LogScale Internal Logging

LogScale sends its own internal logs to the humio repository. LogScale logs are also written to files by default. It is possible to configure logging to standard.out, as well. This is described on this page. For specific information about logging LogScale to LogScale, see Log LogScale to LogScale.

LogScale internal logs are divided into five kinds: logs, activity, metrics, requests, and nonsensitive. These logs use a tag, #kind, and each #kind is logged to its own file. Querying using the tag improves speed for many searches.

LogScale logging types are listed below with the names of their respective log files in parentheses:

activity (humio-activity.log) — humio-organization-activity that is relevant to users
metrics (humio-metrics.log) — humio-organization-metrics
requests (humio-requests.log) — All HTTP requests. Like an accesslog in LogScale's own format;
nonsensitive (humio-non-sensitive.log) — Selected log lines where no searches or user data will be present. This can be shipped to LogScale support or other parties; and
threaddumps (humio-threaddumps.log) — LogScale regular logs threaddumps

The above logs are automatically rotated by LogScale when it reaches 50 megabytes in size. LogScale will retain up to five files of each.

All of the above logs are available for search in the humio repository. When searching LogScale logs in the humio repository, the tag #type, #kind, and #vhost can be used. All the logs will have #type=humio. They will have a #kind tag for each in the list above.

Log events will also have a vhost tag. Each node in a LogScale cluster has a node number. The #vhost value indicates which node in the LogScale cluster wrote the log event. Below is a couple of standard searches using the above tags:

logscale

#type=humio  //will find all events from all hosts of all kinds
#type=humio #kind=metrics //search all metrics across all hosts in the cluster
#type=humio #kind=metrics #vhost=1 //find all metrics for the node number one

Observe and Monitor LogScale with Insights

LogScale comes with a built in package, humio/insights. It's present in the humio repository and can help you to analyze logs in the humio- system repositories. The package is a collection of dashboards and saved searches making it possible to monitor and observe the LogScale cluster. For more information about the package and its dashboards, see Insights Package.

If a LogScale cluster is having problems, the dashboards in the humio/insights package are the best place to start troubleshooting. They also serves as good examples on which to build and customize your own dashboards. The package is also available in the LogScale Marketplace and is continuously updated. It can be installed in any given repository from the Marketplace.

Important

Be aware the package is written for Self-Hosted LogScale instances, and not all assets will apply to a Cloud organization's logs.

Cloud Overview

Getting Started

Instance Administration

Organization Essentials

Configure Security

Authentication and Identity Providers

Users and Permissions

Ingesting Data

LogScale URLs and Endpoints

Limits and Standards

Data Analysis Overview

LogScale Web Interface

Manage Repositories and Views

Manage Account

Parse Data

Search Data

Write Queries

Query Language Syntax

Query Joins and Lookups

Query Functions

Data Visualization

Automation

Template Language

Keyboard Shortcuts