Skip to content
Last9
Book demo

Logs Explorer

Use Last9's native UI for logs with first-class search and filters — quickly view related logs, traces, and metrics by clicking on any log line.

Using Logs Explorer

You can start exploring logs by visiting Logs Explorer in Last9. The Log Explorer allows to filter logs by specific log attributes and resource info to slice and dice by various log dimensions, and view correlated telemetry.

Builder Mode

View of Builder Mode with a dropdown to select/unselect additional columns

Logs Explorer in Builder Mode with a dropdown to select/unselect additional columns

Last9 provides a native experience to explore your logs without using any query language.

  • Search:
    • With auto-complete support, service, severity, and body are first-class attributes
    • Supported operators are equal, not equal, contains, and does not contain
    • Edit the same attribute chip to add multiple values
  • Filters: Apart from severity and service, attributes and resources from the log lines in the selected time window are also listed. Click on only or all next to a filter item for quick actions.
  • Live Tail: A live stream of logs matching any filters, if applied. Useful to debug any instant changes to while deploying, etc. We recommened applying filters to narrow the scope of the Live Tail, which also helps improve the overall performance.
  • Time Picker: Select an absolute or relative time range. You can also switch between timezones.
  • Volume Chart: A stacked bar chart for the selected time window, color-coded to severity of the log lines.
  • Toggle Columns: Click on the settings icon on the top right of the table to add dynamic columns based on log attributes.

Editor Mode

Switch to Editor mode for advanced queries

Switch to Editor mode for advanced queries

You can write complex queries, with aggregations, that are LogQL-compatible using the Editor mode.

  • LogQL auto-completion is supported. Auto-complete for aggregation functions is WIP.
  • Aggregation queries are visualized as timeseries instead of as a volume bar chart.
  • Switching from Builder to Editor will convert any existing search to LogQL, but not vice versa.
  • Queries in Editor mode are not auto-run. Please click on the Run Query button or use the ⌘/Ctrl + Enter keyboard shortcut.

Read more about LogQL compatibility and supported functions.

Log Details

Log Details side panel with Related Logs tab

Log Details side panel with Related Logs tab

Clicking on a log line in Logs Explorer opens a side panel with additional context and information about the selected log line.

  • Content, with payload size and option to view as raw or JSON
  • Attributes of the selected log line
  • Resource Info of the selected log line
  • Related Logs, surrounding log lines for context — see details below
  • Related Traces, based on the service and other attributes of the selected log line
  • Related Metrics, visualizing CPU and memory utilization of the relevant container, instance, and pod resources

Creating Alerts from Queries

You can turn any log query into an alert using Scheduled Search. After running a query:

  1. Click on > “Save Query” in the top right
  2. Enter a descriptive name for your query
  3. Click “Save query & add alert”
  4. Configure your alert threshold, evaluation frequency, and notification channel

Learn more about Scheduled Search →

The Related Logs tab shows surrounding log lines from the same service, providing context for debugging and investigation. When you open this tab, the table automatically scrolls to the highlighted log line with a visual indicator.

Related Logs tab with context range selector

Related Logs tab showing context range options and custom range selector

Context Range

Select how many log lines to display before and after the highlighted log:

OptionDescription
±20Default. Shows 20 lines before and after the selected log
±50Shows 50 lines before and after
±100Shows 100 lines before and after
CustomSet different values for before and after (up to 1000 lines each)

Timestamp Display

Toggle between timestamp modes using the icons in the controls bar:

ModeIconDescription
RelativeTimerShows time offset from the highlighted line (e.g., -2s, +500ms)
AbsoluteCalendarShows the full timestamp for each log line

Relative timestamps make it easier to understand the sequence and timing of events around the selected log.

Display Controls

ControlDescription
Wrap LinesWraps long log messages to fit the panel width for easier reading
Show AttributesDisplays log attributes (like severity, trace ID) alongside the message

Query Library

Query Library side panel with recent and saved queries

Query Library side panel with recent and saved queries
  • Recent Queries: This is a history of queries made by you.
  • Saved Queries: This is a list of queries saved by your team or you. Queries can be shared with the team or be kept private.

Troubleshooting

Please get in touch with us on Discord or Email if you have any questions.