DocumentationDiscussions
DocumentationDiscussions

Overview

Getting Logs into Seq

Application logging libraries

Most languages and frameworks have existing logging libraries, or logging APIs.

👍

The most popular method for logging to Seq is through an application logging library. If you are new to Seq, that's a good place to start.

If your application uses a logging library that has direct support for Seq, such as Serilog, Pino, Microsoft.Extensions.Logging and others, this is your best option. Head to the Logging Libraries section for recommendations on how to log to Seq from various libraries.

Otherwise, if your logging library supports popular formats and protocols like GELF (Graylog Extended Log Format) or Syslog, you can send logs in these formats to Seq by installing the appropriate Seq Input Apps in Settings > Apps.

The Ingestion View

Managing log ingestion is the key to controlling costs and optimizing search performance. Seq makes this easy by providing a detailed breakdown of log traffic from the ingestion API and custom inputs.

API Keys

Applications logging events to Seq can provide an API key to identify themselves. API keys can be created at the system level (under Settings > API Keys), or for a user's personal access under (username) > API keys.

In addition to granting applications access to the Seq API, API keys can be used to:

  • Tag ingested events with properties allowing them to be inspected and filtered easily
  • Authenticate log sources to prevent accidental or unauthorized writes
  • View the rate of incoming events and raw JSON bytes from a log source
  • Filter events on arrival, including by log level, reducing server load in the case of runaway logging
  • Notify the log source of the desired logging level in order to reduce network traffic

Creating an API Key

📘

These instructions show the screens for managing system API keys; personal API keys are created and managed identically, but enforce high-entropy token generation (specifying tokens is not permitted for personal API keys).

API keys are listed, and created, in the Data > Ingestion screen within Seq.

Selecting Add API key will request a name and other details of the key. Here, the properties to apply, filter, and logging level to advertise can be specified.

👍

API key arrival filters can be a very effective way of reducing log noise.

When the API key is saved, its token will be displayed. This is supplied to the client logging library as part of the application's configuration, for example with Serilog:

Log.Logger = new LoggerConfiguration()
  .WriteTo.Seq("http://my-seq", apiKey: "9fs9V80bjlkgau9adsjH")
  .CreateLogger();

Events arriving from the application will include any applied properties:

👍

How many API keys should I create?

API keys are an easy way to keep track of where events are coming from, and to filter it accordingly.

In general, every distinct application writing to Seq should have its own API key. If the application is deployed in multiple configurations, using a different key for each configuration is also a good idea.

API keys and permissions

API keys can be assigned a subset of permissions from the following options:

  • Ingest - Add events to the event store.
  • Read - Query events, dashboards, signals, app instances, etc.
  • Write - Write-access to signals, alerts, preferences, etc.
  • Setup - Access to administrative features of Seq, management of other users, app installation, backups.

System API keys can have any of the permissions assigned; personal API keys only provide the permissions held by their owner at the time the key is used.


Did this page help you?