SYS-CON MEDIA Authors: Stackify Blog, Zakia Bouachraoui, Elizabeth White, Pat Romanski, Liz McMillan

Blog Post

Introducing Logentries’ New Querybuilder

by Eoin Shanley

We recently announced the release of Logentries Query Language (LEQL),  an even more powerful but incredibly easy way to query your log files. The new Querybuilder search tool automatically identifies the available Key Value Pairs in your log events and presents them as options to be included in your query. The Querybuilder also displays a list of available query functions that can be used to calculate values such as COUNT, SUM, AVERAGE, MIN & MAX.

logentries-new-querybuilder

The Querybuilder enables advanced analytics and easy extraction of valuable insights from your log data. You can quickly search for specific events and extract key metrics or trends about your systems' behavior.

So, What's New?

We have made the Querybuilder even easier to use by introducing a simple and advanced mode so you can choose to write your LEQL queries manually, or use a handy toolbar to build your query - or you can switch between both modes and use both!

Simple mode:

The simple mode provides easy access to the LEQL calculation commands. If you want to group your data, you simply start typing the name of the keyword you're searching for, and all the matching ones will appear automatically.

The resulting query will be displayed above the Querybuilder, so you can still see the full LEQL query that will be run.

Let's have a look.

Image 1

Here is the Querybuilder in simple mode. In the first part of the textbox, you just type whatever you're searching for (want to use Regular Expressions? No problem! read more here).

Let's search for the string "Server 1." As you type, you will see that the query is updated in real time.

upload (3)

Now we're going to group them by another key - we're going to use remoteIP for this. All we need to do is start typing the name of the key into the "Group By" box and the matching key names will automatically appear:

upload

So far, so good. Now finally, we want to calculate the count - and that's as simple as selecting it from the Calculate menu.

upload (1)

Now, just press the Find button and you're done!

upload (4)

Want to use a different calculation? No problem - just select the calculation from the menu, and a box will appear where you enter the key you're calculating. In this example, we're going to get the MAX value of the status key values - for example, maybe you want to find the maximum response time of HTTP requests to your server.

upload (5)

Advanced mode

Prefer your keyboard to your mouse? The advanced mode will let you type in your LEQL queries just like before. If you switch from Simple to Advanced mode, then the query box will automatically display the query that was built using the simple mode.

upload (6)

You can immediately validate your query by checking the message above the query box. In the example below, I've spelled "where" incorrectly, and I get instant feedback that there is a problem with the query. I will not be able to switch back to Simple mode until I've corrected this.

upload (7)

Anything else new?
Since you asked..We have an updated date range selector for you too. You can choose from a wider range of pre-populated time periods:

upload (8)

And of course, you can still enter a custom date range. Make sure to check out the "Now" option, to assure you're searching your most recent logs.

upload (9)

As always, any questions or feedback on the Querybuilder or Data Range Selector, let us know at [email protected]! Don't have a Logentries account yet? Get started in minutes for free.

More Stories By Trevor Parsons

Trevor Parsons is Chief Scientist and Co-founder of Logentries. Trevor has over 10 years experience in enterprise software and, in particular, has specialized in developing enterprise monitoring and performance tools for distributed systems. He is also a research fellow at the Performance Engineering Lab Research Group and was formerly a Scientist at the IBM Center for Advanced Studies. Trevor holds a PhD from University College Dublin, Ireland.

Latest Stories
The benefits of automated cloud deployments for speed, reliability and security are undeniable. The cornerstone of this approach, immutable deployment, promotes the idea of continuously rolling safe, stable images instead of trying to keep up with managing a fixed pool of virtual or physical machines. In this talk, we'll explore the immutable infrastructure pattern and how to use continuous deployment and continuous integration (CI/CD) process to build and manage server images for any platform....
AI and machine learning disruption for Enterprises started happening in the areas such as IT operations management (ITOPs) and Cloud management and SaaS apps. In 2019 CIOs will see disruptive solutions for Cloud & Devops, AI/ML driven IT Ops and Cloud Ops. Customers want AI-driven multi-cloud operations for monitoring, detection, prevention of disruptions. Disruptions cause revenue loss, unhappy users, impacts brand reputation etc.
Atmosera delivers modern cloud services that maximize the advantages of cloud-based infrastructures. Offering private, hybrid, and public cloud solutions, Atmosera works closely with customers to engineer, deploy, and operate cloud architectures with advanced services that deliver strategic business outcomes. Atmosera's expertise simplifies the process of cloud transformation and our 20+ years of experience managing complex IT environments provides our customers with the confidence and trust tha...
Enterprises are adopting Kubernetes to accelerate the development and the delivery of cloud-native applications. However, sharing a Kubernetes cluster between members of the same team can be challenging. And, sharing clusters across multiple teams is even harder. Kubernetes offers several constructs to help implement segmentation and isolation. However, these primitives can be complex to understand and apply. As a result, it’s becoming common for enterprises to end up with several clusters. This...
Containers and Kubernetes allow for code portability across on-premise VMs, bare metal, or multiple cloud provider environments. Yet, despite this portability promise, developers may include configuration and application definitions that constrain or even eliminate application portability. In this session we'll describe best practices for "configuration as code" in a Kubernetes environment. We will demonstrate how a properly constructed containerized app can be deployed to both Amazon and Azure ...
Is advanced scheduling in Kubernetes achievable?Yes, however, how do you properly accommodate every real-life scenario that a Kubernetes user might encounter? How do you leverage advanced scheduling techniques to shape and describe each scenario in easy-to-use rules and configurations? In his session at @DevOpsSummit at 21st Cloud Expo, Oleg Chunikhin, CTO at Kublr, answered these questions and demonstrated techniques for implementing advanced scheduling. For example, using spot instances and co...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
Public clouds dominate IT conversations but the next phase of cloud evolutions are "multi" hybrid cloud environments. The winners in the cloud services industry will be those organizations that understand how to leverage these technologies as complete service solutions for specific customer verticals. In turn, both business and IT actors throughout the enterprise will need to increase their engagement with multi-cloud deployments today while planning a technology strategy that will constitute a ...
Using serverless computing has a number of obvious benefits over traditional application infrastructure - you pay only for what you use, scale up or down immediately to match supply with demand, and avoid operating any server infrastructure at all. However, implementing maintainable and scalable applications using serverless computing services like AWS Lambda poses a number of challenges. The absence of long-lived, user-managed servers means that states cannot be maintained by the service. Lo...
GCP Marketplace is based on a multi-cloud and hybrid-first philosophy, focused on giving Google Cloud partners and enterprise customers flexibility without lock-in. It also helps customers innovate by easily adopting new technologies from ISV partners, such as commercial Kubernetes applications, and allows companies to oversee the full lifecycle of a solution, from discovery through management.
Using serverless computing has a number of obvious benefits over traditional application infrastructure - you pay only for what you use, scale up or down immediately to match supply with demand, and avoid operating any server infrastructure at all. However, implementing maintainable and scalable applications using serverless computing services like AWS Lambda poses a number of challenges. The absence of long-lived, user-managed servers means that states cannot be maintained by the service. Lo...
Today most companies are adopting or evaluating container technology - Docker in particular - to speed up application deployment, drive down cost, ease management and make application delivery more flexible overall. As with most new architectures, this dream takes significant work to become a reality. Even when you do get your application componentized enough and packaged properly, there are still challenges for DevOps teams to making the shift to continuous delivery and achieving that reducti...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
Docker and Kubernetes are key elements of modern cloud native deployment automations. After building your microservices, common practice is to create docker images and create YAML files to automate the deployment with Docker and Kubernetes. Writing these YAMLs, Dockerfile descriptors are really painful and error prone.Ballerina is a new cloud-native programing language which understands the architecture around it - the compiler is environment aware of microservices directly deployable into infra...
10ZiG Technology is a leading provider of endpoints for a Virtual Desktop Infrastructure environment. Our fast and reliable hardware is VMware, Citrix and Microsoft ready and designed to handle all ranges of usage - from task-based to sophisticated CAD/CAM users. 10ZiG prides itself in being one of the only companies whose sole focus is in Thin Clients and Zero Clients for VDI. This focus allows us to provide a truly unique level of personal service and customization that is a rare find in th...