Log Search - Log Level Detection and Insights
This feature is in Beta. To participate, contact your Sumo Logic account executive.
When performing Log Search queries in the UI, you can visualize and filter log-level distribution in your Histogram results and Messages table view, helping you to:
- Quickly identify anomalies
- Drill down in the high severity logs quickly
- Navigate through a large volume of logs
- Filter the relevant logs in their troubleshooting workflows
What are log levels?
Sumo Logic detects six log levels out of the box: FATAL, ERROR, WARN, INFO, DEBUG, and TRACE. If we're unable to find one of these log levels in a message, it is categorized under the OTHERS bucket.
Log-Level pattern detection is automatic, meaning you do not need to parse log levels manually or write specific queries to see your distribution of error logs. Just execute a log search, and you'll see:
| Element | Description |
|---|---|
| A | Histogram with stacked bars representing log level distribution over your search timeframe. |
| B | Interactive Histogram legend showing the log level that each color represents. Click on any label to isolate it in the Histogram and corresponding messages beneath that. To select multiple log levels, use shift + click.In this example, the ERROR label has been clicked, so you'll see only error logs reflected. |
| C | Field Browser log_level filter. You can use this reserved field in your queries to perform advanced operations. 1 |
| D | Log level for this log message. Quickly identify the log level of each log message using the color-coded Histogram legend for each message. |
| E | Distribution of log levels under log_level field in the field browser. |
| F | Hide Log Levels. Click this to hide log levels from the Histogram chart, however, the log_level field will still show in the Messages table, however, log level color coding from individual messages will be removed. To enable it again, just click Show Log Levels. |
"" in the Histogram is null. To query these messages, you can run:| where isNull(log_level)