DocumentationDiscussions
DocumentationDiscussions

Discussions

Ask a Question
Back to All

Password for Active Directory authentication

Hi, I have configured seq authentication via AD following this guide: https://docs.datalust.co/docs/active-directory When I was configuring the first administrative user, I have been requested to enter his AD password twice. Does that mean that Seq is saving AD password somewhere locally? Will authentication work upon change of the password by this user? Thanks, Dmitry Shur
ANSWERED

Reset admin password

I'm a dumb... I've just installed seq on a new server, generated a password with last pass, put it on remote server and not stored it.... how can I reset it? I've also tried to uninstall/reinstall but with no luck (it's an empty server, so I've no data to store) Thanks

Does Seq Support Deep Links through Azure AD Authentication

Hi! When we link to our Seq server https://seq.server/#/events?signal=signal-m33301 but are challenged to auth via AAD, when we login via AAD and are redirected back to Seq we end up at https://seq.server/#/events instead of at the original URL. Is this a problem with Seq or with our configuration of our Seq instance?

Logging to stdout instead of stderr?

I use google kubernetes engine. #deployment.yaml spec: containers: - name: seq image: "datalust/seq:5.1.3200" --- #One of the logs. logName: "projects/xxxxxx/logs/stderr" severity: "ERROR" textPayload: "[13:51:24 INF] Removing events before "2020-10-15T13:50:00.0000000Z" matching "`signal-m33301`" under policy "retentionpolicy-52" (deleting from null) " timestamp: "2020-12-14T13:51:24.109413340Z" } I expected it to be severity: "INFO", is there a way to send it to stdout?

SEQ Query Calculate Percentage

Hi , We can calc count operation at query and showing dashboad. We want to calc percentage at same query and showing dashboard. How can make it? Exam : ID - Count - Perc(%) 5 - 10 - 13 8 - 30 - 40 21 - 20 - 27 30 - 15 - 20

UK Address

We are planning to purchase SEQ and would like to know the address of the company in order to complete our purchase form. Please let me know if you have any UK locations / partners and their address

Gelf and API Keys

Is there any way to secure the GELF endpoint with apikeys? i.e. putting the Key into the actual log message? Our applications and the log server are not running on the same network and we wanted to ingest logs via GELF. However just opening the port to the wild might not be a good idea. Handling everything via firewall rules is possible - but makes it very hard when it comes to development, where people in home offices get changing IPs on a regular basis.

bind ip-address can't access

in the azure vm,i open the inbound rules of the firewall and azure portal nsg is also opened. but i can't use ip-address to access seq. i use localhost is useful.

AAD Open ID Connect authentication failed with SEQ 2020.4

Hello, We use AAD authentication in SEQ and everything works fine. Now I want to update my SEQ container in Kubernetes from 2020.2 to 2020.4. After updating the pod, I start SEQ container with 2020.4 and try to sign in and I get the error: OpenID Connect authentication failed No extended description available. What can I do, to solve this problem? Best regards Christian

Dashboard performance - does it use indexes?

Hello SEQ team! Love the product - starting to learn some "power features" but got stuck wondering about one thing: Do dashboard charts use indexes when the query option is used (and not a signal)? I have a pie chart with the following query: ``` select count(*) as count from stream where Referer is not null group by Referer order by count desc ``` Which takes a while to complete depending on the time frame I select. Since I am doing a count and a group by I cannot use a Signal - am I right that it will not use any indexes as a result? Would it use an index if I created a signal for say Has(Referer) even if it was not directly referenced here in the query?

Short SQL timeout when running Histogram

I am attempting to generate a histogram of messages in SEQ 5.1.3364. I have configued the query timeout parameter in the admin > preferences page to be 120 seconds. However, when I run a histogram of a range of messages, I am getting the following error. Could not update histogram The query execution timeout of 00:00:15 was reached. Is this 15 second query execution timeout configurable? Thanks, Steve

Linux?

Any plan for a standalone Linux package? Non-docker. I usually just run Seq in a Windows Server Core instance, but I'd like to save some bucks. The Docker image makes it a bit obnoxious to setup. Hard to get SSL working, etc. A Ubuntu/Debian package would be nice. I'd be happy to help you build one too. Former Ubuntu/Debian maintainer in another lifetime.

How to use seqcli ingest to avoid double entries

Hi all, How to properly set up an agent reading the clef log files, and avoid double entries ? for instance, I could use powershell, and list files in a certain folder : 1. I take the file 2. I call seqcli ingest on this file 3. if no error, I move the file. How to be sure that all the file was correctly sent and not only half of the file ? Is there a way that seqcli will not send the logs if it was already sent before ? or seq to not accept the logs if that was already transmitted before ? (I can generate a guid for example) Are there any best practices to reliably send logs to seq ?

Calculate timestamp difference

Hi, I have these messages, related to job execution time start and stop. On the dashboard, can I select the time difference between a start and stop to calculate the running time for each job ? Thank's Nick Claudio

Restore failed ?

Hi Nick, I have a staging server with SEQ and my local machine with both the 2020.1 version. I would restore data from staging server to my local machine. No issues messages, but the data seems not restored. Why ? ``` C:\Windows\system32>seq service stop Stopping Seq... Waiting up to 60 seconds for apps to unload and the service to stop (currently: Running)... Stopped. C:\Windows\system32>seq restore --master-key="bEa0OGgZg+HqHj00cbtZ7tLUoiz2dBkBUaojc/q3E0A=" --backup="D:\Temp\SEQ\seq_20201114.seqbac" [11:24:48 INF] Opening metastore "C:\\ProgramData\\Seq\\Documents\\default.quince" This will clear all metadata (users, signals, ...) from the current instance and replace it with the contents of backup D:\Temp\SEQ\seq_20201114.seqbac. Press `y` to continue, or any other key to cancel. [11:25:01 INF] Restoring from "D:\\Temp\\SEQ\\seq_20201114.seqbac" [11:25:01 INF] Decrypting content [11:25:01 INF] Extracting content [11:25:01 INF] Reading manifest [11:25:01 INF] Checking manifest [11:25:01 INF] Clearing out existing documents [11:25:02 INF] Restoring documents [11:25:02 INF] Import stage completed with 26 entries [11:25:02 INF] Restoring "seq.app.emailplus 2.0.92" [11:25:02 WRN] Could not restore the NuGet package "seq.app.emailplus"; manual reconfiguration may be required [11:25:02 INF] Closing metastore Restoration is complete. Any Seq app instances must be explicitly re-enabled. C:\Windows\system32>seq service start Starting Seq... Waiting up to 15 seconds for the service to start (currently: Stopped)... Started. ``` Thank you Nick for this beautiful work. Claudio

How to run SEQ via nginx from subfolder ?

Hello I would like to run seq from https://mydomain.com/seq I'm using nginx. I managed to access Seq like this: location =/seq { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; rewrite /seq(.*) /$1 break; proxy_pass http://localhost:5341; proxy_read_timeout 90; } But Now I have a problem with loading page resources like .JS and .CSS because they're all relative to "/" root ? Is there a fix for this ? Thank you!

No data is indexed

Hi, after upgrading to Seq 2020.4 I was wondering, why no data is shown as indexed under Data --> Storage. (Indexed 0 bytes, Unindexed 196 GB). I am even getting a message in the UI/Server Status "The last index attempt failed". I don't think it has to do something with 2020.4. The errors are just displayed more clearly. We should met all index conditions here: https://docs.datalust.co/docs/indexing Seq log shows some errors:. Do we have a misconfiguration? {"@t":"2020-11-17T02:43:08.6817441Z","@mt":"Applying {Count} retention policies","Count":2,"SourceContext":"Seq.Server.Features.Retention.RetentionPolicyApplier"} {"@t":"2020-11-17T02:43:08.6818222Z","@mt":"Removing all events before {DeletingUntilUtc:u} under policy {RetentionPolicyId}","@r":["2020-05-21 02:40:00Z"],"DeletingUntilUtc":"2020-05-21T02:40:00.0000000Z","RetentionPolicyId":"retentionpolicy-35","SourceContext":"Seq.Server.Features.Retention.RetentionPolicyApplier"} {"@t":"2020-11-17T02:43:08.6893614Z","@mt":"Retention policy progressed in {Elapsed:0.000} ms (headway: {Headway}×), will resume from {ResumeStart:u}","@r":["7.482","2020-05-21 02:40:00Z"],"Elapsed":7.4818,"Headway":null,"ResumeStart":"2020-05-21T02:40:00.0000000Z","SourceContext":"Seq.Server.Features.Retention.RetentionPolicyApplier"} {"@t":"2020-11-17T02:43:08.6925681Z","@mt":"Removing events before {DeletingUntilUtc:u} matching {RemovedSignalExpression} under policy {RetentionPolicyId} (deleting from {DeletingFrom:u})","@r":["2020-10-03 02:40:00Z","2020-10-02 21:00:00Z"],"DeletingUntilUtc":"2020-10-03T02:40:00.0000000Z","RemovedSignalExpression":"`signal-1168` Union `signal-151`","RetentionPolicyId":"retentionpolicy-33","DeletingFrom":"2020-10-02T21:00:00.0000000Z","SourceContext":"Seq.Server.Features.Retention.RetentionPolicyApplier"} {"@t":"2020-11-17T02:43:08.6927160Z","@mt":"The policy ran but took no action; elapsed {Elapsed:0.000} ms","@r":["0.111"],"Elapsed":0.1114,"SourceContext":"Seq.Server.Features.Retention.RetentionPolicyApplier"} {"@t":"2020-11-17T02:43:08.6927487Z","@mt":"Retention processing and compaction took {Elapsed} ms; allocating {Allocation} ms for indexing","Elapsed":11.6737,"Allocation":599988.3263} {"@t":"2020-11-17T02:43:08.6927639Z","@mt":"Beginning indexing","SourceContext":"Seq.Server.Features.Indexing.EventStoreIndexer"} {"@t":"2020-11-17T02:43:09.9153190Z","@mt":"Exception from task {TaskName}","@l":"Error","@x":"System.Text.RegularExpressions.RegexMatchTimeoutException: The RegEx engine has timed out while trying to match a pattern to an input string. This can occur for many reasons, including very large inputs or excessive backtracking caused by nested quantifiers, back-references and other factors.\r\n at System.Text.RegularExpressions.RegexRunner.DoCheckTimeout()\r\n at Go3(RegexRunner )\r\n at System.Text.RegularExpressions.RegexRunner.Scan(Regex regex, String text, Int32 textbeg, Int32 textend, Int32 textstart, Int32 prevlen, Boolean quick, TimeSpan timeout)\r\n at System.Text.RegularExpressions.Regex.Run(Boolean quick, Int32 prevlen, String input, Int32 beginning, Int32 length, Int32 startat)\r\n at System.Text.RegularExpressions.Regex.IsMatch(String input, Int32 startat)\r\n at lambda_method(Closure , StructuredEvent )\r\n at Flare.Expressions.FilterPlanPredicate.Includes(StructuredEvent evt)\r\n at Flare.Storage.StorageEngine.UpdateIndexes(IndexPredicate[] indexPredicates, CancellationToken cancel)\r\n at Flare.Events.EventStore.UpdateIndexes(IEnumerable`1 indexes, CancellationToken cancel)\r\n at Flare.Queries.DataStore.UpdateIndexes(IEnumerable`1 indexes, CancellationToken cancel)\r\n at Seq.Server.Features.Indexing.EventStoreIndexer.Index(TimeSpan allocatedIndexingTime, CancellationToken cancel)\r\n at Seq.Server.Features.Retention.RetentionAndIndexingTask.Execute(CancellationToken cancel)\r\n at Seq.Server.Tasks.TaskRunTimer.Execute(CancellationToken cancel)\r\n at Seq.Server.Tasks.TaskRunTimer.<OnTimer>b__9_0(CancellationToken cancel)","TaskName":"Retention and Indexing","SourceContext":"Seq.Server.Tasks.TaskRunTimer"}

IIS log forwarding

I see that you can import IIS logs with seqcli but we would like to forward the logs, from files, near real-time as they are written to. How would you suggest going about doing this?

Is it possible to show per second values in a chart?

When searching events, I can make a query like: `select sum(requestUnitsCharged/60) from stream group by customerId, time(60s)` which will show a value of how many requestUnits per second were charged for each minute. The problem is, if I try the same in a dashboard, I have to divide by 60 in the chart settings, but the actual interval is set in the top right. If someone adjusts the dashboard granularity to be e.g. "Last day by 5 minutes" the values will be wrong. Is there a variable I could use to do e.g. `sum(requestUnitsCharged/$intervalInSeconds)`?

AKS out of memory exception

I have started 2020.3 in a pod but after a while the logs show OutOfMemoryEception and the app isn't responding. This is is the yaml: apiVersion: v1 kind: Pod metadata: name: seq labels: app: seq spec: nodeSelector: "kubernetes.io/os": linux containers: - name: seq image: mediafy.azurecr.io/datalust/seq:2020.3 resources: requests: memory: "2Gi" cpu: "250m" limits: memory: "4Gi" cpu: "500m" ports: - containerPort: 80 - containerPort: 5341 env: - name: ACCEPT_EULA value: "Y" volumeMounts: - mountPath: "/data" name: volume volumes: - name: volume persistentVolumeClaim: claimName: seq-managed-disk This is a piece of logs from the pod which is keep repeating: [23:33:47 ERR] Exception from task "Retention and Indexing" System.OutOfMemoryException: Exception of type 'System.OutOfMemoryException' was thrown. at Newtonsoft.Json.JsonTextReader.Read() at Flare.MemoryEncoding.Serializer.Deserialize(Span`1 documentBytes, SharedAssets shared) at Flare.Storage.StorageEngine.UpdateIndexes(IndexPredicate[] indexPredicates, CancellationToken cancel) at Flare.Events.EventStore.UpdateIndexes(IEnumerable`1 indexes, CancellationToken cancel) at Flare.Queries.DataStore.UpdateIndexes(IEnumerable`1 indexes, CancellationToken cancel) at Seq.Server.Features.Indexing.EventStoreIndexer.Index(TimeSpan allocatedIndexingTime, CancellationToken cancel) at Seq.Server.Features.Retention.RetentionAndIndexingTask.Execute(CancellationToken cancel) at Seq.Server.Tasks.TaskRunTimer.Execute(CancellationToken cancel) at Seq.Server.Tasks.TaskRunTimer.<OnTimer>b__9_0(CancellationToken cancel) [23:34:30 INF] 1 more generation 2 garbage collection(s) occurred [23:38:05 INF] Metrics sampled [23:42:46 INF] Native storage metrics sampled [23:43:05 INF] Metrics sampled [23:43:39 INF] Applying 1 retention policies [23:43:39 INF] Removing all events before "2020-08-10T23:40:00.0000000Z" under policy "retentionpolicy-36" [23:43:39 INF] Retention policy progressed in 0.0634 ms (headway: null×), will resume from "2020-08-10T23:40:00.0000000Z" [23:43:39 INF] Retention processing and compaction took 5.7259 ms; allocating 599994.2741 ms for indexing [23:43:39 INF] Beginning indexing [23:43:56 ERR] Exception from task "Retention and Indexing" System.OutOfMemoryException: Exception of type 'System.OutOfMemoryException' was thrown. at Newtonsoft.Json.JsonTextReader.EnsureBufferNotEmpty() at Newtonsoft.Json.JsonTextReader.ReadStringIntoBuffer(Char quote) at Newtonsoft.Json.JsonTextReader.ParseValue() at Flare.MemoryEncoding.Serializer.ReadProperty(JsonTextReader json, List`1 properties, List`1 values, SharedAssets sharedAssets) at Flare.MemoryEncoding.Serializer.ReadObject(JsonTextReader json, SharedAssets shared) at Flare.MemoryEncoding.Serializer.Deserialize(Span`1 documentBytes, SharedAssets shared) at Flare.Storage.StorageEngine.UpdateIndexes(IndexPredicate[] indexPredicates, CancellationToken cancel) at Flare.Events.EventStore.UpdateIndexes(IEnumerable`1 indexes, CancellationToken cancel) at Flare.Queries.DataStore.UpdateIndexes(IEnumerable`1 indexes, CancellationToken cancel) at Seq.Server.Features.Indexing.EventStoreIndexer.Index(TimeSpan allocatedIndexingTime, CancellationToken cancel) at Seq.Server.Features.Retention.RetentionAndIndexingTask.Execute(CancellationToken cancel) at Seq.Server.Tasks.TaskRunTimer.Execute(CancellationToken cancel) at Seq.Server.Tasks.TaskRunTimer.<OnTimer>b__9_0(CancellationToken cancel) How much memory does it need? Or is there other configuration that I'm missing?