OBSERVABILITY PLATFORM
Investigate
Logs
Create dashboards

Create dashboards for logging

Create dashboards to query and visualize logging data. You can define a logging query and then add it to a standard or classic dashboard.

Standard dashboards

Complete the following steps to create a standard dashboard with a query for logging:

  1. In the navigation menu, select Explorers > Logs Explorer.
  2. Write a query that returns the log data you want to view.
  3. Click Add to dashboard.
  4. In the Add to dashboard dialog, enter a name for your query. The query you defined is input in the Name field by default.
  5. Click create a new dashboard to create a new dashboard containing a panel with the query you defined.
  6. Click Add to dashboard to add the panel to your dashboard.

Observability Platform creates the dashboard with the query you defined. You can change the panel's type if you want the query to display as a different visualization.

Classic dashboards

Complete the following steps to create a classic dashboards with a query for logging.

You can use Grafana variable syntax (opens in a new tab) in your query, such as including $varname to interpolate values from your dashboard. Defining variables enables dropdown menus in dashboards to better filter your displayed data.

If you want to use variables in your query, you need to create them first. See Add a query variable (opens in a new tab) in the Grafana documentation for more information.

To create a classic dashboard with a query for logging:

  1. In Logs Explorer, define your query.

  2. Select your entire query and copy it to your clipboard.

  3. In the navigation menu, click Dashboards to go to the Dashboards screen.

  4. Create a classic dashboard.

  5. Add a panel to your dashboard.

  6. Enter a Panel title and Description for your panel.

  7. In the Query pane of your dashboard, select Chronosphere Logs from the dropdown as the query type.

  8. In the Repository dropdown, select the repository you want to run your query against.

  9. In the Query field, paste the query you defined. Replace any values with supported variables you want to use, such as $varname.

  10. In your query, add a pipe (|) and a supported query function (opens in a new tab) that maps to the visualization you want to display.

    For example, if you want to display a time chart, add | timechart() to your query:

    service = "payment-gateway-svc" | severity = ERROR | timechart()

  11. Click Apply to apply your changes, and then click Save dashboard.

Add a legend to classic dashboards

You can use Grafana field overrides (opens in a new tab) to add a legend to classic dashboards that include a LogScale query. The LogScale Query Language doesn't support a legend format. Use a field override to change the name displayed on your dashboard.

For example, your dashboard might contain a field named _count DELETE that you want to display as DELETE in the dashboard legend. Edit the dashboard panel and create a field override to change the display name for that field in the dashboard legend.

Express multiple queries with variables

You can create multiple queries in a dashboard, and use an expression to evaluate a math operator between the values that result from the two logs. These queries require a variable, which you create in your dashboard and then include in the query.

  1. Create a variable to reference in your dashboard. For example, a variable named severity that you reference for severity values such as INFO, WARNING, and ERROR.

  2. Write a query that references your variable and test it in Logs Explorer.

    To write a compound query including a variable, surround the entire query in brackets [] and include the variable you created in your query. You can then take the output of the math operator in your first query and use it in your second query.

    For example, the following query includes the $severity variable, performs two count() operations, and then divides the output of those operations:

    [{severity=$severity|count(as=_infoCount)},{count(as=_totalCount)}]
|ratio:= _infoCount/_totalCount

    You can also use a variable to represent a numeric value instead of a string.

  3. Choose one of the following options for your query:

Scheduled searchesExternal tasks