Discussions

I have errors in seq log file: 2017-11-08 12:33:55.446 +03:00 [Error] The event "event-1033792d268b08d51fd61c6a00000000" could not be sent to "Watch: Couriers_Moscow". Microsoft.Isam.Esent.Interop.EsentBadParentPageLinkException: Database corrupted в Microsoft.Isam.Esent.Interop.Api.Check(Int32 err) в Microsoft.Isam.Esent.Interop.Api.RetrieveUnicodeString(JET_SESID sesid, JET_TABLEID tableid, JET_COLUMNID columnid, RetrieveColumnGrbit grbit) в Microsoft.Isam.Esent.Interop.Api.RetrieveColumnAsString(JET_SESID sesid, JET_TABLEID tableid, JET_COLUMNID columnid, Encoding encoding, RetrieveColumnGrbit grbit) в Quince.Documents.DocumentStore.TryLoad[T](String id, T& document) в Quince.Documents.DocumentStore.Load[TDocument](String id) в Seq.Server.Features.Watches.WatchReactor.On(Event`1 evt) в Seq.Server.Features.Runner.AppHost.Send(StorageEvent storageEvent) Can I repair database somehow?

I have an enricher that logs the JSON value of a request. Is there a way in Seq when I view the log entry to view the JSON data formatted etc..? Currently it's just a long string which is hard to read. Would be nice to see it formatted.

I cant added an API KEY. At first I could add an apikey, then I removed it. After this when i try add a new api key, i see it was successfully added. but not added. I tried to re-install it again but it did not change. Logging works fine. Seq 4.1.17 - Single-User License on Windows Server 2012 R2

I'm wondering if it's possible to create an API key using the seq API. In looking at the documentation I can see how to get the key(s) and template but in trying to create a key I'm using a POST against the /api/apikeys path. The content looks good but I get a 403 response back. I created a key for this operation and turned on the "Permit user-level access" for it and then added that to the query string but it didn't seem to help. I may still be doing something wrong and my configuration may be off but I at least wanted to check with you all to see if it's possible before proceeding. Thanks!

Hello Nicholas, I'd like to describe you a use case, perceived problems and possible work around in order to get feedback from you and hopefully future improvements from seq. With the new dashboards / alerts one understandably might wants to send the alerts to Slack. We do have a [plugin for Slack](https://github.com/bytenik/Seq.App.Slack) already, but it was written in pre-dashboard era. In particular, this plugin always assumes to be associated with an event and displays [(View on Seq)](https://github.com/bytenik/Seq.App.Slack/blob/master/SlackReactor.cs#L183) link that is not possible to switch off. Alerts are often not associated with any particular event so you have a link that leads to a error page instead. This is in itself is not a very huge problem and is easily corrected within the plugin code. Another issue is a bit bigger. With dashboard graph, one might want to see the graphs _in slack_. Of course a link to dashboard could be added via `MessageTemplate` option of the Slack Plugin, but in my use case these links are internal and people would like to make sense of their Seq alerts externally in Slack application. When one is not logged in to their corporate network on their phone and get the Slack message Seq alert the links won't work as the Seq instance is not exposed externally from security, infrastructure and architecture reasons. There is [a question](http://docs.getseq.net/discuss/59ad4912b2c6f80037bd1465) related to it and there is a [relevant github issue]( https://github.com/datalust/seq-releases/issues/565), but I would like to explore this topic a bit further. **Access to rendered dashboard images** It would be nice if one could use the API or at least HTTP request to be able to get a dashboard image. Currently this is impossible, and having read your response to the question linked above I'm not holding my breath. I was successful in scraping the images with [phantomjs](http://phantomjs.org/), [svg-crowbar](http://nytimes.github.io/svg-crowbar/), [selenium](http://www.seleniumhq.org/projects/ide/), phantomjs web driver, [svg.net](https://github.com/vvvv/SVG), and a lot of duct tape. Yet, an "official" way of doing this would be nice. A big problem of the scraping approach, that Seq can help with (relatively easily) is authentication. In order to scrape you need to log-in. In order to login you need to provide credentials. Currently it's not possible to get the charts with an API key at all but it is on the list of improvements listed above, so I'm hopeful. Scraping is liable to break when layout of the html page changes. It is quite fragile, and easy to break. If it is difficult to provide exportable images, maybe it would be easier to document html markers that could be used to scrape the dashboard page for each image. That will give some assurance that scraping won't break with the next Seq version. **Credential management for access to the images** The next thing is providing either credentials or API key to the plugin. This can be done via plugin configuration UI, but it feels very lame. The plugin configuration UI looks and feels as part of SEQ, and it feels very weird that I need to key it the API key on that page or worse my user name and password. Currently one would have to resort to the latter. To be clear: I'm talking about hypothetical slack plugin that would fetch images from the dashboard and need credentials to do so. As it is now, I *have* to key in a user account and a user password. Since user management somewhat lacking in seq (we only have the Administrator flag, no groups or permissions) it means that every administrator will have access to this configuration page. In an actual organisation I'd like to give some permission (like create a new API key) to certain people (who are now given admin rights) but I certainly do not want these people to have access to my service account credentials. Currently it seems unavoidable. In addition this service account consumes 1 user in my license entitlement and it does not feel good at all. Maybe a better permission system can be added? Similar, to say Octopus? All in all I feel like there is a room for improvement here, but because of the next section, if it does not get implemented it is still workable. **Plugin-level access to Seq** What I really would like to see is that plugin having access to the Seq API _and_ being able to scrape without logging in. We could assume that people installing the plugin have enough authorization to access the system, so that the plugin can do it on their behalf. Certainly access to API would be expected, but because API does not give us the chart images and the HTTP requests do, also access to the website from within the plugin. **Current state** A slack plugin posting dashboard image is workable: - Plugin collects user credentials - Plugin scrapes the page using the credentials - Plugin converts/posts the image on slack Disadvantages of this approach: - Credentials not stored securely - Scraping is awkward to perform - Scraping depends a lot on the html generated which is likely to change between version and break the plugin. **Minimal Changes** - Mark images in the html so the scraping can survive version upgrade reliably - Make dashboard available with an API key without need to log in - Make plugins automatically using appropriate API key without need to configure one in the interface for access to the dashboard. **Longer Term** - Better permissions system - Plugin access to API - Charts accessible via API - that would be ideal - Protected fields for plugin configuration for holding sensitive information - Service accounts not to consume user license Please, your thoughts?

Hi, in Writing Seq Apps Help Section I can read: If your app uses other libraries, these must be included as files in the package rather than specified as dependencies, because at run-time Seq will not load files from other packages. This means that I need to compile the nuspec file including them? For example, I am using Geckoboard dll so my file tag would be: <file src="bin\Release\Geckonet.Core.dll" target="lib\net45" /> <file src="bin\Release\Geckonet.Core.pdb" target="lib\net45" /> Is that correct? Thanks, Ros.

Hi, I prepared working sample for new c# application + nlog+ seq, according to procedure from http://docs.getseq.net/docs/using-nlog. It works. I can see log in browser. Now, I tried to integrate seq with compiled application, which uses nlog. I copied Seq.Client.NLog.*, System.Net.Http.Extensions.* and System.Net.Http.Primitives.* to binaries, updated nlog configuration. Application works, but stops to store log even to standard files. No any errors found via WinDbg. <logger name="*" minlevel="Debug" writeTo="seq" /> <extensions> <add assembly="Seq.Client.NLog"/> </extensions> <target name="seq" xsi:type="Seq" serverUrl="http://localhost:5341" /> thank you, Igor.

Hi all, We are still in the early days of seq and so we are attempting to balance our desire for retention with the need to keep disk space open. Seq is installed to its own drive, but it appears I only have the option to set a number of days to retain items. Is it possible to set an amount or percentage of disk space, after which time log files are deleted in the order of oldest logs first? Currently, I'm forced to set retention way lower than we want so that the disks we've been allocated don't fill up, but I have no idea what the peaks & valleys of our ingestion needs will be.

Hello, Is it possible to authenticate using datalust Seq API when AAD authentication is enabled. If not are there any other ways to get past the authentication? The point is that I need to create new SEQ API key using my .NET application. Thanks

Hello, We are having very poor performance in our queries, especially SQL type queries that aggregate data. Do the queries normally rapidly lose performance with a lot of data? We have millions of records for each month. What is the recommended/safe record count/size to store over time, given a 90-day retention period? What exact options can I take to improve the performance of Seq? Thanks

Hello, We had Azure tenant migration recently creating issues in accessing Seq. We need to update TenantID, ApplicationID and ClientKey to their right values now. How we do it?

I need to log in to SEQ using not API key, but user credentials in order to create keys (C#). Is there any way to do that using C#?

I'm thinking of adding a middle tier in-front of SEQ using Azure Event Hubs. I know there are sinks to Serilog for example to write data to Event Hubs, but I'm looking into *reading* from an event hub and injecting it as SEQ messages. I'd like to run this as an app inside SEQ. Is there a way for a SEQ app to *inject* messages (for various api keys as well)?

I have been using Seq for my application analysis and it has been working wonderfully. However, one problem I have been running into is that of grouping large sets of data. I have a query that creates groups how I would like, however each group has a significant number of rows when I am really just interested in the first one. Is it possible to return the first row of each group? I did look into the first() method but that appears to work on the entire result set. Thank you for any assistance you can provide, Michael

Hello! I need to correlate events by long integer property. When I click "Find" on the property, I get imprecise value in the filter, so no events returned. It seems weird. Current workarounds: - download raw event and use right value; - write values as strings. Is there a better way to get precise long value of a property? Best Regards, Alexander.

I am calling into seq from a ssis package using the raw posts. Quite often those calls do not get through. The post call just takes a very long time and eventually imes out. Even retries fail. Messages I am posting are quite small. Allowing buffered writes feels like it's helpped but I am just not getting through consistently. I am also experiencing same issues in multiple environments so it is related to a particular instance Is there anything else I could try? The code is c# : using System; using System.Collections.Generic; using System.Data.SqlClient; using System.Linq; using System.Text; using System.Web.Script.Serialization; namespace Seq { public class SeqProxy { private readonly string rawUrl; public SeqProxy(string url) { rawUrl = url; } public void LogEvent(LogLevel level, string correlationId, string messageTemplate, Exception exception, Dictionary<string, object> properties) { var re = new RawEvents { Events = new[] { new RawEvent { Level = level.Name, Timestamp = GetJsonDate(), MessageTemplate = messageTemplate, Exception = exception==null ? "" : exception.ToLogString(), Properties = properties.Union(new Dictionary<string, object> { {"CorrelationId", correlationId}}).ToDictionary(x=>x.Key,x=>x.Value) } } }; var m = new JavaScriptSerializer().Serialize(re); try { HttpPost(rawUrl, m); } catch (Exception) { //retry try { HttpPost(rawUrl, m); } catch (System.Exception) { //Ignore seq failure - ocasionally seq fails with timeout. Retry should normally fix it but if it doesn't we don't need to fall over because of it. } } } private static string GetJsonDate() { var dt = DateTime.UtcNow; TimeZoneInfo localZone = TimeZoneInfo.Local; return String.Format("{0}-{1}-{2}T{3}:{4}:{5}.{6}{7}{8}{9}", dt.Year, dt.Month.ToDatePart(), dt.Day.ToDatePart(), dt.Hour.ToDatePart(), dt.Minute.ToDatePart(), dt.Second.ToDatePart(), dt.Millisecond, (localZone.BaseUtcOffset >= TimeSpan.Zero) ? "+" : "-", Math.Abs(localZone.BaseUtcOffset.Hours), Math.Abs(localZone.BaseUtcOffset.Minutes)); } private static void HttpPost(string url, string message) { System.Net.WebRequest req = System.Net.WebRequest.Create(url); req.ContentType = "application/json"; req.Method = "POST"; req.Timeout = 120000; byte[] bytes = System.Text.Encoding.UTF8.GetBytes(message); req.ContentLength = bytes.Length; using (System.IO.Stream os = req.GetRequestStream()) { os.Write(bytes, 0, bytes.Length); os.Close(); } System.Net.WebResponse resp = req.GetResponse(); } } public class LogLevel { public string Name { get; private set; } public static LogLevel Verbose { get { return new LogLevel { Name = "Verbose" }; } } public static LogLevel Debug { get { return new LogLevel { Name = "Debug" }; } } public static LogLevel Information { get { return new LogLevel { Name = "Information" }; } } public static LogLevel Warning { get { return new LogLevel { Name = "Warning" }; } } public static LogLevel Error { get { return new LogLevel { Name = "Error" }; } } public static LogLevel Fatal { get { return new LogLevel { Name = "Fatal" }; } } } public class RawEvents { public RawEvent[] Events { get; set; } } public class RawEvent { public string Timestamp { get; set; } // Uses the Serilog level names public string Level { get; set; } public string MessageTemplate { get; set; } public Dictionary<string, object> Properties { get; set; } public string Exception { get; set; } } public static class SeqExtensions { public static string ToDatePart(this int part) { return part.ToString().PadLeft(2, '0'); } public static string ToLogString(this Exception exception) { var sb = new StringBuilder(); sb.Append(Environment.NewLine); sb.Append("Error Details: " + Environment.NewLine); sb.Append("Source: " + exception.Source + Environment.NewLine); sb.Append("Message: " + exception.Message + Environment.NewLine); sb.Append("StackTrace: " + exception.StackTrace + Environment.NewLine); sb.Append(GetInnerExceptionsAsString(exception)); return sb.ToString(); } private static string GetInnerExceptionsAsString(Exception ex) { if (ex is SqlException) { return SQLErrorToString(ex); } else { return InnerExceptionToString(ex); } } private static string InnerExceptionToString(Exception ex) { var sb = new StringBuilder(); bool b = true; string newLine = Environment.NewLine; while (b) { ex = ex.InnerException; if (ex != null) { sb.Append(newLine); sb.Append("Inner Error: " + newLine); sb.Append("\tSource: " + ex.Source + newLine); sb.Append("\tMessage: " + ex.Message + newLine); sb.Append("\tStackTrace: " + ex.StackTrace + newLine); } else { b = false; } } return sb.ToString(); } private static string SQLErrorToString(Exception ex) { var sb = new StringBuilder(); string newLine = Environment.NewLine; foreach (SqlError err in ((SqlException)ex).Errors) { sb.Append(newLine); sb.Append("SQL Error: " + newLine); sb.Append("\tMessage: " + err.Message + newLine); sb.Append("\tLineNumber: " + err.LineNumber + newLine); sb.Append("\tNumber: " + err.Number + newLine); sb.Append("\tProcedure: " + err.Procedure + newLine); sb.Append("\tServer: " + err.Server + newLine); } return sb.ToString(); } } }

After aprox. 20 hours of running, we are not being able to reach the Web UI (even from the same server that seems to work correctly during the down times). It site comes and goes but it is mostly unavailable until we restart the SEQ windows service. We reviewed the logs in the storage folder and saw no errors or warnings indicating any performance drop or issue. It worth mention that while the UI is unavailable the SEQ process is consuming arround 45 GB of 56 available (systemRamTarget is set to 0.9) Can you help us to troubleshoot this issue? addtitionnlay since we updated to the latest version the logs seem to be in a different format: before: 2017-10-03 00:07:07.635 +00:00 [Information] Retrieval of StorageRange { RangeStartUtc: null, RangeEndUtc: null, IsRelevantEventTypeHash: null, Direction: Backward, StartFromKey: null, ..... after: {"@t":"2017-10-11T00:15:24.5717232Z","@mt":"Deduplication buffer renewed on reaching {@Shared}","Shared":{"Schemata":361,"Strings":213050},"SourceContext":"Flare.Events.Cache.SegmentCache", .... do we need to configure anything to have the logs formated as before (version 3.4.20) Here is the summary for the diagnostic report (after 9 hours of running) ==================== 1. Executable -------------------- Seq Version : 4.1.17 Bitness : 64 Framework Version : 4.0.30319.42000 ==================== 2. Operating System -------------------- OS Caption : Microsoft Windows Server 2012 R2 Datacenter OS Version : 6.3.9600 OS Bitness : 64 ==================== 3. Processor #1 -------------------- Description : Intel64 Family 6 Model 45 Stepping 7 Cores : 8 ==================== 4. Error -------------------- Diagnostic reporter Seq.Server.Features.Diagnostics.ProcessorReporter failed. System.Management.ManagementException: Not found at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode) at System.Management.PropertyDataCollection.get_Item(String propertyName) at System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) at Seq.Server.Features.Diagnostics.Wmi.Processor.get_IsNumberOfEnabledCoreNull() at Seq.Server.Features.Diagnostics.ProcessorReporter.Report(DiagnosticReport report) at Flare.Diagnostics.Reporting.DiagnosticReportCollector.CollectDiagnosticReport(TextWriter output) ==================== 5. System Memory -------------------- Physical Total : 60129071104 Physical Available : 15745794048 Physical Utilization: 0.73813342267061 Commit Limit : 174610165760 Commit Peak : 121895325696 Commit Total : 44744867840 Process Count : 52 Handle Count : 43589 Thread Count : 985 Kernel Total : 1585152000 Kernel Paged : 186847232 Kernel Non-paged : 1398304768 Page Size : 4096 System Cache : 15859699712 ==================== 6. Process Memory -------------------- Working Set (Environment): 4113080320 Working Set : 38472822784 Paged : 38470361088 Paged System : 832224 Non-paged System : 21283839 Private : 38470361088 Handle Count : 23401 Thread Count : 259 ==================== 7. Process -------------------- Uptime : 09:09:34.1042925 Thread Pool Threads Available: 32761 Thread Pool IOCP Threads Available: 969 ==================== 8. System Storage -------------------- Space Remaining : 2311537541120 ==================== 9. Event Storage -------------------- First Extent Range Start: 2015-09-02T00:00:00.0000000Z Last Extent Range End: 2017-10-18T00:00:00.0000000Z ==================== 10. Event RAM Cache -------------------- Days Cached : 5.25 Events Cached : 12093304 Is Warming Up : Yes ==================== 11. Configuration -------------------- Preferred Storage Engine: <null> LMDB Extent Map Size: 200000000000 System Memory Utilization Target: 0.9 Minimum Free Disk Space: 134217728 Lazy Flush Enabled : No Raw Event Maximium Content Length: 262144 Raw Payload Maximum Content Length: 1048576 API Keys Required : Yes Authentication Enabled: Yes Active Directory Authentication: No Azure Active Directory Authentication: No

When someone reports a problem or issue, it is useful to export related events into file (csv is supported now), send it to someone else to view it. Importing or browsing the exported events with all Seq capabilities like search etc. would be useful. Thank You

When reporting a bug from a software using Seq logging, it is useful to put events information into new bug issue. Now web browser copy function for selected text can be used, but it would be more handy to do it with a click. Thank You

The upgrade to version 4.1.17 fails on our production server. Upgrading from version 3.4.20. No issues with the upgrade in Test nor QA. The server is running Windows Server 2012 R2 Standard, Windows log message: Windows Installer installed the product. Product Name: Seq. Product Version: 4.1.17.0. Product Language: 1033. Manufacturer: Datalust Pty Ltd. Installation success or error status: 1603. Thank for all your help. Ivan