Logentries Docs

Find comprehensive guides and documentation to help you start and continue to work with Logentries.

    

Search results for "{{ search.query }}"

No results found for "{{search.query}}".
View All Results

Syslog Structure

Logentries will automatically parse and index fields within your Syslog data. Keys are automatically highlighted in search. You can select a field suggested in the search bar to allow for quick searching of across your data.

Parsing

f we take a normal Syslog example in this format:

<165>1 Feb 22 17:16:34 test-VirtualBox kernel: [292] Accidentally deleted folder=system32
We know that the format of Syslog access logs are:

*pri* *version* *timestamp* *hostname* *appname* *procid*

And you'll be able to parse those implied keys immediately for groupby queries and calculations. So from the example above:

Implied Key
Value

pri

165

version

1

timestamp

Feb 22 17:16:34

hostname

test-VirtualBox

appname

kernel

procid

292

Using this data allows easier log searching, for example you can now carry out queries such as:

You can look for a hostname with:

where(hostname="test-VirtualBox")

You can see what appnames are used most often with

groupby(appname) calculate(count) sort(desc)

Syslog Structure