Welcome to the Seq documentation hub. You'll find comprehensive guides and documentation to help you start working with Seq as quickly as possible, as well as support if you get stuck. Let's jump right in!
I'm using Nlog in the application, I have two targets in the Nlog config file, one JSON target, and a Seq target. When I use the logger I'll have a JSON file by 10Kb in a day, while I check the folder in "C:\ProgramData\Seq\Extents" at the same time I have some files by 16MB in the folder. Why I have this difference?
Posted by eliteNeut about a year ago
Hello Community, I see that Seq 4.2 now allows multiple aggregate functions in the same column. However, whenever I try to do the following: `sum(last(Total))` I get the following error: ``` The query could not be executed. The function name `last` was not recognized; to search for text instead, enclose the filter in "double quotes". ``` I essentially have this `Total` as the last emitted value for the day, and this creates a nice layout of the last 7 days [using a helpful tip by Mr. Seq himself](https://nblumhardt.com/2018/02/last-day-log-searches/), but now I would like to roll up those 7 days and get the total and the average for the past week. Any guidance/pointers would be greatly appreciated! Thank you, Michael
Posted by Michael DeMond about a year ago
Because I didn't have proper retention policies in place, our Seq instance has events currently stretching back to October of 2017. What is the quickest way to purge everything older than, say, 14 days? I tried the "manual delete" function but I'm not sure it's doing anything, as I can watch the "Count in RAM" number continue to climb even though it should be deleting nearly all events.
Posted by Marty Tippin about a year ago
We have a seq server that is under pretty heavy load (60+million events/day). We are seeing peaks of 70+ thousand events/minute. This system will work fine for a few minutes, and then essentially stop responding for several minutes, and then work fine again - I think this has to do with the #events/minute, but I have not found proof of that yet. What I have found is these events in the ingestion log immediately after a period of lag. 2018-02-27 14:56:13 Exception raised when writing to event storage Microsoft.Isam.Esent.Interop.EsentVersionStoreOutOfMemoryException: Version store out of memory (cleanup already attempted) at Microsoft.Isam.Esent.Interop.Api.Check(Int32 err) at Microsoft.Isam.Esent.Interop.Api.JetGetTableColumnInfo(JET_SESID sesid, JET_TABLEID tableid, String columnName, JET_COLUMNLIST& columnlist) at Microsoft.Isam.Esent.Interop.Api.GetColumnDictionary(JET_SESID sesid, JET_TABLEID tableid) at Flare.Storage.Esent.Data.EsentDBSession.OpenTable(String tableName, Table& table, IDictionary`2& columns) at Flare.Storage.Esent.Data.EventsTable..ctor(EsentDBSession session) at Flare.Storage.Esent.EsentStorageExtent.Add(StructuredEvent[] events, Boolean lazyFlush) at Flare.Events.EventStore.Add(StorageEventCreationData[] eventsCreationData, Boolean lazyFlush) at Flare.Queries.DataStore.Add(StorageEventCreationData[] eventsCreationData, Boolean lazyFlush) at Seq.Server.Web.Api.RawEventsModule.Ingest() Additionally, though I don't have a capture of it, we have seen these events as well; EsentOutOfCursorsException
Posted by Gary McNickle about a year ago
Hi, Is there a way to set a log context for everything in aspnet's IHostedService? I know I could wrap everything in StartAsync and StopAsync inside using blocks, but interested to see if there's a nicer way! I've tried using the implementation factory delegate like this, but the ServiceName property doesn't carry across services.AddSingleton<IHostedService, BatchValidationService>((ctx) => { using (LogContext.PushProperty("ServiceName", "BatchValidationService")) { return new BatchValidationService( ctx.GetService<ILogger>(), ctx.GetService<IConfiguration>()); } });
Posted by Jim about a year ago
Hi I have a server with seq 3.3.23.0 with a lot of api keys, now we need to migrate to a new server, the new server has seq 4.2.476. I try to restore a backup, but, i got this error: Could not restore backup: The manifest was created by Seq version 3.3.23.0 but the current instance is version 4.2.476.0. There is a way to restore a backup from seq 3 to seq 4? o event better, there is a way to export and import only the api keys? Regards VictorV
Posted by Victor Velasquez about a year ago
Hello, we want to use Seq in a project with a very high event volume per day. There will be (on average) ~1.7 million events per day and an estimated ~0.3KB of data (JSON) per event. The events should be accessible for at least 30 days and archived > 90 days (there is currently no time limit defined). It's an existing .NET project of a customer in the logistics sector with 10+ desktop applications for which we want to replace the text-file logging, so we have it easier to search and analyze the logs. All logs are currently written on a windows network-share. We are already using Serilog for the logfiles, with Log4Net as sink (because Log4Net has been the original logging technology). We are also considering a 2nd instance of Seq server for long-time archiving (event forwarding). If that's not a recommended approach in this case, we would like to export the events for long-time storage (Seq.App.FileArchiveJson). It is very possible that we can reduce the amount of events per day in the future, but for now Seq server would have to handle the amount of events stated above. What i would like to have now, are a few pointers regarding Seq performance in such a scenario. Is it even possible/recommended? What hardware-recommendations could be given (the Seq server would be running in a VM)? And any other advice regarding Seq server performance in such a scenario. Kind Regards, Sven Moelter
Posted by Sven Moelter about a year ago
Hello, We have faced to an issue in a query using group by time(1d) in SEQ v4.1.7. When we fill in the dates from 1/1/2018 to 1/2/2018, we get dates from 31/12/2017 to 30/1/2018 in the result set. The 1 day offset was fixed changing the value of "Show timestamps in Coordinated Universal Time (UTC)" in our user preferences. But we realized that when we export as csv the result, the 1 day offset error is still here. How we can fix this issue? It is fixed in version 4.2.0. Thanks in advance
Posted by Francisco about a year ago
When I refresh my query to obtain events I seem to be not getting latest data and it seems to be limiting the amount of data returned. http://[MySeqServer]:5341/api/events/signal/signal-175?count=100 This is returning a json response which I'm happily consuming but... how do I tell it to get latest?... order by timestamp descending or pass in some date ranges? and when I remove the count... it seems to not return everything but is picking an arbitrary amount... like 146 records... I don't want all the records - I kind of wanted a certain amount of the latest records... maybe a days worth... ? What am I doing wrong? Help would be muchly appreciated :-) Thanks
Posted by Bob about a year ago
Dear all, is there a way to concatenate a string to a query result? For example in the following query: select count(distinct(serial)) as Connections from stream where @EventType = 0xa427ae96 limit 1 which gives me the number of different devices which have contacted my webservice, I would like to add at the end of the number a string like this: " out of XX". While I am able to add a number, like this: select count(distinct(serial)) + 10 as Connections from stream where @EventType = 0xa427ae96 limit 1 I do not know how to add a simple string. With best regards
Posted by Daniele about a year ago
Hello, We have a query using group by time(1d) in SEQ v4.1.7 . When we fill in the dates from 1/1/2018 to 1/2/2018, we get dates from 31/12/2017 to 30/1/2018 in the result set. It seems that there is a 1 day offset. How we can correct that. Thanks
Posted by Francisco about a year ago
We are trying to restore a backup and receiving the following error: [17:27:42 INF] Restoring from d:\Temp\seq-Prod_20180207.seqbac Could not restore backup: Error converting value "Pie" to type 'Seq.Server.Data.Documents.Monitoring.MeasurementDisplayT ype'. Path 'Charts[1].Queries[0].DisplayStyle.Type', line 1, position 633. Both servers are v4.1.14 Any help is much appreciated. - n
Posted by Nathan about a year ago
Hi, Sometimes we are experiencing weird situations with seq. Some of the events are sent to the seq server some not. I also developed simple unit test to check some formatting in seq and I don't see this logs in seq. Configuration is exactly the same like in application. Below I post my code: [SetUp] public void InitializeSequ() { LoggerFactory factory = new LoggerFactory(); factory.AddSeq("https://xxxxxxxxxl:5341/", "xxxxxxxxxxxx", LogLevel.Debug); _log = new LogService(); } [Test] public void ExecuteGeneric() { Action act = ()=> { try { InvokeExecuteGeneric(engine, formulaId, String.Empty, string.Empty, globals, compilationName); } catch (Exception e) { _log.Error(e); throw; } }; act.ShouldThrow<TargetInvocationException>(); } Can you tell me how to troubleshooting this type of issues? Check why we have not events on seq? Is there any seq log when error occur or something like that?
Posted by Marek Bigaj about a year ago
Hi, Sometimes we are experiencing weird situations with seq. Some of the events are sent to the seq server some not. I also developed simple unit test to check some formatting in seq and I don't see this logs in seq. Configuration is exactly the same like in application. Below I post my code: [SetUp] public void InitializeSequ() { LoggerFactory factory = new LoggerFactory(); factory.AddSeq("https://xxxxxxxxxl:5341/", "xxxxxxxxxxxx", LogLevel.Debug); _log = new LogService(); } [Test] public void ExecuteGeneric() { Action act = ()=> { try { InvokeExecuteGeneric(engine, formulaId, String.Empty, string.Empty, globals, compilationName); } catch (Exception e) { _log.Error(e); throw; } }; act.ShouldThrow<TargetInvocationException>(); } Can you tell me how to troubleshooting this type of issues? Check why we have not events on seq? Is there any seq log when error occur or something like that?
Posted by Marek Bigaj about a year ago
Hello, We're software reseller from Moscow, Russia. Our customer is interested in renewal Sec Business, Serial: SDES-01-3586495 Licensed-To: AO «Kaspersky Lab» Licensed-Users: 15 Enduser is Kaspersky Lab Please give me price and delivery information. Thank you in advance, Mikhail Kapyrin Systems 21 / Prodmag.ru email:[email protected] tel:+74996494952 tg:@mkapyrin http://www.prodmag.ru
Posted by Mikhail Kapyrin about a year ago