Using Log Search

Any asset that you configure with the Insight Agent will send back data to InsightOps in the form of log sets, or multiple logs from a single source from within your asset (active directory, firewalls, servers, etc). InsightOps allows you to send log sets in any format, and gathers them in one place for your searching convenience.

On the Log Search page, you can choose between log sets (Active Directory) or between logs themselves (AD account updates, etc).

How do I use log sets?

Importing all of your data in the form of logs sets allows you to quickly organize the massive flow of data from your environment. Use log sets not only to understand where data is coming from, but how it arrives to InsightOps, where it's going, its quality, and to whom it belongs. A log is not exclusive to a single log set, so you can see how data much be used across a device. Log sets provide context for visual trends, allow you to set preemptive alerts, and set tags for easier finding.

View log events on one line per event

You can enable text wrapping via Log display while in the log view. This will make each log message appear on a single line instead of being compressed to fit in the browser window.

How do I search through my data?

Simple Search: InsightOps has a built in query builder that can aid you in creating a search query, called log entry query language (LEQL). This language is comprised of many different query languages such as regular expression, JSON, key pairing value, and others.

Advanced Search: You can use LEQL or a single language if you are constructing your own search queries.

See Advanced and Simple Search for more detailed information.

In addition, you can make use of the Live Tail & Aggregate Tail features; live tail streams live data onto the log search page, and aggregate tail allows you to see live data from grouped log sets (such as production logs).

Finally, Visual Search allows you to literally see your data in various graphs and time periods. This can be especially useful when searching for trends through huge amounts of data.

Construct queries in several different ways to search through your data.

Automatic Parsing

InsightOps will automatically parse and index fields within supported log types to make searching easier. The following log structures are supported:

Saved Searches

Once you create queries and begin to successfully search your data, you can use the InsightOps feature Saved Search. The save button allows you to save your current query, and the all button allows you to access saved searches.

In order to save your current log search all you have to do is click on the saved button after entering in a valid LEQL query. Now if you or any other user in the same account clicks on the all button then all the previously saved searches will be displayed. This is great for saving your most frequently used queries.