Skip to Content
ModulesLogs

Logs

The Logs module provides real-time log ingestion, search, and analytics. It supports structured and unstructured logs from any source — Edge Agents, syslog, Kubernetes, cloud services, and custom applications.

Key Features

  • Full-text search — Search across all log fields with sub-second query latency
  • ALQ v1 (Atlas Log Query)field:value tokens plus free text: level:ERROR, service:my-api, host:prod-1, trace_id:…, span_id:…, message:"exact phrase" (or msg:). Use ?alq=off on APIs to treat the whole string as literal free text. POST /api/logs/query/validate returns the parsed structure without reading logs.
  • Live tail — Stream logs in real time from selected sources
  • Log patterns — AI-detected grouping of similar log lines to reduce noise and surface anomalies
  • Saved queries — Save and share frequently used log searches
  • Alerting — Create alerts based on log patterns, frequency, or keyword matches
  • Context view — Click any log line to see surrounding logs from the same host and service
  • Field extraction — Automatic and custom parsers to extract structured fields from unstructured logs

How to Access

Navigate to Logs in the left sidebar. The default view shows a search bar and a live log stream from all connected sources.

Basic Usage

  1. Open Logs from the sidebar
  2. Enter a search query in the search bar (e.g., level:ERROR service:api-gateway or plain keywords)
  3. Adjust the time range using the time picker (default: last 15 minutes)
  4. Click any log line to expand it and see all parsed fields
  5. Use Add Filter to narrow results by host, service, severity, or custom fields
  6. Click Save Query to preserve useful searches for your team
  7. Click Create Alert to set up notifications when matching logs appear
DashboardsTraces