# Exploring the Logs
The Logs section is your primary interface for searching, filtering, and analyzing your application's log events. It provides powerful search capabilities and detailed views of individual log entries to help you troubleshoot issues, understand user behavior, and monitor application performance.
## Accessing the Log Explorer
Navigate to **"Logs"** in the Logging section to open the Log Explorer. This is your main interface for browsing and searching through all log events sent to Trailonix.
## Search and Filter Interface
The top of the Log Explorer contains powerful search and filtering tools to help you find exactly what you're looking for.
### Search Bar
The **search bar** allows you to search across all log fields including:
- Event types
- User IDs
- Resources
- IP addresses
- User agents
- Metadata content
**Search Tips:**
- Enter any text to search across all fields
- Search is case-insensitive
- Partial matches are supported
- Search within JSON metadata content
**Example Searches:**
- `login` - Find all events containing "login"
- `user_123` - Find all events for a specific user
- `payment_failed` - Find all payment failure events
- `Chrome` - Find all events from Chrome browsers
- `192.168.1` - Find events from a specific IP range
### Event Type Filter
The **Event Type dropdown** allows you to filter logs by specific event types. By default, it shows "All Events" but you can select any specific event type that has been logged by your tenant.
**Available Options:**
- **All Events** (default) - Shows all log events regardless of type
- **Specific Event Types** - A complete list of every event type that has been logged by your tenant
**Event Type List:**
The dropdown contains all event types that your application has ever logged, such as:
- `login_success` / `login_failed` - Authentication events
- `registration` - User signup events
- `password_changed` / `password_reset` - Password management
- `2fa_failed` / `2fa_rejected` / `2fa_success` - Two-factor authentication
- `logout` - User logout events
- `email_verified` / `phone_verified` - Verification processes
- `profile_updated` - User profile changes
- `account_locked` / `session_terminated` - Security events
- `file_delete` - File management operations
- `tenant_deleted` - Tenant management
- `api_key_created` / `api_key_deleted` - API key management
- `alert_created` - Alert rule management
- And many more based on your application's specific logging
**How It Works:**
- The list is **dynamically generated** from your actual log data
- Only shows event types that **your tenant has used**
- **Alphabetically sorted** for easy browsing
- **Updated automatically** when new event types are logged
**Using Event Type Filters:**
1. **Click the dropdown** to see all available event types
2. **Scroll through the list** to find the event type you want
3. **Select a specific event type** to filter logs to only that type
4. **Return to "All Events"** to remove the filter
> **đź’ˇ Pro Tip:** This filter is perfect for focusing on specific types of activity. For example, select `login_failed` to investigate authentication issues, or `payment_failed` to analyze payment problems.
### Time Range Filters
**Default View: Last 24 Hours**
By default, the Log Explorer shows "All Events" from the **Last 24 Hours**. This provides a recent view of your application activity.
**Quick Time Ranges:**
When you click the dropdown, you'll see preset options:
- **Last 24 hours** - Most recent day of activity
- **Last 7 days** - Week-long view for pattern analysis
- **Last 30 days** - Monthly trends and longer-term issues
- **Last 90 days** - Quarterly analysis (depending on your retention)
- **Custom** - Set specific start and end dates
**Custom Date Range:**
Select **"Custom"** to access specific date filters:
- **Start Date**: `mm/dd/yyyy` format with date picker
- **End Date**: `mm/dd/yyyy` format with date picker
- **Search Button**: Apply your custom date range
- **"Search filters are dirty"**: Indicates unsaved filter changes
> **đź’ˇ Pro Tip:** Use custom date ranges to investigate specific incidents or compare activity between different time periods.
### Export Functionality
The **"Export"** button allows you to download your filtered log data in CSV format for external analysis, reporting, or backup purposes.
**Export Features:**
- **CSV Format**: Downloads as a comma-separated values file
- **Filtered Data**: Exports only the logs currently visible based on your search and filter criteria
- **All Columns**: Includes all log fields (Event Type, User ID, Resource, IP Address, User Agent, Timestamp, and Metadata)
- **Preserves Filtering**: Respects your current search terms, time range, and event type filters
**How to Export:**
1. **Apply your filters** (search terms, time range, event type) to get the data you want
2. **Click the "Export" button** in the top right
3. **Save the CSV file** when prompted by your browser
4. **Open in spreadsheet software** (Excel, Google Sheets, etc.) for further analysis
**Use Cases for Export:**
- **Compliance reporting** - Generate audit trails for regulatory requirements
- **External analysis** - Use specialized tools for advanced data analysis
- **Backup purposes** - Keep local copies of important log data
- **Team sharing** - Share filtered log data with team members who don't have Trailonix access
- **Custom reporting** - Create custom reports and visualizations in other tools
## Log Events Table
The main table displays your log events in a structured, sortable format with the following columns:
### Event Column
- **Event Type**: The name of the logged event (e.g., `alert_deleted`, `login_success`, `daily_logs_reset`)
- **Blue Info Icon** (ℹ️): Click to view detailed metadata for that log entry
### User ID Column
- **User Identifier**: Shows the user associated with the event
- **Format**: Can be any string format - UUIDs, numbers, usernames, email addresses, or any identifier your application uses
- **Empty Fields**: Some system events may not have associated users
### Resource Column
- **Resource Affected**: What resource the event acted upon
- **Examples**: `file_id:3d81e7b0-3993-434a-99fd-d70df66896b3`
- **Identifiers**: Often contains IDs of affected objects
- **Empty Fields**: Not all events affect specific resources
### IP Address Column
- **Source IP**: Where the event originated
- **Formats**: IPv4 addresses (e.g., `127.0.0.1` for localhost)
- **Network Analysis**: Useful for tracking user locations or system sources
- **Security**: Monitor for suspicious IP patterns
### User Agent Column
- **Browser/Client Info**: What application or browser generated the event
- **Examples**: `Google Chrome (Windows)`, `Unknown` for system events
- **Device Tracking**: Understand how users access your application
- **API Clients**: Identify different types of clients
### Timestamp Column
- **Event Time**: When the event occurred
- **Format**: Flexible string format - can be displayed however your application provides it
- **Examples**: `MM/DD/YY, H:MM AM/PM` (e.g., `6/25/25, 3:19 PM`), ISO format, Unix timestamps, or any custom format
- **Sortable**: Click column header to sort by time (ascending/descending)
- **Display**: Shows timestamps as provided by your application
## Viewing Log Details
### Metadata Modal
Click the **blue info icon** (ℹ️) next to any event to open the detailed metadata view.
**Metadata Structure:**
The metadata modal shows the complete JSON structure of the log event. Metadata is completely freeform - you can include any valid JSON data that's useful for your application.
```json
{
"user": {
"name": "John Doe",
"email": "[email protected]",
"isAdmin": true
},
"action": "file_upload",
"fileSize": "2.5MB",
"fileName": "quarterly_report.pdf",
"success": true,
"processingTime": 1250
}
```
**About Metadata:**
- **Completely freeform**: Include any data structure that makes sense for your application
- **Valid JSON required**: Must be properly formatted JSON
- **Unlimited depth**: Nest objects as deeply as needed
- **Mixed data types**: Strings, numbers, booleans, arrays, objects all supported
- **Application-specific**: Structure it however is most useful for your logging needs
- **Searchable**: All metadata content is searchable through the main search bar
## Common Log Analysis Patterns
### Troubleshooting User Issues
1. **Search by User ID** to see all events for a specific user
2. **Filter by time range** around when the issue occurred
3. **Look for error events** or unusual patterns
4. **Check metadata** for detailed error information
### Security Monitoring
1. **Filter by event types** like `login_failed` or `access_denied`
2. **Group by IP address** to identify suspicious sources
3. **Look for unusual User Agent strings** that might indicate automated attacks
4. **Check timestamp patterns** for rapid-fire attempts
### Performance Analysis
1. **Search for timeout events** or performance-related errors
2. **Filter by time periods** during known performance issues
3. **Analyze resource usage** patterns in metadata
4. **Compare normal vs problematic time periods**
### Business Intelligence
1. **Filter by business event types** (orders, payments, signups)
2. **Export data** for analysis in external tools
3. **Track user journey** by following User ID through multiple events
4. **Identify conversion patterns** and drop-off points
## Pagination and Navigation
### Results Display
- **Results Count**: Shows total number of matching events (e.g., "344 results")
- **Page Navigation**: Use numbered buttons and arrows to navigate through results
- **Page Size**: Number of events displayed per page
- **Load Performance**: Large result sets are paginated for faster loading
### Navigation Controls
- **First Page**: Jump to the beginning of results
- **Previous/Next**: Move one page at a time
- **Page Numbers**: Jump to specific pages
- **Last Page**: Jump to the end of results
## Search and Filter Best Practices
### Effective Searching
- **Start broad, then narrow**: Begin with general searches and add filters
- **Use specific terms**: Event types, user IDs, or error messages
- **Combine filters**: Use time range + search terms for precision
- **Save useful searches**: Document search patterns for future use
### Performance Optimization
- **Limit time ranges**: Shorter ranges search faster
- **Use specific terms**: Avoid overly broad searches
- **Export large datasets**: For extensive analysis, export rather than browse
- **Regular cleanup**: Understand your retention policy
## Troubleshooting Common Issues
### "No Results Found"
**Possible Causes:**
- Time range doesn't include the events you're looking for
- Search terms don't match exact event data
- Events haven't been logged to Trailonix yet
- Tenant selection is incorrect
**Solutions:**
- Expand the time range (try "Last 7 days")
- Simplify search terms or remove filters
- Verify your application is logging events
- Check that you're in the correct tenant
### "Slow Search Performance"
**Possible Causes:**
- Very large time ranges
- High-volume logging periods
- Complex search terms
**Solutions:**
- Reduce time range scope
- Use more specific search terms
- Search during off-peak hours if possible
- Contact support for performance optimization
### "Missing Expected Events"
**Possible Causes:**
- Events logged outside the selected time range
- Different event type naming than expected
- Application not logging events correctly
- Network issues preventing log delivery
**Solutions:**
- Expand time range to include when events should have occurred
- Check for variations in event type naming
- Verify application logging configuration
- Test log delivery with a simple event
## Integration with Other Features
### Creating Alerts from Log Analysis
After identifying patterns in logs:
1. **Note the event types** that indicate problems
2. **Identify metadata patterns** that signal issues
3. **Create alert rules** based on your analysis
4. **Set appropriate thresholds** based on observed frequency
### Improving Application Logging
Use log analysis to:
1. **Identify missing events** that would be useful to log
2. **Standardize event types** for consistency
3. **Add metadata fields** that would aid in troubleshooting
4. **Optimize logging frequency** for important events
### Supporting Development
- **Share relevant logs** with developers for bug fixes
- **Export event data** for testing and validation
- **Document event patterns** for future reference
- **Validate new features** by monitoring their log events
## What's Next?
Now that you understand log exploration, you can:
- **[Set up targeted alerts](/guides/setting-up-alerts)** based on patterns you discover in your logs
- **[Optimize your event types](/guides/event-types)** for better searchability and consistency
- **[Review the dashboard](/guides/dashboard)** to see high-level trends from your detailed log analysis
- **[Explore integration examples](/examples/integrations)** to improve the quality and usefulness of your logged events
---
**🔍 Ready to dive into your logs?** Start with a broad search to understand your recent activity, then use filters to investigate specific patterns or issues. The logs are your application's story—learn to read it effectively!