jump to a position that is off by 1 hour (details).

Context

Find a message that could use some background? There are four quick ways to put events in context.

Host or program

Click the orange or blue links in the log viewer to see an event in host or program context:

log-viewer_context.jpg

The log sender link will show that message in context of all messages from that sender (for example, to see a complete error that occurred on a single system).

The log type link will show that message in context of messages from that program (process) in the current group.

After clicking, you’ll be looking at the same log message and any search query will be retained.

Event actions

To bring up the event actions menu, hover over an event and click the + button on the left.

Event actions button

Event actions menu

This menu exposes three actions:

If you have an active search, you can choose whether to include or exclude the search in the new context.

Shortcut linking to an event by Cmd/Ctrl+click on the + button.

Event selection

While holding Shift, hover over an event and click Event selection icon (selection button) to start a selection. A range can be selected by continuing to hold Shift and clicking a selection button above or below an existing selected event.

Event selection

When there is an active selection, the event viewer URL will update to reflect which events are selected, so that the URL can be shared.

Press Esc to clear a selection.

You can turn pieces of your log messages into clickable elements. When these are clicked, the event viewer will display all surrounding messages that match the clicked element. This could be an IP, email address, user ID, request ID, domain name, source code filename, or any other part of a log message—you get to decide.

Click to Search Preview

Learn more about how this works →

Navigation

Keyboard shortcuts

Press ? while in the log viewer and all will be revealed.

Multiple companies

You may have access to multiple Papertrail entities representing different companies’ logs. Within the log viewer, switch entities at will. See Managing logs from multiple companies.

Customization

Contrast

From your profile, change between black on white or white on black:

log-viewer_preferences.jpg

Colors

Papertrail uses orange and blue for links to show related context, as well as rendering supported ANSI color codes present in log messages. Additional colorization can be customized; see Log colorization.

Display options

Papertrail provides a few common customizations on demand:

Display options

Use Truncate Message to display each message on one line only. Great for aligning messages to view patterns. Click on a line to expand it.

Use the other options to hide parts of the log message that aren’t necessary; for example, Papertrail timestamps if messages have internal timestamps.

Filtering

Seeing noisy logs? Although your systems and apps decide which log messages are sent to Papertrail, Papertrail can optionally filter noise on your behalf. See Log filtering.