SenseLogs Documentation

SenseLogs is a fast log viewer for cloud developers who want an effortless way to find application errors and events.

Getting Started

Enter Your Cloud Credentials

To start using SenseLogs, you need to add an AWS cloud credential to enable read-only access to your AWS CloudWatch Logs.

Your credentials are stored locally, in your browser cache and accessible only to the SenseLogs application in your browser. The credentials are only provided to the AWS SDK running in your browser and are not transmitted or shared with any other party other than AWS.

SenseLogs Add View Image

{
  "Version": "2012-10-17",
  "Statement": [{
      "Sid": "ReadOnlyAccess",
      "Action": [
          "logs:DescribeLogGroups",
          "logs:DescribeLogStreams",
          "logs:GetLogEvents"
      ],
      "Resource": "*",
      "Effect": "Allow"
  }]
}

This policy grants read-only access to get AWS logs and streams and get logs events.

When you enter your cloud credentials, you must also enter the AWS region containing your logs.

Modify Log Download

Once your credentials are added, SenseLogs will quickly discover your Log groups in the background. These will be displayed in the Log List. Before creating a log view, it is helpful to modify the log caching limits and define the log format. Select the log from the list and the modify panel will be displayed.

SenseLogs Modify Log Group

Customize the maximum amount of log data and the maximum age of events for the log group. These two parameters control the events that will be downloaded to your browser cache.

Log Formats

The Log Format specifies the formatting for events in your log group. SenseLogs can autodetect some formats such as JSON and Syslog formats. If you know the format, select it from the drop down list. If you do not know, select "Plain Text".

Some formats allow event fields to be extracted and displayed as columns in log views.

Anchor Pattern

An anchor pattern is a simple way to specify a log format where fixed patterns are used between log fields. For example:

GET * HTTP/*

The variable portions of the pattern are specified via "*" wildcards. These then correspond to the Field Names which are specified as a comma delimited list.

JSON

JSON is the preferred log format as it permits highly structured data. Nested JSON is permitted. The log view column names are mapped onto the JSON top level property names.

Key Value Pairs

Key value pair formats support the following forms:

key=value key=value key=value...

Values may be enclosed in quotes. The key names are used as the log view column names.

Plain Text

The plain text format is used when the event data is irregular or unstructured. It should only be used when a format that extracts meaning from the event fields cannot be employed.

Regular Expression

A regular expression may be used to specify the format by using grouped sub-expressions that map onto field names. The field names are used as the log view column names.

Syslog

The current Syslog format RFC5424 is supported as well as the legacy RFC3164 format.

Define Log Views

Once you have defined the log group format you can create one or more views for that log group.

To create a view, navigate to https://senselogs.sensedeep.com/views/add. Once the view is created, SenseLogs will transparently download your log event data for that view in the background.

SenseLogs Add View Image

You can specify a single log stream for the view or all log streams by using * as the stream name. When selecting all streams, SenseLogs will fetch event data from all streams and automatically aggregate the log event data and order by timestamp.

You can create multiple views for any one log group. For example, one view may display all events, while another may filter only critical errors.

Log Viewer

From the home page, select the log view to display by clicking on the view card.

SenseLogs Home Page Image

This will launch the viewer to display events for that log view.

SenseLogs Viewer Image

From the viewer, you can scroll forwards and backwards over log data. SenseLogs will transparently download log data as required for display.

The first and last log events are highlighted with a reverse grey background.

You can also drag the horizontal slider to position the view at the desired date. The start and end date pill buttons can be used to jump to the start and end of the event stream.

SenseLogs Viewer Image

Event column widths can be resized by dragging the column separator in the title (only) to the desired width. Your changes will be saved uniquely for each view.

View Options

From the viewer, you can modify view options by clicking on the view name at the top of the page. This will display a drop-down expansion panel of view and filtering options.

SenseLogs Filter by Date Image

Changes made in the viewer are persisted to the view configuration.

Select Fields

Click the "Select Fields" button to select which event fields are displayed. When you add a field, it will be added to the right of existing fields. You can use this to re-order fields by removing and then re-adding in the desired order.

Filtering

You can filter a subset of events by specifying a filter critera to "Match" events, "Exclude" events or a combination of both.

Filter by Text

Events can be filtered by specifying a matching text pattern. SenseDeep performs full-text matching against all fields of the log event record. Text matches are performed with case-less comparisons.

Filter With Case

You can also perform case-sensitive event filtering by selecting "With Case".

Filter With Regular Expressions

Regular expressions (RE) allow powerful conditional event filtering. Enter your RE without leading or trailing slashes.

Filter With Structured Fields

If your event has structured data, you can use the SenseLogs query language to perform powerful conditional queries. The query language is based on familiar Javascript expressions with some additional operators. For example: the query:

error == "critical" && account == "Acme Corp"

will select those events which have the "Error" column set to "critical" and the "Account" column set to "Acme Corp".

The query language supports the operators:

+ - * / ( ) ^ ! % == != < <= > >= ^= ^!= $= $!= << >> && || <> ><

These extension operators have the following meaning a ^= b a starts with the string b a ^!= b a does not start with the string b a $= b a ends with the string b a $!= b a does not end with the string b a >< b a contains the string b a <> b a does not contain the string b

Sub-expressions can be grouped with parenthesis and the boolean operators && and || can group conditional operands.

Regular expressions (delimited by slashes) may be used with the "==" and "!=" operators. The regular expression can be on either side of the operator.

The SenseLog query language understands the types: Numbers, Boolean, String literals, Regular Expressions and NUL.

Event Range

You can select a subset of log events to display via the event range slider. Drag the start and end markers to the desired times. If you click on the start or end mark labels, you can enter explicit dates and times.

Only the event within the selected range will be displayed.

Live Tail

SenseLogs will append new data if the "Live Tail" option is selected. If you are positioned at the end of the log, the viewer will scroll automatically to display the new events which will be highlighted with a temporary "flash" of those event rows.

Thanks

Thanks for trying SenseLogs. Please let us know if you have comments or questions by emailing us at dev@sensedeep.com.

© SenseDeep® LLC. All rights reserved. Privacy Policy and Terms of Use.

Consent

This web site uses cookies to provide you with a better viewing experience. Without cookies, you will not be able to view videos, contact chat or use other site features. By continuing, you are giving your consent to cookies being used.

OK