Click on the Log Explorer module and select the option Log Explorer.
UTMStack displays the LOG ANALYZER window, which visualizes by default the tab New query 1 with all logs data ordered descendent per the field @timestamp.
@timestamp represents the date and time where the log was entered to UTMStack.
In tab +, you can add a new query.
1. Here, you have these options:
- Data refresh by clicking on the button Refresh data.
- Saving the query by typing the Name and Description after clicking Save.
- Data Export in a file .csv by clicking on the button Export to CSV
3. In the option Source, you can select the default index pattern you want to analyze. Also, you can add a new index pattern by clicking on the option +Add source. However, let's keep the index pattern (log*) as an example.
4. Those data will be visualized on the tabs TABLE and CHART.
If you drop down each filtered @timestamp, you can see another tab Table with all data associated with the log.
UTMStack also enables a Filter and a small Table icon for each field.
- The Filter icon allows filtering logs according to the corresponding field.
- The small Table icon allows adding the field as a new table column.
The tab JSON shows the JSON structure of that log.
By clicking on the CHART tab, UTMStack visualizes the logs quantity stored per field (@timestamp).
However, you can visualize the quantity of a specific log stored per a specific time in a specific chart (bar or line).
Also, you can save the chart as an image, zoom, step back and restore the chart in the corresponding options.
5. The option +Add filter allows you to add new filters to sources, specifying a field, operator, and value.
For example, you can filter all logs matching the destination IP (10.0.0.2).
If you click on the filter, you can Edit, Delete and Invert the corresponding filter.
Also, in the Calendar icon, you filter or custom the period time that stores the source you want to analyze. In this case, the source is log*.
6. In this section, you can see the Selected fields that form the TABLE columns. In this case, the only selected field is @timestamp.
If you click on this field, you can see the logs quantity of the top 5 values (@timestamp) by positioning the pointer mouse on each @timestamp field. The red button on the right allows you to Remove from the TABLE the corresponding field.
Simultaneously, you can filter any of those fields by clicking on the icon Search +. UTMStack uniquely will display the logs stored in that time.
In the Available fields option, you can select and search other fields to analyze them in TABLE by clicking the blue button add.
In the same way, you can see the logs quantity that exists in the top 5 values (e.g., DataType) by positioning the pointer mouse on each DataType field.
You can also filter those logs by clicking the icon Search +.