Info
Content

Log Explorer

Click on the Log Explorer module and select the option Log Explorer.

log-explorer.jpg

UTMStack displays the LOG ANALYZER window, which visualizes by default the tab New query 1 with all logs data ordered descendent per the field @timestamp. 

@timestamp represents the date and time where the log was entered to UTMStack. 

In tab +, you can add a new query. 

log-explorer-analyzes.jpg

 1. Here, you have these options: 

options-1.jpg

  • Data refresh by clicking on the button Refresh data. 
  • Saving the query by typing the Name and Description after clicking Save. 
  • Data Export in a file .csv by clicking on the button Export to CSV 

  2. In the button Queries, you can manage your queries.

new-query.jpg

  3. In the option Source, you can select the default index pattern you want to analyze. Also, you can add a new index pattern by clicking on the option +Add source. However, let's keep the index pattern (log*) as an example.

sources-index-pattern.jpg

4. Those data will be visualized on the tabs TABLE and CHART

If you drop down each filtered @timestamp, you can see another tab Table with all data associated with the log. 

UTMStack also enables a Filter and a small Table icon for each field.

  • The Filter icon allows filtering logs according to the corresponding field.
  • The small Table icon allows adding the field as a new table column. 

data-logs.jpg

The tab JSON shows the JSON structure of that log. 

json.jpg

 By clicking on the CHART tab, UTMStack visualizes the logs quantity stored per field (@timestamp). 

 

However, you can visualize the quantity of a specific log stored per a specific time in a specific chart (bar or line).

filter-by-logs,-time,-chart.jpg

 Also, you can save the chart as an image, zoom, step back and restore the chart in the corresponding options. 

options-save,-zoom,-etc.jpg

5. The option +Add filter allows you to add new filters to sources, specifying a field, operator, and value.

For example, you can filter all logs matching the destination IP (10.0.0.2). 

add-new-filter.jpg 

If you click on the filter, you can Edit, Delete and Invert the corresponding filter. 

edit-filter.jpg

Also, in the Calendar icon, you filter or custom the period time that stores the source you want to analyze. In this case, the source is log*. 

calendar-icon-.jpg

6. In this section, you can see the Selected fields that form the TABLE columns. In this case, the only selected field is @timestamp

If you click on this field, you can see the logs quantity of the top 5 values (@timestamp) by positioning the pointer mouse on each @timestamp field. The red button on the right allows you to Remove from the TABLE the corresponding field. 

timestamp.jpg 

Simultaneously, you can filter any of those fields by clicking on the icon Search +. UTMStack uniquely will display the logs stored in that time. 

search-+.jpg

In the Available fields option, you can select and search other fields to analyze them in TABLE by clicking the blue button add.

add-blue.jpg

In the same way, you can see the logs quantity that exists in the top 5 values (e.g., DataType) by positioning the pointer mouse on each DataType field. 

serch-+-again.jpg

You can also filter those logs by clicking the icon Search +.

nids.jpg

No Comments
Back to top