Skip to main content

Exploring and analyzing logs

According to your use case, you’ll either filter the log explorer for high-severity logs or rely on alert events for more complex situations.

To see logs in Centreon Log Management, you first need to configure an OpenTelemetry collector on each host you want to receive logs from.

Using the Log explorer page

The log explorer page allows you to search and filter logs so you can investigate issues and perform root-cause analysis.

Time period

  • Use the Time period list at the top right of the page to select the range of logs to display.
  • Navigate your data using the timeline: click and drag your mouse over the graph to select a new time range.

Searching for logs

Use the search bar to filter your logs. The search bar has two modes (use the switch on the right to select the one you want):

  • In query mode:

    • Type your search directly using the query syntax.

    • Click the Ask AI button to the right of the search bar. Write a query with your own words in the field that appears, then click Apply and search. This will generate a query with the correct syntax.

      AI responses may be inaccurate or incomplete. Always check the results.

      image

  • In Query builder mode, blocks lets you build your search step by step - you add a block, then you select attribute names and values and select syntax elements like AND, OR, and NOT.

    • Click the plus sign in the search bar to add a blank block.
    • Add a pre-filled block automatically by clicking the plus sign to the left of an attribute value in the Filters panel.

    image

In both cases, you need to click the Search button to launch the search.

Detailed log info

Click a log to see all related information in the Log details panel, including the raw log entry.

  • You can open several logs in the panel.
  • The search bar will inspect attribute names and values.

Rearranging columns

  • Use the Search and add column button at the top right of the results to choose which columns/attributes you want to display.

    image

  • The Time column is always displayed first and cannot be unpinned. You can pin one other column in second position.

Using the Alert events page

On the Alert events page, alert events show what's happening in real time and allow you to react quickly to incidents. (To get alert events, you need to create alert rules first.)

Using dashboards

Create dashboards to view and explore your data visually. Dashboards display both current information and historical data, allowing you to examine trends and understand changes over time.