Create Views & Alerts

Learn how to create views and alerts in the LogDNA web app for effortless, real-time log monitoring, viewing, and alerting.

This guide covers how to use views and alerts in the LogDNA web app.

Views

Views are saved shortcuts to a specific set of filters and search queries. You can see the list of views in the Views pane on the left. If this is your first time using LogDNA, you will only see the default Everything view, which shows you all log lines.

Categories

Categories can be created and chosen to group your views. You can see the list of created categories in the Views pane on the left. As a default, when you save a new view, It will save it under a category named UNCATEGORIZED unless it's specified. Views are unique within LogDNA but you can have more than one categories for each view.

Alerts

Alerts send out alert notifications to the specified alert channel(s) whenever a log line appears in that alert's associated view. A bell icon is also displayed to the right of the view name to indicate that this view has an alert attached to it. Alerts cannot exist without an attached view.

Creating a view

When creating a view, you can choose whether to create that view with an attached alert.

Without an alert

By default, creating a view will not create an associated alert.

  1. Set the sources, apps, and/or log level filters as well as perform any search queries to get desired set of log lines.
  2. Click the Unsaved View button in the top left and select Save as New View/Alert.
  3. Name your new view, and hit Save. At this step, you can also choose the option to either create a new category, or you can choose an existing category from the list for the view.

With an alert

To create a view with an attached alert, first, follow the steps to create a view above, but do not hit the save button just yet. Once you've named your view:

  1. Click the Alerts drop-down menu and click either Create a custom alert or select an alert preset that you created previously.
  2. Choose a channel to send the alert to. You can send an email, Slack, HipChat, webhook, Pager Duty or OpsGene alert. It is also possible to send alerts to multiple channels by clicking the plus button above the alert channel options until you have added the desired number of alert channels.
  3. Set your threshold alerting parameters (e.g. only alert after 20 lines in 5 minutes).
  4. Configure your alert notification channels.
  5. Click Save.

Managing views

A number of options are available to help you manage your views.

Accessing a view

Your newly created views will appear in the views pane on the left under the categories that it belongs to and will persist even after you log out. To see the log lines, as well as the filter and search options associated with a view or alert, simply expand the category and click on the name of that view. If you have more than twelve (12) views, you can use the View Finder feature in the Views pane on the left to search for a particular view. You can use the Find View top search bar in the view pane or press ⌘K on your keyboard to find a particular view.

Deleting a view

  1. Click on the name of the view you wish to delete in the views pane on the left.
  2. Click the name of the view in the drop-down menu at the top, and select Delete.
  3. A confirmation prompt will appear. Click the red Delete button to confirm the deletion of the view.

Deleting view will remove it completely from the system. If the view exists in multiple categories, it will disappear from each one. If you want to delete your view from a category, go to Manage Views page. Deleting a view will also delete any attached alerts.

Duplicating a view

  1. Expand the category and click on the name of the view you wish to edit in the views pane on the left.
  2. Click the name of the view in the drop-down menu at the top, and select Save as New View/Alert.
  3. Name your view, optionally attach any desired alerts, and click Save.

You can also use this method to attach an alert to an existing view.

Editing a view

  1. Expand the category and click on the name of the view you wish to edit in the views pane on the left.
  2. Click the name of the view in the drop-down menu at the top, and select Edit View Properties.
  3. Optionally enter a new name for that view in the Rename View text box.
  4. Optionally configure a custom line template for that view. For more details, see Understanding Custom Line Templates.
  5. Click the green Save button.

The changes made in the view can be seen in all the categories of the view.

Starring a view

This will add the view into the Starred section on top of the view pane.

  1. Expand the Category and click on the Star icon on the left side of the view name.

Unstarring a view

  1. In the Starred section, hit the Star icon on the left side of the view name you wish to un-star.

Creating a category

  1. Click Manage under the views pane.
  2. Click Add a Category button under the categories section.
  3. Enter the name of the category and click Add.

Adding a view to a category

  1. Click Manage under the views pane.
  2. Select an existing view under All Views section and Drag&Drop to the desired category on the categories section on the right.

Deleting a category

  1. Click Manage under the views pane.
  2. Find the category under the categories section and hit delete appears on the right to the category name.

Deleting a category does not delete the views associated with the category.

Attaching an alert

  1. Click the name of the existing view you wish to attach an alert to.
  2. Click the name of the existing view in the drop-down menu at the top, and select Attach an Alert.

Detaching an alert

  1. Click the name of the existing view with an alert you wish to detach the alert from.
  2. Click the name of the existing view in the drop-down menu at the top, and select Detach an Alert.

Embedding a view

  1. Click the name of the existing view you wish to embed.
  2. Click the name of the existing view in the drop-down menu at the top, and select Embed this View.

For detailed information on embedded views, see the Embedded Views guide.

Organizing views

By default, views are arranged in the alphabetical order. You can star your views and re-order them by clicking and dragging the left side of a view. While all categories and views are shared across the entire organization, the content and order of the starred views section can be personalized by each user.

Managing alerts

To manage your alert channels, Click on Settings (gear icon) and select Alerts. You will see a list of your alert presets followed by a list of all of all your View Specific Alerts.

Alert presets

Alert presets allow you to re-use the same alert channels across multiple alerts. To create an alert preset:

  1. Click the Add a Preset Alert button configure your alert channel settings.
  2. Choose a channel to send the alert to. You can send an email, Slack, or webhook alert. It is also possible to send alerts to multiple channels by clicking the Add an alert channel drop-down menu until you have added the desired number of alert channels.
  3. Click the Add button to save the alert preset.

You can also edit or delete an alert preset by mousing over the desired alert preset and selecting the Edit or Delete option.

View Specific Alerts

The View Specific Alerts section displays a list of all of your alerts attached to existing views. You can edit or remove an alert from its associated view by mousing over the desired alert and selecting the Edit or Remove option. Removing an alert from a view does not delete the view, it only removes the alert.

Understanding custom line templates

Located under Edit View Preferences, custom line templates allow you to configure how your logline messages are displayed in that view. Custom line templates do not change the way your log lines are parsed or searched, only the way they are displayed in that specific view.

For example, if I have a view that displays log lines with the following message:

user 1234 requested endpoint /api/endpoint

And contains the following field metadata:

{ 
  meta: { 
    first_name: Jane
    last_name: Doe
  }
}

If I use the following custom line template:

{{_meta.first_name}} {{_meta.last_name}}, aka $@

This will display log messages in that view in this format:

Jane Doe, aka user 1234 requested endpoint /api/endpoint

When you configure a custom line template, you can use any field data available to you for that line, including the line itself, represented as $@. For JSON, you can use the field name directly to reference the field value instead prefixing it with _meta, like this: {{first_name}}.

Please keep in mind that field elements and static text in a custom line template cannot be searched as normal substrings since they are for display only. All field data must still be searched in the following format: field:value. For more details on our search syntax, check out our search guide.

Create Views & Alerts

Learn how to create views and alerts in the LogDNA web app for effortless, real-time log monitoring, viewing, and alerting.