Welcome to the Seq documentation hub. You'll find comprehensive guides and documentation to help you start working with Seq as quickly as possible, as well as support if you get stuck. Let's jump right in!
I just upgraded from 4.1.x (for some x) to 4.2.1113. Something changed that has broken my workflow. When I want to filter by just barely including or excluding an event, I would copy the displayed time stamp of the event to either the "from" or "to" text box. This worked fine in the whatever version of 4.1 that I had, but this does not work in version 4.2.1113. In this newer version, the displayed time stamp looks like 23 Jan 2019 01:23:45.678 but the "to" and "from" text boxes don't like that format. Instead, it seems they require time stamps like 2019-01-25 01:23:45.678 Is this the expected behavior? What is the fastest way in version 4.2.1113 to copy the time stamp of an event into the "from" or "to" text box in an accepted format?
Posted by Tyson Williams about a year ago
According to the docs, up until v4.2 importing IIS log files was supported by using a third party tool: "The SeqFlatFileImport tool from Octopus Deploy is an alternative that's capable of reading unstructured (plain text) and IIS log files." (https://docs.getseq.net/v4.2/docs/importing-log-files). This information is missing on the docs for v5 (https://docs.getseq.net/docs/importing-log-files). Are IIS log files not supported anymore starting from v5?
Posted by Laurens about a year ago
I am trying to create a pie chart as seen in this example https://docs.getseq.net/docs/dashboards#section-pie However, under "Type", my only options are "Bar", "Line", "Point", and "Value". Am I doing something wrong? Is there some other choice that I need to make somewhere else in order to see "Pie" show up in that list?
Posted by Tyson Williams about a year ago
Steps with actual behavior: 1) open your events page 2) enter in the "to" field a time like 2019-01-14 00:34:56.789 3) observe that the URL of the page has changed to end with something like events?to=2019-01-14T06:34:56.789Z The hour and day may adjust according to your time zone (like it did for me) but the value after the decimal place is still exactly "789". 4) refresh the page 5) observe that the URL is unchanged 6) observe that "to" field has changed to something like 2019-01-14 00:34:56 7) open the calendar by clicking on the "to" field 8) close the calendar by clicking somewhere else 9) observe that the URL of the page has changed to end with something like events?to=2019-01-14T06:34:56.000Z Expected behavior: In contrast to the actual behavior in step 6, I expected the "to" field to be unchanged after refreshing the page.
Posted by Tyson Williams about a year ago
How can we throttle incoming exceptions/batches/events on the Seq side so that Seq doesn't possibly fail when all instances/applications logging to it start screaming? I know that in Settings -> System there's "Raw ingestion payload limit" but that's more related to one client but what if all clients start having problems? Altogether mass of data might be significantly larger. Also I'm aware of batchPostingLimit / queueSizeLimit in Seq sink i.e. on client side which altogether should be good protection but still thinking about something on the Seq side. Any thoughts?
Posted by Rastislav Marko about a year ago
The documentation at https://docs.getseq.net/v5.0/docs/using-powershell instructs you to have a file called Seq.psm1 alongside your script. The quote is shown below. "With the Seq.psm1 module in the same folder as the script, the example below shows how events are written:" However I can not find Seq.psm1 anywhere. It isn't in the Powershell gallery, a search in the datalust github repo didn't reveal anything, and the only mention of Seq.psm1 in the documentation is that one quote. Can someone point me to where this file is made available?
Posted by Matthew Casperson about a year ago
Hi, I have the below complex object stored in SEQ. What would be the filter syntax if I want to filter for c.MyList3.Prop1 = "Prop1 Value"? Thanks { "Timestamp": "2019-01-11T15:22:08.8124026-05:00", "Level": "Information", "MessageTemplate": "{@c} order.", "Properties": { "c": { "_typeTag": "C", "MyList3": [ { "_typeTag": "B", "Prop1": "Prop1 Value", "Prop2": 9078, "Dt": "0001-01-01T00:00:00" } ], "Customer": "cust1", "Order": "1234", "ChildClass": { "_typeTag": "B", "Prop1": "Popr 1 Value", "Prop2": 9078, "Dt": "0001-01-01T00:00:00" }, "Dt": "2019-01-11T15:22:08.6414048-05:00" }, "ThreadId": 1, "ApiVersion": "1.2.5000" } }
Posted by Stephane Murphy about a year ago
I am trying to find a way to filter out certain noise logs within Seq. With some properties I can just exclude a given value, but for certain properties like collections, the only option is to exclude everything that has that property. What I want to be able to do is define a filter like: Has(Scope) AND Scope[?] = "HealthReportCollector is collecting health checks results." And then say exclude these results. Is there a way to mark a filter as an exclude besides the options when clicking on the x by properties?
Posted by Dan Johnson about a year ago
Hi all We're using AD for our logins to seq's web UI. We have had issues with our AD setup before where SEQ is unable to connect which means we aren't able to login. We use AD for other features in our app, if AD goes down, we aren't able to login to diagnose. Is there a way to configure a single user that isn't tied to AD that will let us login? Regards Ray
Posted by Ray Booysen about a year ago
We are using Serilog/Seq, like this: > _logger = new LoggerConfiguration().WriteTo.Seq(seqServerUrl, apiKey: decryptedSeqApiKey).MinimumLevel.Debug(). Enrich.WithProperty("Environment.SourceName", WebConfigurationManager.AppSettings["seq.Environment.SourceName"]). Enrich.With(new AuditLogEnricher(mapDataDelegate)). CreateLogger(); However this configuration does **not** throw an exception when the batch-sending fails - and we would very much like to *detect* when SEQ isn't available, so that we can put our application in *suspended' mode - while we (or the network or hosting guys) fix the issue and then resume normal operation subsequently. Ps. We are using SEQ as a sink for our AuditLog and having traceability broken would be a problem (at least for a longer period of time). Changing WriteTo -> AuditTo might not be an option, since that AFAIK sends every log synchroniously, thus becoming very bandwith/network traffic heavy and also slowing down the application while we wait for the logging to complete. **Any good ideas on how to approach this?** Ps. We have thought about creating a 'job' that uses AuditTo as a kind of Heartbeat every 5 minutes - and then putting the entire application in 'suspended' mode if it fails. But that solution kind of feels like a workaround...
Posted by Allan Fejerskov Ravn about a year ago
The wording: "Add extended support to receive a discounted yearly rate." is confusing. It sounds like there is still an annual fee when choosing the three-year price. Please confirm: Does the three-year pricing ($1380) require any other funds within the three years?
Posted by Ken Springsted about a year ago
We have been considering the Pros and Cons of using SEQ as the repository for our AuditLog. I have read a few questions in this forum (eg. [This] (https://docs.getseq.net/discuss/5818946bb1e11c1900bf76b2) and [This](https://docs.getseq.net/discuss/58401d08de0ace190064cec5) ). However I still have a few questions: **What's the difference between WriteTo and AuditTo?** Assuming that the SEQ server and the connection to the SEQ server doesn't go down - I would guess that WriteTo still maintains the same sequence of events as AuditTo? Or that this problem could be solved using a timestamp generated in the client code? As far as I have understood this - just using WriteTo and not generating the 'auditing timestamp' - but relying on the SEQ server timestamp will actually be a problem for the sequence? **Is there a difference with exceptions, when using WriteTo and AuditTo?** In one of the previous post - answers you wrote: > AuditTo has the advantage of logging synchronously and propagating any exceptions, > but of course comes with a corresponding performance cost. You could use a second > server and WriteTo if guaranteed audit logging isn't a strict requirement. Could you try and explain this in a bit more detail? **Is performance good enough?** When sending both regular 'warnings and errors' to SEQ the number should be pretty low, but including an audit trail for each user severily increases the number of events sent to SEQ. Do you have a kind of 'formula' to use when trying to estimate disc usage and other HW specs? The reason I'm asking is that it could be a requirement to keep this kind of data between 1-5 years and I'm kind of worried that disc space especially could be an issue - because the auditlog cannot be deleted and it should also still be searchable. **Could you perhaps add a seperate documentation section about using SEQ as AuditLog?** SEQ has many advantages and I'm assuming that we are not the first ones considering to use SEQ as a audit log repo - it might be worth it to keep a seperate link on the documentation page about this. Just describing those 'special concerns' that needs to be thought about when using SEQ for this fairly important log.
Posted by Allan about a year ago