Log List¶

Global Configuration¶

In the Global Configuration page, you can centrally manage the following three core features at the workspace level:

• Quick Filter Configuration: Customize the universal quick filter panel within Explorers;
• Index Key Field Configuration: Define the default priority display fields for each index in the data list;
• Query Acceleration Configuration: Enable acceleration for fields under an index to significantly improve query performance.

Quick Filter¶

The quick filter items configured here will be applied to the quick filter panel on the left side of all Explorers within the workspace and are visible to all members.

All filter fields added here will automatically have Query Acceleration enabled for their respective index to ensure filtering performance. This association is a mandatory default behavior and cannot be turned off.

You can configure two types of fields:

• Filter Fields (Currently effective fields)
  • Individual fields can be edited or deleted;
  • All filter fields can be deleted with one click.
• Optional Fields (Includes business fields, system fields, others)
  • Add as a filter field

If there are many fields, you can directly search for a field. If the query results do not have a precisely matched value, you can directly create and add it to the "Filter Fields".

Index Key Fields¶

Configure a set of "Key Fields" for different data indexes. After configuration, when viewing the data list corresponding to that index, the system will prioritize displaying these fields in this order, helping to quickly focus on core information.

• Left: Index column;
• Right: Select the optional fields under each index listed by the system as key fields.

For the current key field configuration, you can choose whether to synchronize all key fields to query acceleration.

Query Acceleration Configuration¶

Enabling acceleration for fields that are frequently used for filtering, grouping, or sorting under an index can greatly improve the query response speed of these fields. This configuration is done at the index level.

• Left: Index column;
• Right: Select the optional fields under each index listed by the system for acceleration. You can later view them in the "Accelerated Fields" list above.

After configuration changes, it takes approximately 5 minutes to take effect across the entire system. Once effective, fields will be automatically added to the "Accelerated Fields" list.

Index¶

By setting up Log Multi-Index, logs that meet the conditions are stored in different indexes, and an appropriate data storage strategy is selected for each index, effectively saving log data storage costs.

The index list uses a scrolling load mechanism. The first 50 indexes are displayed by default, and the next 50 are automatically loaded when scrolling to the bottom. This loading method also applies to the fuzzy search results list, making it convenient for you to browse continuously.

You can perform the following operations:

• Select all indexes (❗️May cause slower queries due to large data volume);
• Select multiple indexes;
• Pin an index to the top;
• Search and locate by index name;
• Set the index display area size to Small, Medium, or Large.

After configuration, you can switch between different indexes in the Explorer to view the corresponding log content.

Quick Filter¶

For more details, refer to Filtering.

Display Items¶

On the Display Items page, two parts of fields are displayed overall:

• Display Fields: Fields displayed in the quick filter;
• Optional Fields: All fields currently cached for this data type.

You can perform the following operations:

• Search for a field; if the query results do not have a precisely matched value, you can directly create and add it to the "Filter Fields";
• Edit field alias;
• Drag to adjust field order;
• Delete (all) fields;
• Reset to default fields;
• Set whether to display field aliases and the time column.

Reset to Default Fields¶

When performing the "Reset to Default Fields" operation, the system displays fields according to the following rules:

• If you have not configured key fields: After reset, only the time and message fields are displayed (❗️Whether the time column is displayed is also controlled by another independent "Show Time Column" switch);
• If you have configured key fields: After reset, the display will strictly follow your custom field list and will not automatically add the message field;
• The message field can be manually removed when displayed.

Status Distribution Chart¶

Based on the selected time range, the system will automatically divide multiple time points and display the quantity of different log statuses in a stacked bar chart format, aiding efficient statistical analysis.

When logs are filtered, the bar chart will synchronize in real-time to show the filtered results.

• Hover to export the chart, ultimately exporting to a Dashboard, Note, or copying to the clipboard;
• The time interval can be customized.

Search Bar¶

The search bar in the Log Explorer supports various search and filtering methods.

After entering search or filter conditions, you can preview the effect and copy the condition to apply to charts or query tools.

Manual Configuration¶

Click the toggle button on the right side of the search box to enter the manual query input mode.

JSON Field Return¶

DQL queries support extracting nested values from JSON fields in log data. You just need to add a field path with the @ symbol in the DQL query statement. The system will automatically recognize this configuration and display the extracted value as an independent field in the query results. For example:

• Normal query:

• Expected query after extracting nested fields:

In the Log Explorer, if you want to directly specify viewing values extracted from the JSON text of each log's message in the data list, add a field in the format @target_fieldname in the display column. As shown below, we add the @fail_reason already configured in the DQL query statement to the display column:

Log Color Highlighting¶

To help quickly locate key information in logs, the system uses color highlighting to display log content. When entering keywords in the search bar, only the matched keywords will be highlighted.

Log Single Line Expand and Copy¶

• Click the button in a log entry to view the complete content of that log. If the log supports JSON format, it will be displayed in JSON format; otherwise, the content will be displayed normally;
• Click the button to copy the entire log content to the clipboard.

Display Number of Lines¶

In the log data list, the trigger time and content of each log are displayed by default. You can use the "Display Number of Lines" option to choose to display "1 line", "3 lines", "10 lines", or "All content" to view the complete log information.

Settings¶

Create Monitor¶

When filtering log data, if you need to set up further alert monitoring for the filtered results, you can do so by creating a monitor with one click. The system will automatically apply the index, data source, and search conditions you selected, simplifying the configuration process.

Copy as cURL¶

In the Log Explorer, you can obtain log data in command line form. In the Settings on the right side of the log data list, click the Copy as cURL button to copy the corresponding cURL command. Paste this command into the host terminal and execute it to obtain log data for the current time period that meets the filter and search conditions.

Example

After copying the cURL command line, it looks like the following: where <Endpoint> needs to be replaced with the domain name, and <DF-API-KEY> needs to be replaced with the Key ID from API Management.

For more parameter descriptions, refer to DQL Data Query.

For more information about the API, refer to Open API.

curl '<Endpoint>/api/v1/df/query_data?search_after=\[1680226330509,8572,"L_1680226330509_cgj4hqbrhi85kl1m6os0"\]&queries_body=%7B%22queries%22:\[%7B%22uuid%22:%222eb41760-cf6e-11ed-a983-7d559044c3fc%22,%22qtype%22:%22dql%22,%22query%22:%7B%22q%22:%22L::re(%60.*%60):(%60*%60)%7B+%60index%60+IN+\[%27default%27\]+%7D%22,%22highlight%22:true,%22limit%22:50,%22orderby%22:\[%7B%22time%22:%22desc%22%7D\],%22_funcList%22:\[\],%22funcList%22:\[\],%22disableMultipleField%22:false,%22disable_slimit%22:false,%22is_optimized%22:true,%22offset%22:0,%22search_after%22:\[1680226330509,8572,%22L_1680226330509_cgj4hqbrhi85kl1m6os0%22\],%22timeRange%22:\[1680187562081,1680230762081\],%22tz%22:%22Asia%2FShanghai%22%7D%7D\]%7D' \
- H 'DF-API-KEY: <DF-API-KEY>' \
- -compressed \
- -insecure

Besides this export path, you can also use other log data export methods.

Set Status Color¶

The system has preset default colors for status values. If you need to customize the colors displayed for different statuses in the Explorer, click Set Status Color to modify them.

Format Configuration¶

Through format configuration, you can hide sensitive log content, highlight important log content, or achieve quick filtering by replacing log content.

1. Click Settings in the upper right corner of the Explorer list;
2. Click Format Configuration;
3. Add mapping rules, enter the following content and save:
   • Field: Specify the log field (e.g., content);
   • Matching Method: Select the matching method (currently supports =, !=, match, not match);
   • Matching Content: Enter the content to be matched (e.g., DEBUG);
   • Display As Content: Enter the content to display after replacement (e.g., **).

Log Data Export¶

In Logs, you can first filter the required data and then export it as a CSV file, JSONL file, or export it to a Dashboard or Note.

To export a specific log, open the detail page of that log and click the in the upper right corner.

Advanced Linkage Configuration¶

For more details, refer to Advanced Linkage Configuration.