Skip to main content
Version: Spectra Detect 6.0.0

Spectra Detect Logs — LogQL Query and Search

important

This section is only available in Kubernetes microservices deployments.

Administration > Logs

The Logs page provides a centralized interface for searching, filtering, and analyzing logs from all Spectra Detect microservices using LogQL (Log Query Language). This feature enables administrators to troubleshoot issues, monitor system behavior, and audit operations across the deployment.

Accessing Logs

Navigate to Administration > Logs to access the log search interface.

Query Interface

The Logs page includes the following components:

  • LogQL Query Field: Enter LogQL queries to filter and search logs. The default query is {namespace="default"} |= "error", which displays all error-level logs from the default namespace.
  • Time Range Selector: Select the time range for log retrieval. Options include:
    • Last Hour (default)
    • Custom time ranges
  • Log Type Filter: Filter logs by severity level:
    • All Types (default)
    • Debug
    • Error
    • Info
    • Unknown
    • Warn
  • Run Query Button: Execute the LogQL query to retrieve matching logs.
  • Export Button: Export the current log results as a CSV file for offline analysis or archival.

Log Display

The log results are displayed in a table format with the following columns:

  • Time: Timestamp of the log entry in UTC format.
  • Namespace: The Kubernetes namespace where the log originated (e.g., default).
  • Pod: The pod name that generated the log entry (e.g., sdm-micro-sdm-portal-0).
  • Type: The log severity level (Debug, Error, Info, Unknown, Warn).
  • Message: The full log message content.

Log Severity Indicators

Log counts by severity level are displayed above the results table:

  • Debug: Development and diagnostic information
  • Error: Error conditions requiring attention
  • Info: Informational messages about normal operations
  • Unknown: Logs without a recognized severity level
  • Warn: Warning conditions that may require investigation

Using LogQL Queries

LogQL is the query language used to filter and search logs. For complete LogQL syntax and query examples, see the Grafana Loki LogQL documentation.

note

Only log queries are supported. Metric queries are not supported in this interface.

Exporting Logs

To export log results:

  1. Run your LogQL query to retrieve the desired logs.
  2. Click the Export button in the top-right corner.
  3. The logs will be downloaded as a CSV file for offline analysis.

API Access

The Logs feature also provides API endpoints for programmatic access to log data. For API documentation and usage examples, navigate to Help > API Documentation in the Spectra Detect Manager interface.