Logentries Docs

Find comprehensive guides and documentation to help you start and continue to work with Logentries.

    

Search results for "{{ search.query }}"

No results found for "{{search.query}}".
View All Results

Community Packs

Community packs provide a way to easily share Search Queries, Tags and Alerts and Widgets that you create in your Logentries account. Community Packs follow a JSON structure and can be easily imported into your Logentries account via the UI.

Anyone can create a JSON formatted document that contains pre-defined dashboard widgets, search queries, tags, alerts or any combination thereof and then share them with anyone else in the Logentries Community.

Community Packs are available for download https://community.logentries.com/packs/.

Importing a Community Pack into your Logentries’ account

  1. On the main menu to the left of the Logentries’ Web UI, select the Community section, then ‘Add a Pack’.
  1. This will prompt you for your Community Pack, JSON file you would like to add.

  2. Select the Tags & Alerts you would like to import. You can also select whether to enable pre-defined Alerts or not.

  1. Select the widgets/graphs you’d like to import into your Dashboard. You can also select the destination dashboard to add the imported graphs/widgets to.
  1. Select the saved search queries you wish to import.
  1. Finally you will be prompted to select the Host(s) and log(s) to which you’d like to apply the pack to.

Your tags & alerts, saved queries and dashboard widgets will now be available within your Logentries account.

Contribute

You can contribute to existing packs and submit new packs through a GitHub Pull Request. Please see the GitHub Repository here: https://github.com/logentries/le_community_packs

Below is a full example of the JSON object structure for Community Packs.

{    
        "name": "Example Basic Monitoring",
    "description": "Description added as a new optional field",
        "tags": [
       {
             "type":"Alert",
             "name":"new devel changes",
             "labels":[
                {
                   "name":"test color",
                   "color":"c1f43d"
                }
             ],
             "patterns":[
                "another pattern"
             ],
             "action": {
                    "type": "Alert",
                    "min_matches_count":10,
                    "min_report_count":20,
                    "min_matches_period":"Day",
                    "min_report_period":"Day"
            }
          },

        {
            "type": "AlertNotify",
            "sub_type": "AnomalyAlert",
            "name": "another new anomaly",
            "description": "anomaly alert any description",
            "labels": [
                {"name": "label1", "color": "123456"}
            ],
            "action": {
                    "type": "Alert",
                    "min_report_count": 10,
                    "min_report_period": "Hour"
            },
            "scheduled_query": {
                "query": "sale_value > 30",
                "function": "Sum",
                "threshold_value": "+5",
                "threshold_type": "%",
                "time_period": "Week",
                "time_value": 5
            }
        },
            {
                "type": "AlertNotify",
                "sub_type": "InactivityAlert",
                "name": "inactivity alert import",
                "description": "inactivity alert any description",
                "patterns": ["pattern1"],
                "timeframe_value": 5,
                "timeframe_period": "Week",
                "labels": [
                    {"name": "label1", "color": "123456"}
                ],
                "action": {
                        "type": "Alert",
                        "min_report_count": 10,
                        "min_report_period": "Hour"
                }
            }
    ],
    "searches": [
            {
                "name": "calculate key1",
                "query": "key=1 calculate(COUNT)",
                "description": "key1 calculation"
            },
            {
                "name": "average key",
                "query": "key>10 | GroupBy(key) | AVERAGE(key)"
            },
            {
                "name": "calc sum",
                "query": "key=1 calculate(SUM)"
            }
            ],
    "widgets": [
            {
                "name": "Radial key by second",
                "description": "Radial graph for key1",
                "search_name": "calculate key1",
                "type": "Radial",
                "high_threshold": 100,
                "high_threshold_rate": "Second"
            },
            {
                "name": "Time Line Bar key by second",
                "description": "Time Line Bar key for key1",
                "search_name": "calculate key1",
                "type": "TimelineBarChart"
            },
            {
                "name": "Stacked key by second",
                "description": "Time line Stacked Bar Chart key by second",
                "search_name": "calculate key1",
                "type": "TimelineStackedBarChart"
            },
            {
                "name": "Line key by second",
                "description": "Time line Line Chart key by second",
                "search_name": "calculate key1",
                "type": "TimelineLineChart",
                "show_tooltip": true
            },
            {
                "name": "Avg Bar",
                "description": "Bar Chart AVG by key by second",
                "search_name": "average key",
                "type": "BarChart"
            },
            {
                "name": "Pie Key",
                "description": "Pie Chart by key by second",
                "search_name": "average key",
                "type": "PieChart"
            },
            {
                "name": "Multiline chart key",
                "description": "Multiline Graph for key by second",
                "searches_names": ["calculate key1", "calc sum"],
                "show_tooltip": true,
                "type": "Multiline"
            },
            {
                "name": "Count key ",
                "description": "Count number times",
                "search_name": "calculate key1",
                "type": "Count"
            }
        ]
}

“name”: and “description”: are optional fields for your JSON file. These fields are helpful for naming and describing your JSON Objects.

Here’s is a top level view (with all subfields removed) of how your JSON object might be structured. as shown in JSON below. All three fields are optional and you can mix and match which ones you wish to use.

{    "tags": [

    ],
    "searches": [

    ],
    "widgets": [

    ]
}

Tags

Tags have fields of:

  • name
  • type
  • subtype
  • pattern
  • labels
  • actions
  • notifications
  • timeframe_value
  • timeframe_period
  • scheduled_query

When creating tags there are two different “types” of tags: “Alert” and “AlertNotify”. A “Type: “Alert”, consists of a “name”, “labels”, “patterns” and “action”, as shown below.

It is important to note that “widgets” are dependent upon “searches” and must have a valid “search_names”: field associated with it to be imported and to work properly. Just like when you use a Widget in the Logentries’ user interface, by selecting a search query as you create your widget, the JSON object must also have this dependency built into its structure.

Please note the actual JSON fields used may not always match the actual User Interface names with which you are familiar.

Tags – example of a tags section with basic Alert, an Anomaly Alert and Inactivity Alert

{
  "tags": [
    {
      "type": "Alert",
      "name": "new devel changes",
      "labels": [
        {
          "name": "test color",
          "color": "c1f43d"
        }
      ],
      "patterns": [
        "another pattern"
      ],
      "action": {
        "type": "Alert",
        "min_matches_count": 10,
        "min_report_count": 20,
        "min_matches_period": "Day",
        "min_report_period": "Day"
      }
    },
    {
      "type": "AlertNotify",
      "sub_type": "AnomalyAlert",
      "name": "another new anomaly",
      "description": "anomaly alert any description",
      "labels": [
        {
          "name": "label1",
          "color": "123456"
        }
      ],
      "action": {
        "type": "Alert",
        "min_report_count": 10,
        "min_report_period": "Hour"
      },
      "scheduled_query": {
        "query": "sale_value > 30",
        "function": "Sum",
        "threshold_value": "+5",
        "threshold_type": "%",
        "time_period": "Week",
        "time_value": 5
      }
    },
    {
      "type": "AlertNotify",
      "sub_type": "InactivityAlert",
      "name": "inactivity alert import",
      "description": "inactivity alert any description",
      "patterns": [
        "pattern1"
      ],
      "timeframe_value": 5,
      "timeframe_period": "Week",
      "labels": [
        {
          "name": "label1",
          "color": "123456"
        }
      ],
      "action": {
        "type": "Alert",
        "min_report_count": 10,
        "min_report_period": "Hour"
      }
    }
  ]
}

Labels

      "labels": [
        {
          "name": "label1",
          "color": "123456"
        }
      ]

Actions

 "action": {
        "type": "Alert",
        "min_matches_count":10,
        "min_report_count":20,
        "min_matches_period":"Day",
        "min_report_period":"Day"
           }

Targets

{
    "targets": [
        {
            "type": "mailto",
            "params_set": {
            "direct": "email_address1, email_address2",
            "users": "{user uuid}",
             "teams": "{team uuid}"
            }
        },
    ]
}

Widgets

Widgets are dependent upon the “search_name” field. If you have a widget it must be associated with a valid “search_name” that is also included in your JSON file. If it doesn’t have both of these elements in your JSON object, the widget will have no means in which to draw it’s data and your JSON Validation will fail.

"widgets": [
        {
            "name": "Radial key by second",
            "description": "Radial graph for key1",
            "search_name": "calculate key1",
            "type": "Radial",
            "high_threshold": 100,
            "high_threshold_rate": "Second"
        },
        {
            "name": "Time Line Bar key by second",
            "description": "Time Line Bar key for key1",
            "search_name": "calculate key1",
            "type": "TimelineBarChart"
        },
        {
            "name": "Stacked key by second",
            "description": "Time line Stacked Bar Chart key by second",
            "search_name": "calculate key1",
            "type": "TimelineStackedBarChart"
        },
        {
            "name": "Line key by second",
            "description": "Time line Line Chart key by second",
            "search_name": "calculate key1",
            "type": "TimelineLineChart",
            "show_tooltip": true
        },
        {
            "name": "Avg Bar",
            "description": "Bar Chart AVG by key by second",
            "search_name": "average key",
            "type": "BarChart"
        },
            {
                "name": "Pie Key",
                "description": "Pie Chart by key by second",
                "search_name": "average key",
                "type": "PieChart"
            },
            {
                "name": "Multiline chart key",
                "description": "Multiline Graph for key by second",
                "searches_names": ["calculate key1", "calc sum"],
                "show_tooltip": true,
                "type": "Multiline"
            },
            {
                "name": "Count key ",
                "description": "Count number times",
                "search_name": "calculate key1",
                "type": "Count"
            }
    ]
}

The “show_tooltip”: true field is only for those widgets that use the tool tips checkbox and will not be applicable to all types of widgets.

Radial Gauge

"widgets": [
 {
    "name": "Radial key by second",
    "description": "Radial graph for key1",
    "search_name": "calculate key1",
    "type": "Radial",
    "high_threshold": 100,
    "high_threshold_rate": "Second" 
},

Timeline Chart

{
    "name": "Time Line Bar key by second",
    "description": "Time Line Bar key for key1",
    "search_name": "calculate key1",
    "type": "TimelineBarChart"
}

Timeline Stacked Bar Chart

{
    "name": "Stacked key by second",
    "description": "Time line Stacked Bar Chart key by second",
    "search_name": "calculate key1",
    "type": "TimelineStackedBarChart"
},

#### Timeline Line Chart
```json
{
    "name": "Line key by second",
    "description": "Time line Line Chart key by second",
    "search_name": "calculate key1",
    "type": "TimelineLineChart",
    "show_tooltip": true
},

Bar Chart

{
    "name": "Avg Bar",
    "description": "Bar Chart AVG by key by second",
    "search_name": "average key",
    "type": "BarChart"
},

Pie Chart

{
    "name": "Pie Key",
    "description": "Pie Chart by key by second",
    "search_name": "average key",
    "type": "PieChart"
},

Multiline Chart

{
    "name": "Multiline chart key",
    "description": "Multiline Graph for key by second",
    "searches_names": ["calculate key1", "calc sum"],
    "show_tooltip": true,
    "type": "Multiline"
},

Count Widget

```json
{
"name": "Count key ",
"description": "Count number times",
"search_name": "calculate key1",
"type": "Count"
},

Community Packs