Getting Started

Congratulations! If you're reading this, you have probably installed the Scalyr Agent and begun uploading your logs. (If not, you might want to hop back to the Agent Installation page and get that out of the way.)

Here, we'll give a quick introduction to the Scalyr site. With Scalyr's unified approach to server monitoring, you can perform a broad array of tasks — from basic uptime monitoring and error alerts, to capacity planning, bug forensics, performance investigations, and more. It's worth spending a couple of minutes to learn the basic concepts before you dive in.

All Server Data in One Place

Scalyr provides a home for all of your server data, from system metrics to logs to monitoring probes. Each log message or monitoring report becomes an event, consisting of one or more fields. For instance, consider this entry from a web access log: - - [06/Mar/2014:14:04:15 +0000] "GET /healthcheck HTTP/1.1" 301 - "-" "Pingdom.com_bot_version_1.4_(" 1 "-"

Some of the fields in this event:

method    GET
uriPath   /healthcheck
protocol  HTTP/1.1
status    301
agent     Pingdom.com_bot_version_1.4_(

Fields are a powerful tool for searching and analyzing data. You can group your web traffic by URL to find the most popular, largest, or slowest pages. You can see which pages are consuming the most bandwidth, or triggering the most errors. You can graph responses times and sizes, and alert if the average response time exceeds some threshold. And with all your server data in one place, you can combine system metrics with access logs in a single dashboard, or generate alerts from both log messages and external monitoring probes.

Servers, Logs, and Events

Each event is associated with the server (aka "host") it came from. In the Scalyr Agent configuration, you can specify fields for a server — for instance:

server      staging-frontend-7
tier        frontend
group       staging
datacenter  aws-us-east-1a

A server's fields are attached to every event from that server. You can use these fields to organize data, graphing response times for staging servers in us-east, or alerting if there are errors on any production database server in any data center. Scalyr does not dictate server fields; you can organize your servers using any field names and values you like. You can also specify fields for each log, to distinguish between services running on the same machine.

Log Parsing

Scalyr's tools gather some data for you automatically, such as server CPU and disk metrics. These events are automatically organized into fields:

metric     proc.stat.cpu_rate
type       iowait
value      7.193473108

Logs, however, require a log parser to identify fields. The parser is a configuration file accessed from your account, and it specifies the rules for parsing log messages into fields.

We provide built-in parsers for common log formats such as web access logs, MySQL and PostgreSQL database logs. For other logs, you can create your own parser using our powerful tools, or just click a button and we'll take care of it for you (no extra charge!).

For more information on parsing log files, see Log Parsers. See Built-In Parsers to view our built-in parser files, and Pre-Built Parsers to view some pre-built parsers.

Working With Data

A great way to dive into your data is to click Search -> Search to access the Search view page.

From here, you can search your logs by typing in the Search field (1). Numbers, punctuation, or phrases must be enclosed in quotes. For example, error, "503", and "customer 1309".

You can also narrow your search by filtering on various attributes (fields) in your events. You can reference a field in the Search box by just typing it, for example serverHost == 'appserver-4', or status>=500 status<=599.

As you type your text is parsed and presented in an easy-to-read form. Fields, operators, and values are differentiated via highlighting.

The left-hand sidebar helps with viewing fields. Two of the most common attributes - the server and the filename - have dropdown menus to let you quickly add matching filters to your search (2). If you're using Kubernetes these will allow you to search cluster and controller name, respectively.

Below these boxes is an alphabetically-arranged list of fields found in the events matching your search (3). Click on a field to bring up a list of its most common values; from there click on the == and != symbols to include (or exclude) these values from your search.

Click on any event to see details, including all fields of the event, and the log and server it came from (4). Here you will also find an array of tools for finding events related to the selected event.

For more information about everything you can do on this page, see the Search overview.

Enough Reading

There's lots more to say, but we promised this introduction would be quick. From here, you can head to the Solutions Gallery and start getting things done. If you'd like to read more before diving in, the links in the upper-left side of the page provide complete documentation for everything you can do with Scalyr.