The Log Patterns feature dissects incoming logs and groups them according to detected patterns. As your logs come into Kibana, you’ll see how they fit into existing patterns, in real time.

The Log Patterns view shows how often each pattern happens. So you can quickly identify unique or unusual events, as well as recurring and repetitive events.

You can use log patterns to surface logs you might have otherwise missed, or you can use it to identify unnecessary logs that you no longer want to ship to your account.

Log patterns

Log Patterns lives alongside your logs in Kibana. You can see patterns under the Patterns tab, while the familiar Discover view is now under the Logs tab.

Understanding Log Patterns

Log patterns

Time
The timestamp of the first log with this pattern in this time range.
Count
The number of logs with this pattern in this time range. You’ll see patterns with the highest counts at the top of the Patterns list by default.
Ratio
The ratio of logs with this pattern, as compared to total logs in this time range.
Pattern
The pattern itself. Data types (such as IP addresses, numbers, or URLs) are shown in brown. Hover over a pattern to see the familiar Kibana filter controls.

Logz.io calculates Time, Count, and Ratio using the Kibana time range. In other words, when you change the time range, Time, Count, and Ratio are recalculated. Kibana’s default time range in 15 minutes.

You can sort the list by time, count, or ratio.

Exploring log patterns

Patterns comprise two parts: constants and variables. This example contains both:

Log patterns

Constants are displayed as is. In this example, Duplicate entry and for session are constants. So those exact phrases are in all logs with this pattern.

Variables are highlighted and categorized by data type (e.g., Number, Ip, Url, Date). In this example, Logz.io identified Email and Guid data in all logs with this pattern.

If a variable wasn’t tagged with a data type, Logz.io marks it with a wildcard expression: .*.

What data will I see?

Log Patterns recognizes these types of data:
Ip, Email, Url, Number, Path, Guid, Hash, Syslogtimestamp, Date

To see logs according to a pattern

  • Roll over a pattern to see the Kibana filter controls.
  • To see the logs that match a pattern, click the + magnifying glass.
  • To see only the logs that don’t match a pattern, click the - magnifying glass.

You’ll be taken to the Discover tab, where you’ll see the logs that match your filter.