Groups are a way to represent a portion of your logs. Examples:
Create groups for different sets of senders (typically systems) that you frequently examine logs from.
Senders may be part of multiple groups at the same time. A Web server in NYC may be in multiple groups because its logs are logically part of multiple streams, like “Web servers,” “NYC colo,” and “Our big product.”
Think of groups and searches as far more flexible equivalents to a log file name. Groups decide which senders should be examined. Searches can further refine the logs that you see from those senders (by log file name/program name and many other attributes, even sender).
When you signed up, Papertrail created one group called “All systems” or “All apps.” When you create a new group, it will appear on the Dashboard beneath that group:
Groups are sets of senders, typically systems. Searches can further constrain which log messages are shown, creating a view of only certain messages from the senders in that group.
A search examines the logs from the senders which are part of that group. When a group is created, Papertrail automatically includes an “All events” search for you. This search simply applies no further constraints. For example, clicking the “All events” search within the “All systems” group shows all messages from all members of that group.
Frequently-used searches can be saved within the group to which they relate. For example, within the “DB servers” group, one might save searches called “Slow queries,” “Deadlocks,” and “UPDATE queries,” each of which is a different filtered view of the logs.
To change a group’s name or add or remove senders, click the name of the group, like “All systems” in this screenshot:
You’ll arrive at a page with a pie chart of usage by sender. On that page, click Edit Settings in the upper right corner:
On this group settings page, you can add or remove individual systems by checking or un-checking them. The groups called “All systems” or “All apps,” which Papertrail creates for you, are not editable.
Yes. See mapping senders to groups.
Yes. Imagine that one search needs to exclude logs from a sender which is a member of the group. For example, imagine an existing group called “Web servers.” It includes a sender called
www42, yet in one specific search within that group, logs from
www42 should be excluded.
Because this specific set of systems (“Web servers except www42”) is not frequently examined, it probably doesn’t justify creating a new group. In that case, use the search query itself to exclude logs from
abc def "something else" -sender:www42
This will run the
abc def "something else" search, but with an additional operator to exclude logs from any senders whose name contains