Filtering logs

PacketAI offers a wide range of powerful filtering controls for your logs.

Standard Filters

Date range filter

The date range filter (or date picker) lets you adjust the time window of observation: either using a a start and end times, or using a relative window.

The date range filter

• Clicking on the calendar icon opens a new menu with quick links to relative time windows
• Clicking on either the start date or end date opens a calendar to precisely position either date.

Severity filter

This filter lets you check/uncheck a given severity to show/hide logs of the corresponding severity. Please note that severity is automatically extracted from your log lines.

• Tip: hold (or the COMMAND key) while clicking on a severity level will display only logs of the selected severity.

Component filter

This filter provides auto-completion for quick filtering by component. Selected components will be automatically checked.

• Tip: click +k for a shortcut access to this filter.

Cluster filter

This menu filter lets you filter by cluster names.

• Note: when sending logs via one of the supported agents (filebeat, winlogbeat, vector or fluentd), this filter menu contains the values that were configured for the packetai.cluster_name variable of the agent configuration, like here (for the case of vector agent).
• Note: for a Linux infrastructure, this filter menu contains the default value "Linux monitoring"

Linux architecture filters

The following filters are only available for Linux infrastructures:

• Hosts filter

• Service filter

• Application filter

Hosts filter

This filter lets you select by host names.

Service filter

This filter lets you select by service names.

Application filter

This filter lets you select by application names.

Kubernetes workload filters

The following Workload filters are only available for Kubernetes infrastructures:

• Deployment filter

• Daemonset filter

• Statefulset filter

• Cronjob filter

Those filters are shown as a stack:

Each filter supports multiple selection and selected values are shown at the top of the menu.

You can also select multiple workload values at the same time:

Quick filter search

This mode lets user perform 1-clic key:value searches from existing logs.

Quick filters are available from the main log view, by clicking the eye icon

Once the flyover is displayed, quick key:value filters can be activated simply by clicking the magnifier icon

After clicking on the magnifier icon, results are automatically filtered with the selected key:value

Custom Filters

In addition to standard filters, PacketAI lets you build a custom filter from any available JSON property found in your logs.

• After clicking on the top header of a column in the Logs tab, click the Build Filter item to add a new filter widget at the bottom of the Search and Filter area. The filter comes automatically populated with unique values found for that property, letting you quickly and effortlessly drill down in your logs.

Example of adding a Custom Filter for property Container.id from the column header.

A new Container.id Custom Filter appears, populated with unique values.