Tag Your Sources for More Focused Searching

 

I love Loggly’s tag capabilities. By inserting tags into certain logs or events, you can more easily isolate that data at search time. You can create any kind of tags of convenience, and you can create as many as you like. You may want to create tags based on the application, for example “apache”; for the environment, for example “production”; or for each product or client. With tags, you can separately see production response times or errors for each collection of logs or events.

Tags are one of the ways you can organize events into Loggly source groups. Once you have set up your source groups, you can easily select them in the drop-down box next to the search bar.

Loggly Example

How To Do It

Syslog Tags: If you are sending data through syslog, you’ll need to manually edit your syslog configuration file. Our Configure-Syslog script will generate a file that’s called “22-loggly.conf,” which is in either /etc/rsyslog.d/ or /etc/syslog-ng/conf.d/. Within the Loggly Format template, edit the value of the tag. (Click here for additional instructions.)

$template LogglyFormat,”<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% [TOKEN@41058 tag=\”apache\” tag=\”production\“] %msg%\n”

HTTP Tags: If you’re sending data through our API, you can include tags either as part of the URL or in the HTTP header. If you use both, both sets of tags will be associated with your log events.

http://logs-01.loggly.com/inputs/026308d8-2b63-4225-8fe9-e01294b6e472/tag/apache,production/

Tags are an incredibly useful feature, so be sure to let me know if you have ideas for ways to make them better.


One comment

  • Matt Veitas

    3 years ago

    Setting the tag above should have a space before the first tag entry.
    [TOKEN@41058tag=\”apache\” tag=\”production\”]

Share Your Thoughts

Top