- Log Stream Overview
- Parser Manager
- Parsers Overview
- View Parser Details
- Create a Custom Parser
- Import Sample Logs
- Define a Subset of the Sample Logs
- Add Conditions
- Add Basic Parser Information
- Extract Event Fields
- Extract Mapped JSON Fields
- Select JSON Fields from a List of Key/Value Pairs
- Select Tokenized JSON Fields from the Values in the Sample Log
- Manually Enter JSON Path Expressions
- Reorder Mapped JSON Fields
- Review the Matching JSON Fields and Values
- Add Logic to JSON Field Extraction
- Expressions for Extraction Conditions
- Array Log Sample
- Extract Fields Using Regular Expressions
- Extract Mapped JSON Fields
- Add Event Builder Rules
- Review and Save Parser
- Manage Existing Custom Parsers
- Tokenize Non-Standard Log Files
- Customize a Default Parser
- Duplicate a Parser
- Enable or Disable Parsers
- Live Tail
- Enrichments
- Event Filtering
Live Tail Homepage
Use Live Tail to:
View and filter pipeline data sampled by Live Tail on keywords, and create custom streams.
Stream and pause parsed and unparsed data from the pipeline in near real time.
Analyze and troubleshoot a parsed log.
You can access Live Tail in either of the following ways:
From the Log Stream home page click the Live Tail tab. Live Tail opens, and you to use the search bar to filter and search your data.
On the Parsers Overview tab, select a parser from the list, click the menu (
) and select View logs in Live Tail. Live Tail opens with the parser information loaded into the search bar. Corresponding log events begin streaming and display on screen automatically.
If the volume of logs for the selected parser is so low that no examples are displayed, you will see the following message:
 |
When this happens, you can still view logs from the Live Tail interface by clicking Search for logs. Live Tail will retrieve the logs parsed over the previous 24 hours, rather than waiting for logs parsed in real time. To return to waiting for logs parsed in real time, click 
in the upper right corner.
 |
If there have been no logs parsed by the selected parser over the previous 24 hours, you will see the following message:
 |