SenseLogs is a fast log viewer for cloud developers who want an effortless way to find application errors and events.
To start using SenseLogs, simply navigate to:
This will run SenseLogs and will automatically create some sample logs and views for you to explore SenseLogs. Click on one of the view cards to launch the view of the sample log.
You can reorder the views by dragging a few to its desired position.
Connecting Your Log Data
To view your logs, you need to add an AWS cloud credential. SenseLogs stores your credentials in your browser cache and are only provided to the AWS SDK running locally and are not transmitted or shared with any one else other than AWS.
Your AWS credentials should be for an IAM user that has read-only access to your CloudWatch Logs. You can use credentials for an existing IAM user if you wish, but we recommend that you create a dedicated IAM user.
Follow this link for steps to create an IAM user if you are not already familiar with that procedure.
When you enter your cloud credentials, you must also enter the AWS region containing your logs.
Modify Log Download
Once your credentials are added, SenseLogs will quickly discover your Log groups in the background. These will be displayed in the Log List. Before creating a view for a log, it is helpful to modify the log caching limits and define the log format. Select the log from the list and the modify panel will be displayed.
Customize the maximum amount of log data and the maximum age of events for the log group. These two parameters control the events that will be downloaded to your browser cache.
The Log Format specifies the formatting for events in your log group. SenseLogs can autodetect some formats such as JSON and Syslog formats. If you know the format, select it from the drop down list. If you do not know, select "Plain Text".
Some formats allow event fields to be extracted and displayed as columns in log views.
An anchor pattern is a simple way to specify a log format where fixed patterns are used between log fields. For example:
GET * HTTP/*
The variable portions of the pattern are specified via "*" wildcards. These then correspond to the Field Names which are specified as a comma delimited list.
JSON is the preferred log format as it permits highly structured data. Nested JSON is permitted. The log view column names are mapped onto the JSON top level property names.
Key Value Pairs
Key value pair formats support the following forms:
key=value key=value key=value...
Values may be enclosed in quotes. The key names are used as the log view column names.
The plain text format is used when the event data is irregular or unstructured. It should only be used when a format that extracts meaning from the event fields cannot be employed.
A regular expression may be used to specify the format by using grouped sub-expressions that map onto field names. The field names are used as the log view column names.
The current Syslog format RFC5424 is supported as well as the legacy RFC3164 format.
Define Log Views
Once you have defined the log group format you can create one or more views for that log group.
To create a view, navigate to https://senselogs.sensedeep.com/views/add. Once the view is created, SenseLogs will transparently download your log event data for that view in the background.
You can specify a single log stream for the view or all log streams by using * as the stream name. When selecting all streams, SenseLogs will fetch event data from all streams and automatically aggregate the log event data and order by timestamp.
You can create multiple views for any one log group. For example, one view may display all events, while another may filter only critical errors.
From the home page, select the log view to display by clicking on the view card. You can drag and drop the cards to rearrange the views as you wish.
This will launch the viewer to display events for that log view.
From the viewer, you can scroll forwards and backwards over log data. SenseLogs will transparently download log data as required for display.
The first and last log events are highlighted with a reverse grey background.
You can also drag the horizontal slider to position the view at the desired date. The start and end date pill buttons can be used to jump to the start and end of the event stream.
You can rearrange event columns by dragging and dropping to the desired position. You can delete columns by dragging away from the table heading.
Column widths can be resized by dragging the column separator in the title (only) to the desired width. Your changes will be saved uniquely for each view.
From the viewer, you can modify view options by clicking on the view name at the top of the page. This will display a drop-down expansion panel of view and filtering options.
Changes made in the viewer are persisted to the view configuration.
Click the "Select Fields" button to select which event fields are displayed. When you add a field, it will be added to the right of existing fields. You can use this to re-order fields by removing and then re-adding in the desired order.
You can filter a subset of events by specifying a filter critera to "Match" events, "Exclude" events or a combination of both.
Filter by Text
Events can be filtered by specifying a matching text pattern. SenseDeep performs full-text matching against all fields of the log event record. Text matches are performed with case-less comparisons.
Filter With Case
You can also perform case-sensitive event filtering by selecting "With Case".
Filter With Regular Expressions
Regular expressions (RE) allow powerful conditional event filtering. Enter your RE without leading or trailing slashes.
Filter With Structured Fields
error == "critical" && account == "Acme Corp"
will select those events which have the "Error" column set to "critical" and the "Account" column set to "Acme Corp".
The query language supports the operators:
+ - * / ( ) ^ ! % == != < <= > >= ^= ^!= $= $!= << >> && || <> ><
These extension operators have the following meaning a ^= b a starts with the string b a ^!= b a does not start with the string b a $= b a ends with the string b a $!= b a does not end with the string b a >< b a contains the string b a <> b a does not contain the string b
Sub-expressions can be grouped with parenthesis and the boolean operators && and || can group conditional operands.
Regular expressions (delimited by slashes) may be used with the "==" and "!=" operators. The regular expression can be on either side of the operator.
The SenseLog query language understands the types: Numbers, Boolean, String literals, Regular Expressions and NUL.
You can select a subset of log events to display via the event range slider. Drag the start and end markers to the desired times. If you click on the start or end mark labels, you can enter explicit dates and times.
Only the event within the selected range will be displayed.
SenseLogs will append new data if the "Live Tail" option is selected. If you are positioned at the end of the log, the viewer will scroll automatically to display the new events which will be highlighted with a temporary "flash" of those event rows.
SenseLogs is delivered via an AWS MarketPlace subscription. You purchase from the MarketPlace store and you are billed via your normal AWS billing invoice. A credit card or separate billing from SenseDeep is not required. Read more at: SenseLogs on AWS MarketPlace.
Thanks for trying SenseLogs. Please let us know if you have comments or questions by emailing us at firstname.lastname@example.org.