Loggly & log management in general have a few concepts that you might want to become familiar with.
Fields play an important role within Loggly. Every event that’s received undergoes a full-text index, but where possible, we also parse out as many field-value pairs as we can. Once we have a field name, we’ll also facet the values (where appropriate) which greatly enhances your data analysis. By pin-pointing your search on a specific field, your searches will become much more accurate & your time to root-cause will be shortened.
There are a number of ways to get logs into Loggly, but the most common is by using syslog. Syslog agents run on all Linux systems by default & can be easily installed on Windows systems. Syslog will collect the log data & forward it to wherever you’d like. Forwarding to Loggly requires just a few lines of configuration. Read more on syslog & the basics of sending logs.
Tags, which Loggly will apply as meta data to your event, can be included along with any event that’s sent across. Tags can then be used to form Source Groups, which will help segment your data & narrow down search results. Tags are discussed in greater detail.