LogScale Internal Logging

LogScale sends its own internal logs to the humio repository. LogScale logs are also written to files by default. You can configure logging to standard.out, as well. This guide describes these logging options. For specific information about logging LogScale to LogScale, see Log LogScale to LogScale.

LogScale internal logs are divided into five kinds: logs, activity, metrics, requests, and nonsensitive. These logs use a tag, #kind, and each #kind is logged to its own file. Querying using the tag improves speed for many searches.

LogScale logging types are listed below with the names of their respective log files in parentheses:

activity (humio-activity.log) — humio-organization-activity that is relevant to users.
metrics (humio-metrics.log) — humio-organization-metrics.
requests (humio-requests.log) — All HTTP requests. Like an accesslog in LogScale's own format.
nonsensitive (humio-non-sensitive.log) — Selected log lines where no searches or user data will be present. This can be shipped to LogScale support or other parties.
threaddumps (humio-threaddumps.log) — LogScale regularly logs threaddumps.

LogScale automatically rotates each log when it reaches 50 megabytes in size. LogScale retains up to five files of each log.

All of the logs in the preceding list are available for search in the humio repository. When searching LogScale logs, you can use these tags: #type, #kind, and #vhost. All logs have #type=humio. They have a #kind tag for each type.

Log events will also have a vhost tag. Each node in a LogScale cluster has a node number. The #vhost value indicates which node in the LogScale cluster wrote the log event. Below are a few standard searches using the above tags:

logscale

#type=humio  //will find all events from all hosts of all kinds
#type=humio #kind=metrics //search all metrics across all hosts in the cluster
#type=humio #kind=metrics #vhost=1 //find all metrics for the node number one

Observe and monitor LogScale with Insights

LogScale comes with a built in package, humio/insights. It's present in the humio repository and can help you to analyze logs in the humio- system repositories. The package provides dashboards and saved searches. These help you monitor and observe the LogScale cluster. For more information about the package and its dashboards, see Insights Package.

If a LogScale cluster is having problems, the dashboards in the humio/insights package are the best place to start troubleshooting. They serve as examples for building and customizing your own dashboards. The package is also available in the LogScale Marketplace and is continuously updated. It can be installed in any given repository from the Marketplace.

Important

Be aware that the package is written for self-hosted LogScale instances, and not all assets will apply to a cloud organization's logs.

Versions of this Page

Cloud Overview

Instance Administration

Query Administration

Configure Security

Authentication and identity providers

Ingesting Data

LogScale URLs and Endpoints

Limits and Standards

Data Analysis Overview

LogScale Web Interface

Manage Repositories and Views

Manage Your LogScale Account

Parse Data

Search Data

Write Queries

Query Language Syntax

Query Joins and Lookups

Query Functions

Data Visualization

Automation

Template Language

Keyboard Shortcuts

LogScale Internal Logging

Observe and monitor LogScale with Insights

Important

Other articles on this topic

Similar Content

Related Language Syntax

Terminology

Related Guidance Articles

Security (humio-audit) Events

Training

Enter search term