LogScale Internal Logging

LogScale sends its own internal logs to the humio repository. LogScale logs are also written to files by default. It is possible to configure logging to standard.out, as well. This is described on this page. For specific information about logging LogScale to LogScale, see Log LogScale to LogScale.

LogScale internal logs are divided into five kinds: logs, activity, metrics, requests, and nonsensitive. These logs use a tag, #kind, and each #kind is logged to its own file. Querying using the tag improves speed for many searches.

LogScale logging types are listed below with the names of their respective log files in parentheses:

activity (humio-activity.log) — humio-organization-activity that is relevant to users
metrics (humio-metrics.log) — humio-organization-metrics
requests (humio-requests.log) — All HTTP requests. Like an accesslog in LogScale own format;
nonsensitive (humio-non-sensitive.log) — Selected log lines where no searches or user data will be present. This can be shipped to LogScale support or other parties; and
threaddumps (humio-threaddumps.log) — LogScale regular logs threaddumps

The above logs are automatically rotated by LogScale when it reaches 50 megabytes in size. LogScale will retain up to five files of each.

All of the above logs are available for search in the humio repository. When searching LogScale logs in the humio repository, the tag #type, #kind, and #vhost can be used. All the logs will have #type=humio. They will have a #kind tag for each in the list above.

Log events will also have a vhost tag. Each node in a LogScale cluster has a node number. The #vhost value indicates which node in the LogScale cluster wrote the log event. Below is a couple of standard searches using the above tags:

logscale

#type=humio  //will find all events from all hosts of all kinds
#type=humio #kind=metrics //search all metrics across all hosts in the cluster
#type=humio #kind=metrics #vhost=1 //find all metrics for the node number one

Ship LogScale logs to another cluster

When running a LogScale cluster in production, we highly recommend shipping the logs to another LogScale cluster.

If a cluster is having problems, it will often not be possible to do searches and debug it. As a last resort, you could grep through files on multiple machines.

It is possible to setup an agent to collect LogScale log files and ship them to another LogScale cluster. Read the Log LogScale to LogScale for more information on this.

Note

LogScale may allow customers to ship logs to LogScale so that LogScale Support can assist with troubleshooting. This is only available for the purposes of enabling diagnoses of specific issues. It is recommend that you deploy your own cluster to support monitoring and troubleshooting.

Please note that LogScale cannot guarantee what data is in the humio-debug.log file. LogScale strives not to log any data ingested in LogScale. Search strings are logged to the debug log.

Cloud Overview

Getting Started

Instance Administration

Organization Essentials

Configuring Security

Authentication & Identity Providers

Users & permissions

Ingesting Data

LogScale URLs & Endpoints

Limits & Standards

Data Analysis Overview

LogScale User Interface

Repositories & Views

Parsing Data

Searching Data

Writing Queries

Query Language Syntax

Query Functions

Dashboards & Widgets

Automation

Template Language

Keyboard Shortcuts