Make Your Logs Work for You

The days of logging in to servers and manually viewing log files are over. SolarWinds® Papertrail™ aggregates logs from applications, devices, and platforms to a central location.

View Technology Info

FEATURED TECHNOLOGY

Troubleshoot Fast and Enjoy It

SolarWinds® Papertrail™ provides cloud-based log management that seamlessly aggregates logs from applications, servers, network devices, services, platforms, and much more.

View Capabilities Info

FEATURED CAPABILITIES

Aggregate and Search Any Log

SolarWinds® Papertrail™ provides lightning-fast search, live tail, flexible system groups, team-wide access, and integration with popular communications platforms like PagerDuty and Slack to help you quickly track down customer problems, debug app requests, or troubleshoot slow database queries.

View Languages Info

FEATURED LANGUAGES

TBD - APM Integration Title

TBD - APM Integration Description

TBD Link

APM Integration Feature List

TBD - Built for Collaboration Title

TBD - Built for Collaboration Description

TBD Link

Built for Collaboration Feature List

Manage Logs > Groups

Groups

Groups are a way to represent a portion of your logs. Examples:

  • Environments, like “Production” or “Staging”
  • Geographical locations, like “San Jose datacenter” or “us-west”
  • Products or business units, like “Public website” or “Acme systems”
  • System roles, like “Web servers” or “Postgres cluster”

When should I use groups?

Create groups for different sets of senders (typically systems) that you frequently examine logs from.

Senders may be part of multiple groups. For example, a Web server in NYC may be in the groups “Web servers”, “NYC colo”, and “E-commerce site”.

Think of groups and searches as far more flexible equivalents to a log file name. Groups decide which senders should be examined. Searches can further refine the logs that you see from those senders (by log file name/program name and many other attributes, even sender).

When the account was created, Papertrail automatically added a group called All Systems or All Apps that contains every sender. When you create a new group, it will appear on the Dashboard along with that group.

How are groups different from searches?

Groups are sets of senders, typically systems. Searches can further constrain which log messages are shown, creating a view of only certain messages from the senders in that group.

A search examines the logs from the senders that are part of that group. When a group is created, Papertrail automatically includes an All events search for you. This search simply applies no further constraints. For example, clicking the All events search within the All Systems group shows all messages from all systems.

Frequently-used searches can be saved within the relevant group. For example, within a “DB servers” group, there might be searches called “Slow queries”, “Deadlocks”, and “UPDATE queries”, each of which provides a different filtered view of the logs.

Using groups

How can I add new systems to a group?

To change a group’s name or add or remove senders, click the name of the group, like SJC datacenter in this screenshot:

On the group detail page, click Edit Settings & Membership in the upper right corner:

On the group settings page, add or remove individual systems by checking or un-checking the box next to the system.

The automatically-created group All Systems or All Apps is not editable.

Can new systems automatically join groups?

Yes. See mapping senders to groups.

Can searches refine which senders’ logs are shown (without creating a new group)?

Yes. Imagine that one search needs to exclude logs from a sender that is a member of the group. For example, there is an existing group called “Web servers” that includes a sender called www42. In one specific search in the “Web servers” group, logs from www42 should be excluded.

Because this specific set of systems (“Web servers except www42”) is not frequently examined, it probably doesn’t justify creating a new group. In that case, use the search query to exclude logs from www42.

Use the sender search attribute plus the - (hyphen) negation operator. For example:

abc def "something else" -sender:www42

This will run the abc def "something else" search, but with an additional operator to exclude logs from any senders whose name contains www42.

The scripts are not supported under any SolarWinds support program or service. The scripts are provided AS IS without warranty of any kind. SolarWinds further disclaims all warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The risk arising out of the use or performance of the scripts and documentation stays with you. In no event shall SolarWinds or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the scripts or documentation.