And it was mentioned that Graylog 3.0 should have something alike.
However, I just attended the Graylog 3.0 sneak-peak with Lennart, but there wasn’t any condensed / compact dash of the “All Messages”. Hence, I asked about that in the Q&A and it seems like this basic functionality hasn’t been thought of, at least not until now.
Graylog is a great tool with a lot of advanced features, we like it! But it’s sad that is misses such a basic use-case then it comes to “log workflow”. Why should one need to have another tool for doing “tail -f” on the logs then Graylog have all the rest…
So, please consider adding a condensed / compacted view option (single line) for Graylog 3.0. tail -f has been around for ages…
Heh, it’s an interesting thought for sure! One could add a new button to the search page, which you could click after performing your query. Said button could pop out a new screen / tab, which has nothing but the query results scrolling in tail -f fashion. No other UI elements, save perhaps the query bar at the top so you can adjust…
I’m imagine it as just a toggle button that says “compact (view)” or something similar, so all these “nice” multilines becomes compacted single lines of logs with just the default fields as standard (timestamp, source and message). Yes, the query bar at the top is useful. Adding and removing fields could also be useful, but it should not sit there and take up a lot of screen-space (as it does in graylog 2.x)
One other important difference is that the log flow also would go from top to bottom (like a regular tail -f) so newest line always get appended below the last line.
The devs refuse to use Graylog now since it doesn’t provide this basic function, which is unfortunate
While I can see their point from a usability PoV, your devteam may have a case of prima donna syndrome on their hands
Now, seeing how Graylog is an open source project, if your devs have some spare time they could perhaps whip up this improvement themselves! Instead of fighting the tool you provide, they could improve upon it!
Yes, if we used Java we’ve would have given it a shot. But since we don’t, we’re out of luck…
But to be honest, I think it’s a very basic (log) workflow that basically everyone has used from time to time, so I don’t understand why this hasn’t been thought of and implemented before…
Hey now… While you’re waiting for Graylog to implement this, I’ve found a few tools that will allow you to run a tail -f-like situation against ElasticSearch!
Better than nothing And you can still run queries, to filter just the stuff you’d like to see.
Of course you’ll need to make an additional read-only ElasticSearch account for your devs to use, so they don’t use your Graylog creds to muck about in the indices.
So, please consider adding a condensed / compacted view option (single line) for Graylog 3.0. tail -f has been around for ages…
if the given “auto update” in Graylog is not enough and the customisation options in the extendet search found in Graylog 3.0 does not follow your usecase, why not describe a proper feature request for the devs
instead of blaming that something is not implemented it is more helpful giving a detailed description what is missing and why this is missing in your world.
I see currently two feature request - maybe even three in your blaming that all together build something like the CLI command tail -f.
you want a compact view of the log messages
what does that mean? All fields after each other like you would see it in the CLI Tool?
should it be configurable what fields can be seen?
what is a “compact” view for you? What elements should be not present?
could you give a mockup how you want it?
you want certain elements of the UI removable
what elements should be removable?
should this be something that can be saved and returned to?
should that be something that is sharable with others?
the order of messages should be not top to buttom
you want new lines appear at the end of a search
how should your browser handle that?
how many lines should be present in the screen until you can’t scroll up?
your log workflow is not possible with Graylog
what is missing, what would it need?
what is your workflow?
Graylog is not just a replacement for CLI Tools to have them in the browser - as it is open source, contribute with ideas. Suggest them with examples and descriptions why you need them - than it is more likely that it will be placed in the product. When you only demand options and features to be present, consider buying Graylog Enterprise including a Support Contract to support the development of Graylog.
Sorry if this was taken as blaming. In my post I did write:
Graylog is a great tool with a lot of advanced features, we like it!
But since the topic seems just recently thought of and perhaps not even going to be implemented at all, referring to Lennart’s answer given in the Graylog 3.0 sneak-peak Q&A,
but it was sort of promised earlier:
So, I thought this needed to be brought up for discussion in the forum again, in hope of getting more traction.
instead of blaming that something is not implemented it is more helpful giving a detailed description what is missing and why this is missing in your world.
I see currently two feature request - maybe even three in your blaming that all together build something like the CLI command tail -f .
I’ll chime in and say that our devs who have recently been thrown at Graylog (as opposed to Kibana) have only nice things to say about it, but… they do miss being able to tail -f things. They’ve said this about Kibana as well, but it seems to be a common feature request amongst developer types.
Since I do know enough Java to be dangerous I considered doing a plugin, but the documentation on how to start a plugin seems to be somewhat out of date and I haven’t yet gone through the googles to find the current way of doing it.