Skip to content

Log List

Global Configuration

Note

This feature entry is only visible to members with administrative permissions.

In the Global Configuration page, you can centrally manage the following three core functions at the workspace level:

Quick Filter

The quick filter items configured here will be applied to the quick filter panel on the left side of all Explorers within the workspace and will be visible to all members.

All filter fields added here will automatically enable Query Acceleration for their respective indexes to ensure filtering performance. This association is a mandatory default behavior and cannot be turned off.

You can configure two types of fields:

  • Filter Fields (currently effective fields)

    • Can edit or delete individual fields;
    • Delete all filter fields with one click.

  • Optional Fields (includes business fields, system fields, others)

    • Add as a filter field

If there are many fields, you can search for fields directly. If the query results do not have a precise matching value, you can directly create and add it to the "Filter Fields".

Index Key Fields

Configure a set of "Key Fields" for different data indexes. After configuration, when viewing the data list corresponding to that index, the system will prioritize displaying these fields in this order to help quickly focus on core information.

  • Left: Index column;
  • Right: Select the optional fields under each index listed by the system as key fields.

For the current key field configuration, you can choose whether to synchronize all key fields to query acceleration.

Note

This configuration sets the default display template for the data list, used to optimize the initial viewing experience. Members can still customize the list fields by adding or removing them through the "Display Items" function within the Explorer, which is not restricted by this default configuration.

Query Acceleration Configuration

Enabling acceleration for fields that are frequently used for filtering, grouping, or sorting under an index can greatly improve the query response speed for these fields. This configuration is performed at the index level.

  • Left: Index column;
  • Right: Select the optional fields under each index listed by the system for acceleration. You can view them later in the "Accelerated Fields" list above.

After configuration changes, it takes approximately 5 minutes to take effect across the entire system. Once effective, the fields will automatically be added to the "Accelerated Fields" list.

Accelerated Fields That Cannot Be Turned Off

The following three types of fields will automatically appear in the "Accelerated Fields" list and are not allowed to be turned off:

  • Official Default Accelerated Fields: System-preset key fields;

  • Quick Filter Fields: Fields from the Quick Filter configuration;

  • Synchronized Key Fields: When the sync switch in the Key Fields configuration is turned on, all key fields will automatically have acceleration enabled.

Index

By setting up Log Multi-Index, eligible logs are stored in different indexes, and an appropriate data storage strategy is selected for each index, thereby effectively saving log data storage costs.

Warning

The index list uses a scrolling loading mechanism. The first 50 indexes are displayed by default, and the next 50 are automatically loaded when scrolling to the bottom. This loading method also applies to the results list of fuzzy searches, making it convenient for you to browse continuously.

You can perform the following operations:

  • Select all indexes (❗️May cause queries to slow down due to large data volume);

  • Select multiple indexes;

  • Pin indexes to top;

  • Search and locate by index name;

  • Set the index display area to small, medium, or large.

After setup is complete, you can switch between different indexes in the Explorer to view the corresponding log content.

Quick Filter

For more details, refer to Filtering.

Display Items

On the Display Items page, two parts of fields are displayed overall:

  • Display Fields: Fields displayed in the quick filter;

  • Optional Fields: All fields cached for the current data type.

You can perform the following operations:

  • Search for fields; if the query results do not have a precise matching value, you can directly create and add it to the "Filter Fields";

  • Edit field aliases;

  • Drag to adjust field order;

  • Delete (all) fields;

  • Reset to default fields;

  • Set whether to display field aliases and the time column.

Status Distribution Chart

Based on the selected time range, the system will automatically divide multiple time points and display the quantity of different log statuses in a stacked bar chart to assist efficient statistical analysis. When logs are filtered, the bar chart will update in real-time to show the filtered results.

  • Hover to export the chart, ultimately exporting to a dashboard, note, or copying to clipboard;

  • Custom time interval can be selected.

The search bar in the Log Explorer supports various search and filtering methods.

After entering search or filter conditions, you can preview the results and copy the conditions to apply to charts or query tools.

Manual Configuration

Click the toggle button on the right side of the search box to enter the manual query input mode.

JSON Field Return

Note

This function is only available to user roles with DQL query permissions.

DQL queries support extracting nested values from JSON fields in log data. You just need to add a field path with the @ symbol in the DQL query statement. The system will automatically recognize this configuration and display the extracted value as an independent field in the query results. For example:

  • Normal query:

  • Query expecting to extract embedded fields:

In the Log Explorer, if you want to directly specify viewing values extracted from the JSON text of each log's message in the data list, add a field in the format @targer_fieldname to the display columns. As shown below, we add @fail_reason, which has been configured in the DQL query statement, to the display columns:

Log Color Highlighting

To help quickly locate key information in logs, the system uses color highlighting to display log content. When entering keywords in the search bar, only the matched keywords will be highlighted.

Log Single Line Expand and Copy

  • Click the button in a log entry to view the complete content of that log. If the log supports JSON format, it will be displayed in JSON format; otherwise, the content will be displayed normally;

  • Click the button to copy the entire log content to the clipboard.

Display Number of Lines

In the log data list, the trigger time and content of each log are displayed by default. You can use the "Display Lines" option to choose to display "1 line", "3 lines", "10 lines", or "All content" to view the complete log information.

Settings

Create Monitor

When filtering log data, if you need to set up further alert monitoring for the filtered results, you can do so with one-click monitor creation. The system will automatically apply the index, data source, and search conditions you selected, simplifying the configuration process.

Note

  • If you select another workspace in the upper left corner of the Log Explorer, the search conditions will not be synchronized to the monitor configuration page, and the monitor configuration page will be empty by default;

  • In the standard Commercial Plan, site-level left* query functionality is enabled by default. You only need to enable workspace-level left* query to support left* queries in monitors. For the Deployment Plan, you can independently enable or disable site-level left* query. Only when both site-level and workspace-level left* queries are enabled can monitors perform left* queries. Otherwise, if the Log Explorer is configured with a left* query, jumping to the monitor might result in a query error.

Copy as cURL

In the Log Explorer, you can obtain log data in command-line form. In the Settings on the right side of the log data list, click the Copy as cURL button to copy the corresponding cURL command. Paste this command into the host terminal and execute it to obtain log data that meets the filter and search conditions for the current time period.

Example

After copying the cURL command line, it looks like the following: where <Endpoint> needs to be replaced with the domain name, and <DF-API-KEY> needs to be replaced with the Key ID from API Management.

For more parameter descriptions, refer to DQL Data Query.

For more information about the API, refer to Open API.

curl '<Endpoint>/api/v1/df/query_data?search_after=\[1680226330509,8572,"L_1680226330509_cgj4hqbrhi85kl1m6os0"\]&queries_body=%7B%22queries%22:\[%7B%22uuid%22:%222eb41760-cf6e-11ed-a983-7d559044c3fc%22,%22qtype%22:%22dql%22,%22query%22:%7B%22q%22:%22L::re(%60.*%60):(%60*%60)%7B+%60index%60+IN+\[%27default%27\]+%7D%22,%22highlight%22:true,%22limit%22:50,%22orderby%22:\[%7B%22time%22:%22desc%22%7D\],%22_funcList%22:\[\],%22funcList%22:\[\],%22disableMultipleField%22:false,%22disable_slimit%22:false,%22is_optimized%22:true,%22offset%22:0,%22search_after%22:\[1680226330509,8572,%22L_1680226330509_cgj4hqbrhi85kl1m6os0%22\],%22timeRange%22:\[1680187562081,1680230762081\],%22tz%22:%22Asia%2FShanghai%22%7D%7D\]%7D' \
- H 'DF-API-KEY: <DF-API-KEY>' \
- -compressed \
- -insecure
Note

Only Standard Members and above can perform the copy command line operation.

Besides this export path, you can also use other log data export methods.

Set Status Color

The system has preset default colors for status values. If you need to customize the colors displayed for different statuses in the Explorer, click Set Status Color to modify them.

Format Configuration

Note

Only Administrators and above can configure Explorer formatting.

Through format configuration, you can hide sensitive log content, highlight important log content, or achieve quick filtering by replacing log content.

  1. Click Settings in the upper right corner of the Explorer list;

  2. Click Format Configuration;

  3. Add mapping rules, enter the following content and save:

    • Field: Specify the log field (e.g., content);

    • Match Method: Select the match method (currently supports =, !=, match, not match);

    • Match Content: Enter the content to match (e.g., DEBUG);

    • Display As Content: Enter the replacement display content (e.g., **).

Log Data Export

In logs, you can first filter out the required data and then export it as a CSV, JSONL file, or export it to a dashboard or note.

To export a specific log, open the detail page of that log and click the in the upper right corner.

Advanced Linkage Configuration

For more details, refer to Advanced Linkage Configuration.

Feedback

Is this page helpful? ×