{"_id":"5826156055b1060f00ec4193","__v":0,"user":"5732062ad720220e008ea1d2","parentDoc":null,"project":"56ba46e2ce5d540d00e2d7a7","category":{"_id":"582601f155b1060f00ec4173","project":"56ba46e2ce5d540d00e2d7a7","__v":0,"version":"56ba46e2ce5d540d00e2d7aa","sync":{"url":"","isSync":false},"reference":false,"createdAt":"2016-11-11T17:37:53.355Z","from_sync":false,"order":1,"slug":"guides","title":"Guides"},"version":{"_id":"56ba46e2ce5d540d00e2d7aa","project":"56ba46e2ce5d540d00e2d7a7","__v":12,"createdAt":"2016-02-09T20:06:58.727Z","releaseDate":"2016-02-09T20:06:58.727Z","categories":["56ba46e3ce5d540d00e2d7ab","5771a6b145c7080e0072927f","5771a72eb0ea6b0e006a5221","5772e5b20a6d610e00dea073","577c3006b20f211700593629","57ae587bca3e310e00538155","57ae593a7c93fa0e001e6b50","57b1f8263ff6c519005cf074","582601f155b1060f00ec4173","582a62857a96051b0070b011","58ebfae58d5a860f00851fb9","590a75a1ec0d5e190095ab38"],"is_deprecated":false,"is_hidden":false,"is_beta":false,"is_stable":true,"codename":"","version_clean":"1.0.0","version":"1.0"},"updates":[],"next":{"pages":[],"description":""},"createdAt":"2016-11-11T19:00:48.606Z","link_external":false,"link_url":"","githubsync":"","sync_unique":"","hidden":false,"api":{"results":{"codes":[]},"settings":"","auth":"required","params":[],"url":""},"isReference":false,"order":4,"body":"This guide covers how to use views and alerts in the LogDNA web app.\n\n## Views\n\nViews are saved shortcuts to a specific set of filters and search queries. You can see the list of views in the Views pane on the left. If this is your first time using LogDNA, you will only see the default Everything view, which shows you all log lines.\n\n## Alerts\n\nAlerts send out alert notifications to the specified alert channel(s) whenever a log line appears in that alert's associated view. A bell icon is also displayed to the right of the view name to indicate that this view has an alert attached to it. *Alerts cannot exist without an attached view.*\n\n## Creating a view\n\nWhen creating a view, you can choose whether to create that view with an attached alert.\n\n### Without an alert\n\nBy default, creating a view will not create an associated alert.\n\n1. Set the sources, apps, and/or log level filters as well as perform any search queries to get desired set of log lines.\n2. Click the `Unsaved View` button in the top left and select `Save as New View/Alert`\n3. Name your new view, and hit `Save`.\n\n### With an alert\n\nTo create a view with an attached alert, first follow the steps to create a view above, but do not hit the save button just yet. Once you've named your view:\n\n1. Click the Alerts drop-down menu and click either `Create a custom alert` or select an alert preset that you created previously.\n2. Choose a channel to send the alert to. You can send an email, Slack, or webhook alert. It is also possible to send alerts to multiple channels by clicking the plus button above the alert channel options until you have added the desired number of alert channels.\n3. Set your threshold alerting parameters (e.g. only alert after 20 lines in 5 minutes)\n4. Configure your [alert notification channels](doc:alerts)\n5. Click `Save`.\n\n## Managing views\n\nA number of options are available to help you manage your views.\n\n### Accessing a view\n\nYour newly created views will appear in the views pane on the left, and will persist even after you log out. To see the log lines, as well as the filter and search options associated with a view or alert, simply click on the name of that view. If you have more than twelve (12) views, you can use the View Finder feature in the Views pane on the left to search for a particular view.\n\n### Deleting a view\n\n1. Click on the name of the view you wish to delete in the Views pane on the left.\n2. Click the name of the view in the drop-down menu at the top, and select `Delete`.\n3. A confirmation prompt will appear. Click the red `Delete` button to confirm the deletion of the view.\n\nDeleting a view will also delete any attached alerts. \n\n### Duplicating a view\n\n1. Click on the name of the view you wish to edit in the Views pane on the left.\n2. Click the name of the view in the drop-down menu at the top, and select `Save as New View/Alert`.\n3. Name your view, optionally attach any desired alerts, and click `Save`.\n\nYou can also use this method to attach an alert to an existing view.\n\n### Editing a view\n\n1. Click on the name of the view you wish to edit in the Views pane on the left.\n2. Click the name of the view in the drop-down menu at the top, and select `Edit View Preferences`.\n3. Optionally enter a new name for that view in the `Rename View` text box.\n4. Optionally configure a custom line template for that view. For more details, see [Understanding Custom Line Templates](https://docs.logdna.com/docs/views#section-understanding-custom-line-templates).\n5. Click the green Save button.\n\n### Attaching an alert\n \n1. Click the name of the existing view you wish to attach an alert to.\n2. Click the name of the existing view in the drop-down menu at the top, and select `Attach an Alert`\n\n### Detaching an alert \n\n1. Click the name of the existing view with an alert you wish to detach the alert from.\n2. Click the name of the existing view in the drop-down menu at the top, and select `Detach an Alert`\n\n### Re-ordering views\n\nBy default, views are arranged in the order they are created. You can re-order your views by clicking and dragging the left side of a view. While views are shared across all users belonging to the same organization, re-ordering views in your own user account does not affect the order of views in other users that belong to the same organization.\n\n## Managing alerts \n\nTo manage your alert channels, Click on Settings (gear icon) and select Alerts. You will see a list of your alert presets followed by a list of all of all your View Specific Alerts.\n\n### Alert presets\n\nAlert presets allow you to re-use the same alert channels across multiple alerts. To create an alert preset:\n\n1. Click the `Add a Preset Alert` button  configure your alert channel settings.\n2. Choose a channel to send the alert to. You can send an email, Slack, or webhook alert. It is also possible to send alerts to multiple channels by clicking the `Add an alert channel` drop-down menu until you have added the desired number of alert channels.\n3. Click the `Add` button to save the alert preset.\n\nYou can also edit or delete an alert preset by mousing over the desired alert preset and selecting the `Edit` or `Delete` option.\n\n### View Specific Alerts\n\nThe View Specific Alerts section displays a list of all of your alerts attached to existing views. You can edit or remove an alert from its associated view by mousing over the desired alert and selecting the `Edit` or `Remove` option. Removing an alert from a view does not delete the view, it only removes the alert.\n\n## Understanding custom line templates\n\nLocated under Edit View Preferences, custom line templates allow you to configure how your log line messages are displayed in that view. **Custom line templates do not change the way your log lines are parsed or searched, only the way they are displayed in that specific view**.\n\nFor example, if I have a view that displays log lines with the following message:\n```\nuser 1234 requested endpoint /api/endpoint\n```\nAnd contains the following field metadata:\n```\n{ \n  meta: { \n    first_name: Jane\n    last_name: Doe\n  }\n}\n```\nIf I use the following custom line template:\n```\n{{_meta.first_name}} {{_meta.last_name}}, aka $:::at:::\n```\nThis will display log messages in that view in this format:\n```\nJane Doe, aka user 1234 requested endpoint /api/endpoint\n```\nWhen you configure a custom line template, you can use any field data available to you for that line , including the line itself, represented as `$@`. For JSON, you can use the field name directly to reference the field value instead prefixing it with `_meta`, like this: `{{first_name}}`.\n\nPlease keep in mind that field elements and static text in a custom line template cannot be searched as normal substrings, since they are for display only. All field data must still be searched in the following format: `field:value`. For more details on our search syntax, check out our [search guide](doc:search).","excerpt":"","slug":"views","type":"basic","title":"Views & Alerts"}
This guide covers how to use views and alerts in the LogDNA web app. ## Views Views are saved shortcuts to a specific set of filters and search queries. You can see the list of views in the Views pane on the left. If this is your first time using LogDNA, you will only see the default Everything view, which shows you all log lines. ## Alerts Alerts send out alert notifications to the specified alert channel(s) whenever a log line appears in that alert's associated view. A bell icon is also displayed to the right of the view name to indicate that this view has an alert attached to it. *Alerts cannot exist without an attached view.* ## Creating a view When creating a view, you can choose whether to create that view with an attached alert. ### Without an alert By default, creating a view will not create an associated alert. 1. Set the sources, apps, and/or log level filters as well as perform any search queries to get desired set of log lines. 2. Click the `Unsaved View` button in the top left and select `Save as New View/Alert` 3. Name your new view, and hit `Save`. ### With an alert To create a view with an attached alert, first follow the steps to create a view above, but do not hit the save button just yet. Once you've named your view: 1. Click the Alerts drop-down menu and click either `Create a custom alert` or select an alert preset that you created previously. 2. Choose a channel to send the alert to. You can send an email, Slack, or webhook alert. It is also possible to send alerts to multiple channels by clicking the plus button above the alert channel options until you have added the desired number of alert channels. 3. Set your threshold alerting parameters (e.g. only alert after 20 lines in 5 minutes) 4. Configure your [alert notification channels](doc:alerts) 5. Click `Save`. ## Managing views A number of options are available to help you manage your views. ### Accessing a view Your newly created views will appear in the views pane on the left, and will persist even after you log out. To see the log lines, as well as the filter and search options associated with a view or alert, simply click on the name of that view. If you have more than twelve (12) views, you can use the View Finder feature in the Views pane on the left to search for a particular view. ### Deleting a view 1. Click on the name of the view you wish to delete in the Views pane on the left. 2. Click the name of the view in the drop-down menu at the top, and select `Delete`. 3. A confirmation prompt will appear. Click the red `Delete` button to confirm the deletion of the view. Deleting a view will also delete any attached alerts. ### Duplicating a view 1. Click on the name of the view you wish to edit in the Views pane on the left. 2. Click the name of the view in the drop-down menu at the top, and select `Save as New View/Alert`. 3. Name your view, optionally attach any desired alerts, and click `Save`. You can also use this method to attach an alert to an existing view. ### Editing a view 1. Click on the name of the view you wish to edit in the Views pane on the left. 2. Click the name of the view in the drop-down menu at the top, and select `Edit View Preferences`. 3. Optionally enter a new name for that view in the `Rename View` text box. 4. Optionally configure a custom line template for that view. For more details, see [Understanding Custom Line Templates](https://docs.logdna.com/docs/views#section-understanding-custom-line-templates). 5. Click the green Save button. ### Attaching an alert 1. Click the name of the existing view you wish to attach an alert to. 2. Click the name of the existing view in the drop-down menu at the top, and select `Attach an Alert` ### Detaching an alert 1. Click the name of the existing view with an alert you wish to detach the alert from. 2. Click the name of the existing view in the drop-down menu at the top, and select `Detach an Alert` ### Re-ordering views By default, views are arranged in the order they are created. You can re-order your views by clicking and dragging the left side of a view. While views are shared across all users belonging to the same organization, re-ordering views in your own user account does not affect the order of views in other users that belong to the same organization. ## Managing alerts To manage your alert channels, Click on Settings (gear icon) and select Alerts. You will see a list of your alert presets followed by a list of all of all your View Specific Alerts. ### Alert presets Alert presets allow you to re-use the same alert channels across multiple alerts. To create an alert preset: 1. Click the `Add a Preset Alert` button configure your alert channel settings. 2. Choose a channel to send the alert to. You can send an email, Slack, or webhook alert. It is also possible to send alerts to multiple channels by clicking the `Add an alert channel` drop-down menu until you have added the desired number of alert channels. 3. Click the `Add` button to save the alert preset. You can also edit or delete an alert preset by mousing over the desired alert preset and selecting the `Edit` or `Delete` option. ### View Specific Alerts The View Specific Alerts section displays a list of all of your alerts attached to existing views. You can edit or remove an alert from its associated view by mousing over the desired alert and selecting the `Edit` or `Remove` option. Removing an alert from a view does not delete the view, it only removes the alert. ## Understanding custom line templates Located under Edit View Preferences, custom line templates allow you to configure how your log line messages are displayed in that view. **Custom line templates do not change the way your log lines are parsed or searched, only the way they are displayed in that specific view**. For example, if I have a view that displays log lines with the following message: ``` user 1234 requested endpoint /api/endpoint ``` And contains the following field metadata: ``` { meta: { first_name: Jane last_name: Doe } } ``` If I use the following custom line template: ``` {{_meta.first_name}} {{_meta.last_name}}, aka $@ ``` This will display log messages in that view in this format: ``` Jane Doe, aka user 1234 requested endpoint /api/endpoint ``` When you configure a custom line template, you can use any field data available to you for that line , including the line itself, represented as `$@`. For JSON, you can use the field name directly to reference the field value instead prefixing it with `_meta`, like this: `{{first_name}}`. Please keep in mind that field elements and static text in a custom line template cannot be searched as normal substrings, since they are for display only. All field data must still be searched in the following format: `field:value`. For more details on our search syntax, check out our [search guide](doc:search).