Querying Logs
Search and filter logs in Glintlog
Glintlog provides powerful log querying through both the web UI and REST API.
Web UI
The web interface at http://localhost:8080 provides:
- Time range selection - Filter logs by start and end time
- Service filter - Select specific services from a dropdown
- Severity filter - Filter by log level (DEBUG, INFO, WARN, ERROR, FATAL)
- Full-text search - Search log message bodies
- Live tail - Stream logs in real-time
REST API
Query logs programmatically using the REST API.
Basic Query
curl "http://localhost:8080/api/v1/logs" \
-H "Authorization: Bearer YOUR_TOKEN"Query Parameters
| Parameter | Type | Description |
|---|---|---|
start | RFC3339 | Start timestamp |
end | RFC3339 | End timestamp |
service | string | Filter by service name |
severity | string | Filter by severity (DEBUG, INFO, WARN, ERROR, FATAL) |
search | string | Full-text search on log body |
api_key_name | string | Filter by API key used for ingestion |
limit | integer | Max results (default: 100, max: 10000) |
offset | integer | Pagination offset |
Examples
Last hour of logs:
curl "http://localhost:8080/api/v1/logs?start=$(date -u -d '1 hour ago' +%Y-%m-%dT%H:%M:%SZ)&end=$(date -u +%Y-%m-%dT%H:%M:%SZ)" \
-H "Authorization: Bearer YOUR_TOKEN"Filter by service and severity:
curl "http://localhost:8080/api/v1/logs?service=api-server&severity=ERROR" \
-H "Authorization: Bearer YOUR_TOKEN"Full-text search:
curl "http://localhost:8080/api/v1/logs?search=connection%20refused" \
-H "Authorization: Bearer YOUR_TOKEN"Pagination:
curl "http://localhost:8080/api/v1/logs?limit=50&offset=100" \
-H "Authorization: Bearer YOUR_TOKEN"Response Format
{
"logs": [
{
"timestamp": "2024-01-15T10:30:00.123456Z",
"service_name": "api-server",
"severity": "INFO",
"body": "Request processed successfully",
"trace_id": "abc123...",
"span_id": "def456...",
"attributes": {
"user.id": "123",
"http.method": "POST",
"http.status_code": "200"
}
}
],
"total": 1523,
"has_more": true
}Live Tail
Stream logs in real-time using Server-Sent Events (SSE).
Web UI
Click the "Live Tail" button in the web interface to start streaming. Apply filters to narrow down the stream.
API
curl -N "http://localhost:8080/api/v1/logs/tail?service=api-server" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Accept: text/event-stream"The response is a stream of SSE events:
data: {"timestamp":"2024-01-15T10:30:00Z","service_name":"api-server","severity":"INFO","body":"New log entry"}
data: {"timestamp":"2024-01-15T10:30:01Z","service_name":"api-server","severity":"DEBUG","body":"Another entry"}Histogram
Get log distribution over time for visualization.
curl "http://localhost:8080/api/v1/logs/histogram?start=2024-01-15T00:00:00Z&end=2024-01-15T23:59:59Z" \
-H "Authorization: Bearer YOUR_TOKEN"Response:
{
"buckets": [
{"timestamp": "2024-01-15T00:00:00Z", "count": 1523},
{"timestamp": "2024-01-15T01:00:00Z", "count": 892},
{"timestamp": "2024-01-15T02:00:00Z", "count": 456}
]
}Service Discovery
List all services that have sent logs:
curl "http://localhost:8080/api/v1/services" \
-H "Authorization: Bearer YOUR_TOKEN"Response:
{
"services": [
{"name": "api-server", "log_count": 15234},
{"name": "worker", "log_count": 8921},
{"name": "scheduler", "log_count": 2341}
]
}Statistics
Get overall system statistics:
curl "http://localhost:8080/api/v1/stats" \
-H "Authorization: Bearer YOUR_TOKEN"Response:
{
"total_logs": 26496,
"total_traces": 1523,
"services": 3,
"storage_bytes": 52428800,
"oldest_log": "2024-01-01T00:00:00Z",
"newest_log": "2024-01-15T10:30:00Z"
}