When searching through logs, it can often be a good idea to restrict your search based on a specific log type. This helps to remove all the non-related logs from your view and find the logs you are searching for a bit easier.
Log types
| Log Type | Description |
|---|---|
SilverStripe_log |
Silverstripe application logs |
apache |
Apache access logs |
apache_error |
Apache error logs |
postfix |
Email logs |
nginx |
nginx access logs |
nginx_error |
nginx error logs |
Requests returning a specific HTTP response codes
One easy way to find issues relating to your website may be via the response codes (e.g. Client has reported 500 errors on pages). You can filter requests to the webserver by response codes to help identify pages throwing errors.
log_type:apache AND http_response:500
Finding Silverstripe errors
Finding Silverstripe logs is as easy as defining the log_type filter to the defined log identifier for your codebase.
log_type:SilverStripe_log
Excluding log types
Sometimes you just want to search a time period of a reported fault for any errors / issues during that time frame. Doing this usually results in a lot of logs that are not required (e.g. postfix, apache, cron). You can use the search filter to remove specific log types from a search.
NOT log_type:apache AND NOT log_type:cron
Long loading pages
http_resp_usec can be used to search for requests that took over or under a certain value to complete. This value is represented as microseconds, for example 10 seconds:
http_resp_usec:>10000000
Large assets or pages
http_bytes can be used to search for log entries above a certain size. This value is represented as bytes, for example over 10MB:
log_type:apache AND http_resp_usec:>10000000
Identifying missing pages or assets
http_response can be used to look for any request that returned a 404 Not Found:
http_response:404
Requests made by a specific IP
http_clientip can be used to look for any request that returned a 404 Not Found:
http_clientip:"123.123.123.123"
Requests made by a specific User Agent
http_agent can be used to look for any bot or automated traffic:
http_agent:"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
Grouping fields
Each log entry is comprised of fields such as the IP address and the User Agent of the request. Graylog can group the values returned by your search query and display the results as a graph, which can be useful for determining how many requests came from a certain source.
In the sidebar, expand the field you want to group by, such as http_agent and choose Quick Values. A graph will load at the top of the page, and will persist across multiple search queries.