Welcome to the Seq documentation hub. You'll find comprehensive guides and documentation to help you start working with Seq as quickly as possible, as well as support if you get stuck. Let's jump right in!
I have a large amount of events I would like to export. The problem is, I created a query and a time upper bound and lower bound, but the query returns more than the 1024 limit. I have a LOT of events I want to export. Is there a quicker way to do this than to break it down into smaller time intervals and run the query over and over?
Posted by Jonathan Hop 10 months ago
Hi, I have an SEQ instance that has been up for over 200 days and we are now getting connection timeouts. It's running in Kubernetes in a pod. I have tried proxying directly to the container and even running curl while execed into the container, however the result is the same, a timeout after a while. This is not reflected in the logs: ──────────────────────────────────────── Seq ♦ Machine data, for humans. ─────────── © 2019 Datalust Pty Ltd ──── Running as server; press Ctrl+C to exit. [03:57:28 INF] Seq "5.1.3200" running on OS "Linux 4.15.0-1052-azure #57-Ubuntu SMP Tue Jul 23 19:07:16 UTC 2019" [03:57:31 INF] Seq listening on ["http://localhost/", "http://localhost:5341/"] [03:57:31 INF] Seq using canonical URI "http://seq.tmacomms.com/" [03:57:31 INF] Opening document store "/data/Documents/documents.lmdb" [03:57:31 INF] Opening event store at "/data/Extents" [03:57:31 INF] Available storage engines in order of preference are ["FLARE"] [03:57:31 INF] Cache warm-up is required [03:57:31 INF] Storage subsystem available [03:57:31 INF] Started "sqelf" process 84 for "appinstance-28" [03:57:31 INF] Started "Seq.Apps.GenericHost" process 83 for "appinstance-18" [03:58:08 INF] Deduplication buffer renewed on reaching {"Schemata": 467, "Strings": 116819} [03:58:54 INF] Deduplication buffer renewed on reaching {"Schemata": 397, "Strings": 135727} [03:59:56 INF] Deduplication buffer renewed on reaching {"Schemata": 332, "Strings": 163272} [03:59:56 INF] Cancelling segment warm-up to avoid swapping [03:59:57 INF] Initial memory cache warm-up "completed" in 146023.9995 ms [03:59:57 INF] 125 segments warmed up ({"Schemata": 176, "Strings": 1891}) [04:06:13 INF] Memory is overutilized, so cooling down segment "2020-06-04T19:00:00.0000000Z" (469847 events) Does anyone know what's going on or how I could better troubleshoot this? SEQ is giving me no information
Posted by Anthony Murphy 10 months ago
Does Seq Apps support netstandard 2.0 class library? My class library project target netstandard 2.0 and has reference to System.Data.SqlClient.dll 4.8.1. I receive this error when from Seq when loading the using the app System.PlatformNotSupportedException: System.Data.SqlClient is not supported on this platform.
Posted by Chan Vu 10 months ago
I have a property named Order on a log. The Order contains several values. I want to group by one of them For example: select count(*) as count from stream where @Properties.Order is not null group by @Properties.Order.Service, time(5m) limit 10000 The query could not be executed. Syntax error (line 5, column 20): unexpected keyword `Order`, expected identifier. I can understand if the query becomes unparsable because of the 'Order' part but how do I escape it? For example: select count(*) as count from stream where @Properties.[Order] is not null group by @Properties.[Order].Service, time(5m) limit 10000 /Peter
Posted by Peter Wikström 10 months ago
{"@t":"2020-06-03T03:22:42.7390563Z","@mt":"Storage subsystem available"} {"@t":"2020-06-03T03:22:42.7501890Z","@mt":"Uncaught exception from worker {WorkDescription} ({WorkId})","@l":"Error","@x":"Quince.NotFoundException: A document with id `configuration-current` was not found.\n at Quince.DocumentSession.Load[TDocument](String id)\n at Seq.Server.Features.Settings.SystemSettings.Load()\n at Seq.Server.Features.Settings.SystemSettings.get_ConfigurationDocument()\n at Seq.Server.Features.Settings.SystemSettings.ConsistentRead()\n at Seq.Server.Features.Telemetry.TelemetryController.Start()\n at Seq.Server.ServiceProcess.ServerService.<Start>b__13_0(CancellationToken cancel)\n at Flare.Workers.WorkerPool.<>c__DisplayClass4_0.<Run>g__DoWork|0()","WorkDescription":"Start background processes","WorkId":"8291a162-ef3b-4995-a2e1-7c37cc9fa546","SourceContext":"Flare.Workers.WorkerPool"}
Posted by Sarthak Jain 10 months ago
Good day! Would like to ask what will happen when we install a new Seq build will it delete all the configuration and settings of the currently installed Seq? Since I want to install the 5.1.3364 installer while we previously use 5.1.3118 without impacting our existing configuration.
Posted by Lance Simangan 10 months ago
The documentation says that there are two levels of users, and that any user can save signals and queries. In fact, new users created automatically on sign-in are created as 'read-only' users, and the single user account form shows 3 types of non-administrator user. It took me long to understand that I have to modify the existing users' settings to 'read-write' in order to let them save their signals. This is the first issue I found in this magnificent product and its documetation.
Posted by Amitai Shaveh 10 months ago
Can SEQ be managed in IIS Manager? We have installed Seq in are Windows Server 2012 but it seems every configuration that I do in the server it doesn't take effect, only the seq configuration command line takes effect https://docs.datalust.co/docs/json-config Sadly the command line does not suffice.
Posted by Lance Simangan 10 months ago
i configured in below way SqlQuery : (Last 365 days by week ) select count(*) as count from stream where Contains(@Message,'11007') and Contains(@Message,'Error at Lexis Nexis') and @Level='Error' and @Timestamp >= Datetime('2020-05-27 10:51:36.287') group by time(7d) limit 10000 Note : select GETUTCDATE() - 2020-05-27 10:51:36.287 ( current UTC Date Time) Two Alerts: Alert for Error at LexisNexis if Count=3 - 1 minute (Measurement window) Alert for Error at LexisNexis if Count=20 - 1 minute (Measurement window) but only one alert is working why ? My requirement is simple error count=3 or count=20 in both the scenarios two alert need to triggered.
Posted by Lakshman Ganta 10 months ago
Hi, We have 1 pro license and 3 seq installations (integration, staging, production). We use these seq installations for multiple applications. We would like to split up seq per application. Can you install multiple named instances (f.e. 5) on 1 server with 1 pro license?
Posted by Jens 10 months ago
We're trying to modify the Email+ alert template to contain a breakdown of errors by type. The query for alert is of the type "select count(*) as count from stream where @Level='Error' group by time(5M)". The alert adds "having count > 500" to this query and triggers email when total errors > 500 in 5 minutes. In the email, if we want to see counts grouped by Exception.Message, it is not possible to do so. We wanted to write a SQL query that has 3 columns - Exception.Message, GroupCount, and TotalCount where GroupCount is count of that particular Exception.Message and TotalCount is the overall count of all errors. This way the trigger can fire on TotalCount but we can still loop through groups and display per group count in the email. Please suggest.
Posted by Meenakshi Kumar 10 months ago
Is it possible to set all this data inside docker-compose file, or create my own dockerfile with enabled basic authentication, defined apikey, user and password? I found this link https://docs.datalust.co/discuss/5e552e8bdc8f4c3e8d41d4a4 but solution dosen't work.
Posted by Rafał 10 months ago
I am experimenting with docker. What I would like to achieve is to have my local seq used by the application that has been containerised. How should I approach this? When running my sample WebAPI (dotnet core 3.1) on IIS, the logs are sent without any problem. I have my configuration in appSettings.json and load them in Program.cs (seq is at http://localhost:53411). I can see all the events registered. However if I try to run it in docker, I get exception: Exception while emitting periodic batch from Serilog.Sinks.Seq.SeqSink: System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.IO.IOException: The response ended prematurely. My dockerfile: FROM mcr.microsoft.com/dotnet/core/aspnet:3.1-buster-slim AS base WORKDIR /app EXPOSE 80 EXPOSE 443 EXPOSE 53411 FROM mcr.microsoft.com/dotnet/core/sdk:3.1-buster AS build WORKDIR /src COPY ["WebAppDockerLnx.csproj", ""] RUN dotnet restore "./WebAppDockerLnx.csproj" COPY . . WORKDIR "/src/." RUN dotnet build "WebAppDockerLnx.csproj" -c Release -o /app/build FROM build AS publish RUN dotnet publish "WebAppDockerLnx.csproj" -c Release -o /app/publish FROM base AS final WORKDIR /app COPY --from=publish /app/publish . ENTRYPOINT ["dotnet", "WebAppDockerLnx.dll"] The container runs with -P option to publish all exposed ports. I tried explicitly publishing by using -p 53411:53411 but docker was complaining that the port is being used. I also tried running container with --net=host but that did not help either (same exception). I am running a free single developer version.
Posted by Andrzej BAkun 10 months ago
I given below information in email plus version 2.0.92 json : { "From": "[email protected]", "To": "[email protected]", "SubjectTemplate": "Errors at Multifactor Verification Process", "Host": "smtp.gmail.com", "Port": 587, "EnableSsl": "True", "BodyTemplate": "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n<html xmlns=\"http://www.w3.org/1999/xhtml\">\n<head>\n <title>{{$Message}} (via Seq)</title>\n <meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" />\n</head>\n<body>\n<table cellpadding=\"0\" cellspacing=\"0\" border=\"0\" style=\"font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:16px;line-height:20px;color:#333;background-color:#fff;\" >\n <tr>\n {{#if_eq $Level \"Fatal\"}}\n <td style=\"text-align:left;color:#fff;padding-top:20px;padding-bottom:20px;padding-right:40px;padding-left:40px;margin:0;background-color:#e03836;\" >\n {{/if_eq}}\n {{#if_eq $Level \"Error\"}}\n <td style=\"text-align:left;color:#fff;padding-top:20px;padding-bottom:20px;padding-right:40px;padding-left:40px;margin:0;background-color:#e03836;\" >\n {{/if_eq}}\n {{#if_eq $Level \"Warning\"}}\n <td style=\"text-align:left;color:#fff;padding-top:20px;padding-bottom:20px;padding-right:40px;padding-left:40px; background-color:#f9c019;\" >\n {{/if_eq}}\n {{#if_eq $Level \"Information\"}}\n <td style=\"text-align:left;color:#fff;padding-top:20px;padding-bottom:20px;padding-right:40px;padding-left:40px;background-color:#0098ff;\" >\n {{/if_eq}}\n {{#if_eq $Level \"Debug\"}}\n <td style=\"text-align:left;color:#fff;padding-top:20px;padding-bottom:20px;padding-right:40px;padding-left:40px;background-color:#aaa;\" >\n {{/if_eq}}\n {{#if_eq $Level \"Verbose\"}}\n <td style=\"text-align:left;color:#fff;padding-top:20px;padding-bottom:20px;padding-right:40px;padding-left:40px;background-color:#aaa;\" >\n {{/if_eq}}\n <div style=\"font-size:32px;line-height:40px;font-weight:bold;\" >{{$Level}}</div>\n <div title=\"{{$UtcTimestamp}}\">{{$LocalTimestamp}}</div>\n </td>\n </tr>\n <tr>\n {{#if_eq $EventType \"$A1E77000\"}}\n <td style=\"text-align:left;padding-top:30px;padding-bottom:40px;padding-right:40px;padding-left:40px;border-left-width:1px;border-left-style:solid;border-left-color:#eee;border-right-width:1px;border-right-style:solid;border-right-color:#eee;\" >\n <div style=\"font-weight:bold;\" >Alert condition <span class=\"seq-condition\" style=\"font-family:monospace;background-color:#fffbdd;\" >{{Condition}}</span> detected on\n <a href=\"{{{DashboardUrl}}}\" style=\"color:#007acc;text-decoration:none;\" >{{DashboardTitle}}/{{ChartTitle}}</a></div>\n <div style=\"font-size:12px;margin-top:20px;\" >\n <a href=\"{{{ResultsUrl}}}\" style=\"color:#007acc;text-decoration:none;\" >Explore detected results in Seq</a> \n </div>\n <div style=\"margin-top:20px;\" >\n <div style=\"margin-top:10px;\" >\n <div style=\"font-family:monospace;font-weight:bold;\" >Query</div>\n <div style=\"font-family:monospace;word-wrap:break-word;white-space:pre;white-space:pre-wrap;\" >{{Query}}</div>\n </div>\n <div style=\"margin-top:10px;\">\n <div style=\"font-family:monospace;font-weight:bold;\">Measurement window</div>\n <div style=\"font-family:monospace;word-wrap:break-word;white-space:pre;white-space:pre-wrap;\">{{MeasurementWindow}}</div>\n </div>\n <div style=\"margin-top:10px;\">\n <div style=\"font-family:monospace;font-weight:bold;\">Suppression time</div>\n <div style=\"font-family:monospace;word-wrap:break-word;white-space:pre;white-space:pre-wrap;\">{{SuppressionTime}}</div>\n </div>\n <div style=\"margin-top:10px;\">\n <div style=\"font-family:monospace;font-weight:bold;\">Detected range start</div>\n <div style=\"font-family:monospace;word-wrap:break-word;white-space:pre;white-space:pre-wrap;\">{{AlertRangeStart}}</div>\n </div>\n <div style=\"margin-top:10px;\" >\n <div style=\"font-family:monospace;font-weight:bold;\" >Detected range end</div>\n <div style=\"font-family:monospace;word-wrap:break-word;white-space:pre;white-space:pre-wrap;\" >{{AlertRangeEnd}}</div>\n </div>\n <div style=\"margin-top:10px;\">\n <div style=\"font-family:monospace;font-weight:bold;\">Signal</div>\n {{#if SignalTitles}} <!-- 4.0 and 4.1 -->\n <div style=\"font-family:monospace;word-wrap:break-word;white-space:pre;white-space:pre-wrap;\">{{pretty SignalTitles}}</div>\n {{else}} <!-- 4.2+ -->\n <div style=\"font-family:monospace;word-wrap:break-word;white-space:pre;white-space:pre-wrap;\">{{pretty SignalExpression}}</div>\n {{/if}}\n </div>\n {{#if OwnerUsername}}\n <div style=\"margin-top:10px;\" >\n <div style=\"font-family:monospace;font-weight:bold;\" >Owner</div>\n <div style=\"font-family:monospace;word-wrap:break-word;white-space:pre;white-space:pre-wrap;\" >{{OwnerUsername}}</div>\n </div>\n {{/if}}\n {{#if Errors}}\n <div style=\"margin-top:10px;\" >\n <div style=\"font-family:monospace;font-weight:bold;\" >Error</div>\n {{#each Errors}}\n <div style=\"overflow:hidden;font-family:monospace;white-space:pre;white-space:pre-wrap;\" >{{this}}</div>\n {{/each}}\n </div>\n {{/if}}\n </div>\n {{#if Results}}\n <div style=\"margin-top:20px;\" > \n <div style=\"font-weight:bold;\" >Results</div>\n {{#each Results}}\n <div style=\"margin-top:10px;\" >\n <div style=\"font-family:monospace;font-weight:bold;\" >{{pretty this.Key}}</div>\n {{#each Slices}}\n <div style=\"font-family:monospace;word-wrap:break-word;white-space:pre;white-space:pre-wrap;\" ><span class=\"seq-slice-start\" style=\"font-weight:bold;\" >{{SliceStart}}</span> {{pretty Rowset}}</div>\n {{/each}}\n </div>\n {{/each}}\n </div>\n {{/if}}\n </td>\n {{else}}\n <td style=\"text-align:left;padding-top:30px;padding-bottom:40px;padding-right:40px;padding-left:40px;border-left-width:1px;border-left-style:solid;border-left-color:#eee;border-right-width:1px;border-right-style:solid;border-right-color:#eee;\" >\n <div style=\"font-weight:bold;\" >{{$Message}}</div>\n <div style=\"font-size:12px;margin-top:20px;\" >\n <a href=\"{{{$ServerUri}}}#/[email protected]%20%3D%20'{{$Id}}'&show=expanded\" style=\"color:#007acc;text-decoration:none;\" >Open this event in Seq</a> \n </div>\n <div style=\"margin-top:20px;\" >\n {{#each $Properties}}\n <div style=\"margin-top:10px;\" >\n <div title=\"{{@key}}\" style=\"font-family:monospace;font-weight:bold;\" >{{@key}}</div>\n <div style=\"font-family:monospace;word-wrap:break-word;white-space:pre;white-space:pre-wrap;\" >{{pretty this}}</div>\n </div>\n {{/each}}\n {{#if $Exception}}\n <div style=\"margin-top:10px;\" >\n <div style=\"font-family:monospace;font-weight:bold;\" >Exception</div>\n <div style=\"overflow:hidden;font-family:monospace;white-space:pre;white-space:pre-wrap;\" >{{$Exception}}</div>\n </div>\n {{/if}}\n </div>\n </td>\n {{/if_eq}}\n </tr>\n <tr>\n <td style=\"text-align:left;padding-top:20px;padding-bottom:20px;padding-right:40px;padding-left:40px;font-size:12px;background-color:#eee;\">\n Sent by Seq installed at <a href='{{{$ServerUri}}}' style=\"color:#007acc;text-decoration:none;\" >{{$ServerUri}}</a>.\n </td>\n </tr>\n</table>\n</body>\n</html>", "SuppressionMinutes": null, "Username": "[email protected]", "Password": "[seq-preserve]" } facing below error Posted by lakshmana about 12 hours ago system.net.mail.smtpexception: failure sending mail. ---> system.net.webexception: unable to connect to the remote server ---> system.net.sockets.socketexception: a connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 173.194.203.108:587 Thanks Lakshmana
Posted by lakshmana 10 months ago
system.net.mail.smtpexception: failure sending mail. ---> system.net.webexception: unable to connect to the remote server ---> system.net.sockets.socketexception: a connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 173.194.203.108:587
Posted by lakshmana 10 months ago