Hi, I'm trying to filter and count some http request based on some values in headers. So far it is working on simple names like RequestHeader.Accept, but it's not working when nested property has dash in its name like RequestHeader.Accept-Encoding. Query from stream always returns null for that property. Is there some different syntax to make it work? Thanks, regards, Vladimir Mihok
Posted by Vladimír Mihok 10 months ago
I'd like to produce a histogram-style chart that shows how many occurrences of an event there are in each hour of the day, over whatever range of time, e.g. if an event only occurs at 13:05 and 13:56 each day, then if I look at the current day only, then I would expect to see the bar for 13:00:00 to 13:59:59 have a value of 2 and all others 0. If I expanded the date range to include yesterday and the day before, I would expect the bucket for 13:00 to 13:59 to count 6, etc. It doesn't look like there is a way to access elements of the datetime, e.g. day, day of week, month, year, hour, minute, second? (Converted to my local timezone of course).
Posted by James Webster 10 months ago
Hi all We have moved our Seq Server to a different location and now try to enter the license key. We cannot find it in our Email history nor do we receive an Email for password Reset. our Email Adress is [email protected], the Company is Cat Financial Products AG. Could you please assist in recovering the account to login and get the license key? Cheerz Sascha
Posted by Sascha Bauer 10 months ago
Hi all, We have (had?) an enterprise license for Seq until today. It just expired. I plan to kick off the customer renewal of this license, but in the meantime was hoping to complete an upgrade. We are currently running 3.4.20, but I know the current version as of today is 4.2. My question is: Given that Seq v4.2 is the latest version, do I have the right to upgrade to any version up until 4.2 at this point? Or do I only have the ability to do any upgrades while under license agreement? If I was to attempt to upgrade today, what is the latest version I'd be allowed to take Seq to? As I mentioned, I'm certain we'll renew the license, but I want to make sure I adhere to the rules during the time when the business is in the process of renewing. Thanks in advance for any help you can give!
Posted by Sean Killeen 10 months ago
I am seeing an error across various apps when I route an event from SEQ that has @Level = "DEBUG" `System.ArgumentException: Requested value 'DEBUG' was not found. at System.Enum.EnumResult.SetFailure(ParseFailureKind failure, String failureMessageID, Object failureMessageFormatArgument) at System.Enum.TryParseEnum(Type enumType, String value, Boolean ignoreCase, EnumResult& parseResult) at System.Enum.Parse(Type enumType, String value, Boolean ignoreCase) at Serilog.Formatting.Compact.Reader.LogEventReader.ReadFromJObject(Int32 lineNumber, JObject jObject) at Seq.Apps.GenericHost.AppHost.<SendAsync>d__19.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Seq.Apps.GenericHost.Program.<Main>d__0.MoveNext()` I have seen a similar error when trying to parse these "DEBUG" levels in my Seq.App code and I resolved by ignoring case on the Enum.Parse call: `(Serilog.Events.LogEventLevel)Enum.Parse(typeof(Serilog.Events.LogEventLevel), "DEBUG", ignoreCase: true);` SEQ seems ok with the casing on these levels, but the app host (or the Seq.App lib) doesn't like it. I can look into fixing the casing upstream but is there anything I can do in SEQ to workaround the issue in place? Thanks!
Posted by Nathan 10 months ago
If not, this would be a killer feature (to know what else was going on in the system around the same time as an event of interest). At the moment my workflow often involves locating an interesting event, noting its timestamp then manually setting the start/end filters to -30/+30sec respectively of that event. It would be really handy to be able to do this automatically.
Posted by Eddie Stanley 10 months ago
Each event provides a drop down under "Type" that includes "Find" and "Exclude". When selecting "Find", the current behavior is to replace the existing query with something like "@EventType = 0xED5F661B". When selecting "Exclude", the current behavior is to add to the existing new signal (or a new new signal if there wasn't one before) a filter containing something like "Not(@EventType = 0xED5F661B)". This is not what I expected to happen. I expected either that both would add their respective query text to the same location: either the current query or the current (or new) new signal, but not one of each. Why is the current behavior the way it is? I would prefer that both modified the current query instead of the current/new new signal. I have two reasons for this. First, there is an easy way to make the current query into a filter in the current/new new signal but not the other way around. Second, the current query is reflected in the URL, which means that duplicating the browser tab also duplicates the query. In contrast to this, filters in a new signal are not copied to a duplicated browser tab. On a related note. I would prefer if selecting "Find" would add to the existing query instead of replacing it.
Posted by Tyson Williams 10 months ago
In terms of your Enterprise licence, what is the typical setup for SEQ installation with particular regard to High Availability/Disaster Recovery. Especially if we are only limited to 3 installs on Dev/Staging/Production? Any advice here would be great.
Posted by James Hemphill 10 months ago
Hi, We have about 30 users using Seq. They all use Integrated Windows Authentication to log in. We have one user however, that receives the following error when trying to log in: "Could not log in An unhandled error occurred while serving the request (token: xxxxxxxxxxxxxxxxxx)." This use has been configured in Seq exactly the same as all the others that are working. Any ideas? Any place where I can check a log for more information? Thanks! Sean
Posted by Sean Rademeyer 10 months ago
Hello, I'm trying to restore a configuration on another server, but it's failing with the error below: Could not restore backup: Error converting value "Pie" to type 'Seq.Server.Data. Documents.Monitoring.MeasurementDisplayType'. Path 'Charts.Queries.Display Style.Type', line 1, position 633. The version is 4.0.60. Is there any known issue with this version or it's caused by something else? Should I try upgrading Seq to the latest release? Thank you in advance.
Posted by Igor Kassikhin 11 months ago
Hi! Recently Seq has started slowing down due to an increasing volume of events. Diagnostics: Events arrived 3 783 /minute Events accepted 3 469 /minute Ingested data 14.34 MB/minute Range in RAM 1,25 days Count in RAM 3 516 167 events System memory utilization 85 % After scanning the ~3.5m events in RAM (which is just one day worth of events), it takes a very long time searching through older events that are stored on disk. So my question is what hardware you guys genereally recommend for 5+ million events/day? Thanks!
Posted by Chris 11 months ago
Hi! I am a huge seq/serilog fan. I am working on a new project that is purely cloud based. I was hoping to use seq for central logging and was surprised to see there isn't any Azure web-app support other than as a virtual machine. (I prefer not to use azure vm due to maintenance / price concerns.) I feel like seq would be a great candidate for a cloud service. I was hoping to be able to either get seq setup under my own azure subscription or add it as an Enterprise Application. I would love to hear your thoughts on this. How much would would be involved in getting seq 'cloud-ready'? Is seq not a good saas candidate? Would you recommend I use a different serilog sink form here https://github.com/serilog/serilog/wiki/Provided-Sinks that writes to azure? Is there azure sink you recommend thats as easy to use as seq? Again, I'm a huge fan of Seq/Serilog. They are really great products! Thank you! -Eytan
Posted by Eytan Schiller 11 months ago
Hi. Would it be possible to add a field that displays the time between logs. It'd be nice to have access to the time elapsed between a request and the preceding one, without doing it manually. And why not add a filter to know which request was the most/less time-consuming. Many thanks
Posted by Kevin Song 11 months ago
Posted by Bill Haggerty 11 months ago
We have accidentally deleted all logs before a specific date. We are trying to restore our SEQ instance from backup file but we could not do it. It just restored daily events. We want to restore all historic data before our unfortunate operation. How can we do it?
Posted by Tayfun Cakicier 11 months ago
Hi, I am trying to extract max response time of my each unique scenarios , and it is giving me the highest response time of all. ex. Scenerio 1 has 10 req, scenario 2 has 10 req , scenario 3 has 5 req etc and I want to extract highest reponse time of scenario 1 , 2 and 3, instead it is giving me the highest response time from all the scenario suppose scenario 1 consists the max response time then it is showing me 10 rows with highest response time of scenario. I need max of all 10 req from scenario 1 and 2 etc
Posted by snehlata 11 months ago
I'm currently looking for a way to scale seq. The main issue is the number of events and looking back when data is not in memory. Currently with 16Gb of RAM, I can see about 6 hours of logs. I can add more ram, but even 64 gigs would allow me to see 1 day at most, I'd like to look for data for a week or more, and with Seq I'm not seeing the way. So, is there any way to speed up SEQ other than having lots of memory? 1. is it possible to index some types of events so they're always fast to find, or at least don't require scanning the entire database on disk? 2. Is it possible to scale to more than one server somehow?
Posted by Natan 11 months ago