Logs tab
The Logs tab provides a structured, searchable view of logs collected from across your infrastructure, supporting multiple log sources depending on the Node's operating system.
Log sources
The Logs tab displays log entries from the following sources:
- systemd-journal — reads logs from
systemdjournald on Linux Nodes. See the Systemd Journal Plugin Reference for details on journal sources, fields, and query performance. - otel-logs — displays logs received via OpenTelemetry (OTLP) log ingestion. See the OpenTelemetry Signal Viewer plugin for setup and configuration.
- Windows Event Logs — reads Windows event logs on Windows Nodes. See the Windows Events Plugin Reference for supported event channels and configuration.
You can also display custom application logs, such as web server access logs, under the systemd-journal source by piping them into systemd journald using log2journal and systemd-cat-native. For example, use the built-in nginx-combined log2journal configuration to pipe nginx access logs.
For comprehensive documentation on log centralization and configuration, see Working with Logs. To keep custom log pipelines running persistently, create a systemd service unit and use LogNamespace to isolate piped logs from system journal entries. See the log centralization points guide and Monitor Nginx or Apache web server log files for setup details.
systemd journal plugin reference
The systemd journal plugin is the primary log source for Linux systems. The systemd journal plugin documentation covers:
- Key features the plugin provides
- Journal sources
- Journal fields
- Full-text search
- Query performance
- Performance at scale
We recommend reading through that document to better understand how the plugin and the visualizations work.
Do you have any feedback for this page? If so, you can open a new issue on our netdata/learn repository.