Graylog search tips

When searching through logs, it can often be a good idea to restrict your search based on a specific log type. This helps to remove all the non-related logs from your view and find the logs you are searching for a bit easier.

Log types

Log Type Description
SilverStripe_log Silverstripe application logs
apache Apache access logs
apache_error Apache error logs
postfix Email logs
nginx nginx access logs
nginx_error nginx error logs

Requests returning a specific HTTP response codes

One easy way to find issues relating to your website may be via the response codes (e.g. Client has reported 500 errors on pages). You can filter requests to the webserver by response codes to help identify pages throwing errors.

log_type:apache AND http_response:500

Finding Silverstripe errors

Finding Silverstripe logs is as easy as defining the log_type filter to the defined log identifier for your codebase.


Excluding log types

Sometimes you just want to search a time period of a reported fault for any errors / issues during that time frame. Doing this usually results in a lot of logs that are not required (e.g. postfix, apache, cron). You can use the search filter to remove specific log types from a search.

NOT log_type:apache AND NOT log_type:cron

Long loading pages

http_resp_usec can be used to search for requests that took over or under a certain value to complete. This value is represented as microseconds, for example 10 seconds:


Large assets or pages

http_bytes can be used to search for log entries above a certain size. This value is represented as bytes, for example over 10MB:

log_type:apache AND http_resp_usec:>10000000

Identifying missing pages or assets

http_response can be used to look for any request that returned a 404 Not Found:


Requests made by a specific IP

http_clientip can be used to look for any request that returned a 404 Not Found:


Requests made by a specific User Agent

http_agent can be used to look for any bot or automated traffic:

 http_agent:"Mozilla/5.0 (compatible; Googlebot/2.1; +"

Grouping fields

Each log entry is comprised of fields such as the IP address and the User Agent of the request. Graylog can group the values returned by your search query and display the results as a graph, which can be useful for determining how many requests came from a certain source.

In the sidebar, expand the field you want to group by, such as http_agent and choose Quick Values. A graph will load at the top of the page, and will persist across multiple search queries.

Was this answer helpful? Yes No

Sorry we couldn't be helpful. Help us improve this article with your feedback.