Welcome to the Seq documentation hub. You'll find comprehensive guides and documentation to help you start working with Seq as quickly as possible, as well as support if you get stuck. Let's jump right in!
Hi all, We are still in the early days of seq and so we are attempting to balance our desire for retention with the need to keep disk space open. Seq is installed to its own drive, but it appears I only have the option to set a number of days to retain items. Is it possible to set an amount or percentage of disk space, after which time log files are deleted in the order of oldest logs first? Currently, I'm forced to set retention way lower than we want so that the disks we've been allocated don't fill up, but I have no idea what the peaks & valleys of our ingestion needs will be.
Posted by Sean Killeen 3 years ago
Hello, Is it possible to authenticate using datalust Seq API when AAD authentication is enabled. If not are there any other ways to get past the authentication? The point is that I need to create new SEQ API key using my .NET application. Thanks
Posted by Martynas 3 years ago
Hello, We are having very poor performance in our queries, especially SQL type queries that aggregate data. Do the queries normally rapidly lose performance with a lot of data? We have millions of records for each month. What is the recommended/safe record count/size to store over time, given a 90-day retention period? What exact options can I take to improve the performance of Seq? Thanks
Posted by Delano Cooper 3 years ago
I'm thinking of adding a middle tier in-front of SEQ using Azure Event Hubs. I know there are sinks to Serilog for example to write data to Event Hubs, but I'm looking into *reading* from an event hub and injecting it as SEQ messages. I'd like to run this as an app inside SEQ. Is there a way for a SEQ app to *inject* messages (for various api keys as well)?
Posted by Hakan Lindestaf 3 years ago
I have been using Seq for my application analysis and it has been working wonderfully. However, one problem I have been running into is that of grouping large sets of data. I have a query that creates groups how I would like, however each group has a significant number of rows when I am really just interested in the first one. Is it possible to return the first row of each group? I did look into the first() method but that appears to work on the entire result set. Thank you for any assistance you can provide, Michael
Posted by Michael DeMond 3 years ago
Hello! I need to correlate events by long integer property. When I click "Find" on the property, I get imprecise value in the filter, so no events returned. It seems weird. Current workarounds: - download raw event and use right value; - write values as strings. Is there a better way to get precise long value of a property? Best Regards, Alexander.
Posted by Alexander 3 years ago
I am calling into seq from a ssis package using the raw posts. Quite often those calls do not get through. The post call just takes a very long time and eventually imes out. Even retries fail. Messages I am posting are quite small. Allowing buffered writes feels like it's helpped but I am just not getting through consistently. I am also experiencing same issues in multiple environments so it is related to a particular instance Is there anything else I could try? The code is c# : using System; using System.Collections.Generic; using System.Data.SqlClient; using System.Linq; using System.Text; using System.Web.Script.Serialization; namespace Seq { public class SeqProxy { private readonly string rawUrl; public SeqProxy(string url) { rawUrl = url; } public void LogEvent(LogLevel level, string correlationId, string messageTemplate, Exception exception, Dictionary<string, object> properties) { var re = new RawEvents { Events = new[] { new RawEvent { Level = level.Name, Timestamp = GetJsonDate(), MessageTemplate = messageTemplate, Exception = exception==null ? "" : exception.ToLogString(), Properties = properties.Union(new Dictionary<string, object> { {"CorrelationId", correlationId}}).ToDictionary(x=>x.Key,x=>x.Value) } } }; var m = new JavaScriptSerializer().Serialize(re); try { HttpPost(rawUrl, m); } catch (Exception) { //retry try { HttpPost(rawUrl, m); } catch (System.Exception) { //Ignore seq failure - ocasionally seq fails with timeout. Retry should normally fix it but if it doesn't we don't need to fall over because of it. } } } private static string GetJsonDate() { var dt = DateTime.UtcNow; TimeZoneInfo localZone = TimeZoneInfo.Local; return String.Format("{0}-{1}-{2}T{3}:{4}:{5}.{6}{7}{8}{9}", dt.Year, dt.Month.ToDatePart(), dt.Day.ToDatePart(), dt.Hour.ToDatePart(), dt.Minute.ToDatePart(), dt.Second.ToDatePart(), dt.Millisecond, (localZone.BaseUtcOffset >= TimeSpan.Zero) ? "+" : "-", Math.Abs(localZone.BaseUtcOffset.Hours), Math.Abs(localZone.BaseUtcOffset.Minutes)); } private static void HttpPost(string url, string message) { System.Net.WebRequest req = System.Net.WebRequest.Create(url); req.ContentType = "application/json"; req.Method = "POST"; req.Timeout = 120000; byte[] bytes = System.Text.Encoding.UTF8.GetBytes(message); req.ContentLength = bytes.Length; using (System.IO.Stream os = req.GetRequestStream()) { os.Write(bytes, 0, bytes.Length); os.Close(); } System.Net.WebResponse resp = req.GetResponse(); } } public class LogLevel { public string Name { get; private set; } public static LogLevel Verbose { get { return new LogLevel { Name = "Verbose" }; } } public static LogLevel Debug { get { return new LogLevel { Name = "Debug" }; } } public static LogLevel Information { get { return new LogLevel { Name = "Information" }; } } public static LogLevel Warning { get { return new LogLevel { Name = "Warning" }; } } public static LogLevel Error { get { return new LogLevel { Name = "Error" }; } } public static LogLevel Fatal { get { return new LogLevel { Name = "Fatal" }; } } } public class RawEvents { public RawEvent[] Events { get; set; } } public class RawEvent { public string Timestamp { get; set; } // Uses the Serilog level names public string Level { get; set; } public string MessageTemplate { get; set; } public Dictionary<string, object> Properties { get; set; } public string Exception { get; set; } } public static class SeqExtensions { public static string ToDatePart(this int part) { return part.ToString().PadLeft(2, '0'); } public static string ToLogString(this Exception exception) { var sb = new StringBuilder(); sb.Append(Environment.NewLine); sb.Append("Error Details: " + Environment.NewLine); sb.Append("Source: " + exception.Source + Environment.NewLine); sb.Append("Message: " + exception.Message + Environment.NewLine); sb.Append("StackTrace: " + exception.StackTrace + Environment.NewLine); sb.Append(GetInnerExceptionsAsString(exception)); return sb.ToString(); } private static string GetInnerExceptionsAsString(Exception ex) { if (ex is SqlException) { return SQLErrorToString(ex); } else { return InnerExceptionToString(ex); } } private static string InnerExceptionToString(Exception ex) { var sb = new StringBuilder(); bool b = true; string newLine = Environment.NewLine; while (b) { ex = ex.InnerException; if (ex != null) { sb.Append(newLine); sb.Append("Inner Error: " + newLine); sb.Append("\tSource: " + ex.Source + newLine); sb.Append("\tMessage: " + ex.Message + newLine); sb.Append("\tStackTrace: " + ex.StackTrace + newLine); } else { b = false; } } return sb.ToString(); } private static string SQLErrorToString(Exception ex) { var sb = new StringBuilder(); string newLine = Environment.NewLine; foreach (SqlError err in ((SqlException)ex).Errors) { sb.Append(newLine); sb.Append("SQL Error: " + newLine); sb.Append("\tMessage: " + err.Message + newLine); sb.Append("\tLineNumber: " + err.LineNumber + newLine); sb.Append("\tNumber: " + err.Number + newLine); sb.Append("\tProcedure: " + err.Procedure + newLine); sb.Append("\tServer: " + err.Server + newLine); } return sb.ToString(); } } }
Posted by Zak 3 years ago
After aprox. 20 hours of running, we are not being able to reach the Web UI (even from the same server that seems to work correctly during the down times). It site comes and goes but it is mostly unavailable until we restart the SEQ windows service. We reviewed the logs in the storage folder and saw no errors or warnings indicating any performance drop or issue. It worth mention that while the UI is unavailable the SEQ process is consuming arround 45 GB of 56 available (systemRamTarget is set to 0.9) Can you help us to troubleshoot this issue? addtitionnlay since we updated to the latest version the logs seem to be in a different format: before: 2017-10-03 00:07:07.635 +00:00 [Information] Retrieval of StorageRange { RangeStartUtc: null, RangeEndUtc: null, IsRelevantEventTypeHash: null, Direction: Backward, StartFromKey: null, ..... after: {"@t":"2017-10-11T00:15:24.5717232Z","@mt":"Deduplication buffer renewed on reaching {@Shared}","Shared":{"Schemata":361,"Strings":213050},"SourceContext":"Flare.Events.Cache.SegmentCache", .... do we need to configure anything to have the logs formated as before (version 3.4.20) Here is the summary for the diagnostic report (after 9 hours of running) ==================== 1. Executable -------------------- Seq Version : 4.1.17 Bitness : 64 Framework Version : 4.0.30319.42000 ==================== 2. Operating System -------------------- OS Caption : Microsoft Windows Server 2012 R2 Datacenter OS Version : 6.3.9600 OS Bitness : 64 ==================== 3. Processor #1 -------------------- Description : Intel64 Family 6 Model 45 Stepping 7 Cores : 8 ==================== 4. Error -------------------- Diagnostic reporter Seq.Server.Features.Diagnostics.ProcessorReporter failed. System.Management.ManagementException: Not found at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode) at System.Management.PropertyDataCollection.get_Item(String propertyName) at System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) at Seq.Server.Features.Diagnostics.Wmi.Processor.get_IsNumberOfEnabledCoreNull() at Seq.Server.Features.Diagnostics.ProcessorReporter.Report(DiagnosticReport report) at Flare.Diagnostics.Reporting.DiagnosticReportCollector.CollectDiagnosticReport(TextWriter output) ==================== 5. System Memory -------------------- Physical Total : 60129071104 Physical Available : 15745794048 Physical Utilization: 0.73813342267061 Commit Limit : 174610165760 Commit Peak : 121895325696 Commit Total : 44744867840 Process Count : 52 Handle Count : 43589 Thread Count : 985 Kernel Total : 1585152000 Kernel Paged : 186847232 Kernel Non-paged : 1398304768 Page Size : 4096 System Cache : 15859699712 ==================== 6. Process Memory -------------------- Working Set (Environment): 4113080320 Working Set : 38472822784 Paged : 38470361088 Paged System : 832224 Non-paged System : 21283839 Private : 38470361088 Handle Count : 23401 Thread Count : 259 ==================== 7. Process -------------------- Uptime : 09:09:34.1042925 Thread Pool Threads Available: 32761 Thread Pool IOCP Threads Available: 969 ==================== 8. System Storage -------------------- Space Remaining : 2311537541120 ==================== 9. Event Storage -------------------- First Extent Range Start: 2015-09-02T00:00:00.0000000Z Last Extent Range End: 2017-10-18T00:00:00.0000000Z ==================== 10. Event RAM Cache -------------------- Days Cached : 5.25 Events Cached : 12093304 Is Warming Up : Yes ==================== 11. Configuration -------------------- Preferred Storage Engine: <null> LMDB Extent Map Size: 200000000000 System Memory Utilization Target: 0.9 Minimum Free Disk Space: 134217728 Lazy Flush Enabled : No Raw Event Maximium Content Length: 262144 Raw Payload Maximum Content Length: 1048576 API Keys Required : Yes Authentication Enabled: Yes Active Directory Authentication: No Azure Active Directory Authentication: No
Posted by Pablo 3 years ago
When someone reports a problem or issue, it is useful to export related events into file (csv is supported now), send it to someone else to view it. Importing or browsing the exported events with all Seq capabilities like search etc. would be useful. Thank You
Posted by Marek Ištvánek 3 years ago
When reporting a bug from a software using Seq logging, it is useful to put events information into new bug issue. Now web browser copy function for selected text can be used, but it would be more handy to do it with a click. Thank You
Posted by Marek Ištvánek 3 years ago
The upgrade to version 4.1.17 fails on our production server. Upgrading from version 3.4.20. No issues with the upgrade in Test nor QA. The server is running Windows Server 2012 R2 Standard, Windows log message: Windows Installer installed the product. Product Name: Seq. Product Version: 4.1.17.0. Product Language: 1033. Manufacturer: Datalust Pty Ltd. Installation success or error status: 1603. Thank for all your help. Ivan
Posted by Ivan Lemus 3 years ago
Do you offer Non-profit pricing at all? I work for Bethany Christian Services, we are a non-profit social services agency that's mission is to help children who are in need. We are located in 30 different states across the US. We have an internal development team that focuses in .Net for our website and internal web applications. We are looking to use Serilog and Seq to significantly improve our support for our internal staff. I am wondering if you offer any non-profit pricing. We would like to use the Azure AD piece, but I believe that requires an Enterprise license. I have approval for the Professional license, but I am not sure I will be able to get the $2000 price tag approved. Thanks, Mike
Posted by Mike Bruxvoort 3 years ago
Hello, We want to evaluate Seq and want to install it on a development server so our dev environment can log to Seq. This is to accumulate some data and see what we can do with it. When I install it on a server, I can access it from within the server, but I cannot access it remotely when I surf to http://<server name or ip>:5341/. Do I need to set something so I can access it from outside? Do I need a licence? Kind regards, Ken Bonny
Posted by Ken Bonny 3 years ago
I've pulled a series of IIS logs into Seq to do some analysis on usage, and I'm having difficulty using a "column" in selects and group by: cs(User_Agent) Is there a way to specify this column in the query? select cs(User_Agent) from stream where cs_uri_stem = '/ws/calc.asmx/recalc' or select count(*) from stream where cs_uri_stem = '/ws/calc.asmx/recalc' group by cs(User_Agent)
Posted by Sean Lively 3 years ago
Hi, is there a possibility to extend the event view of seq and add/calculat additional information. The reason for this question is, that I want to have an additional column beside the date and event text with the delta time to the previouse event. So, I want to see instantly, how much time has elapsed between the current shown events. Time Delta Event 15 May 2017 12:49:17.140 - Connection opened 15 May 2017 12:50:17.140 00:01:00.000 Transaction started 15 May 2017 12:51:18:140 00:01:01.000 Error in Transaction Kind regards, Martin
Posted by Martin Burtscher 3 years ago
Serilog and Seq works fine when I log from WinForm/web application. I am facing problem only when I am using console application. Without writing Log.CloseAndFlush() it is not working. Following is my LoggerConfiguration Log.Logger = new LoggerConfiguration() .WriteTo.Seq("http://localhost:5341") .CreateLogger(); Is there any way to log without invoking Log.CloseAndFlush() so that it works with seq, serilog in console application. Do I need to call Log.CloseAndFlush() everytime after logging? If I have a console application who listen a queue and do some operation, on that case where I will invoke Log.CloseAndFlush()? Expecting your help.
Posted by Hasibul Haque 3 years ago