Skip to content

How to Use the Log Explorer

This guide provides a comprehensive overview of how to use Peakhour's Log Explorer to investigate traffic, security, and performance data in real-time.

Before you begin: Familiarize yourself with advanced log queries to make the most of the KQL search functionality.

Accessing the Log Explorer

You can access the Log Explorer from several places in the dashboard:

  • Account Dashboard: Navigate to Support & Logs > Logs.
  • Domain Dashboard: Navigate to Analytics & Logs > Logs > Explorer.
  • From other pages like Firewall Events, by clicking the search icon on an event to view related logs.

Understanding the Interface

The Log Explorer is composed of several key components:

  1. Header Controls: Contains action buttons like Refresh, Save Query, Share Query, and access to My Queries and the Chart Builder.
  2. Time and Search Controls: Allows you to select the data table, search with KQL, and set the time range for your query.
  3. Active Filters Display: Shows all currently applied filters and aggregations.
  4. Timeseries Graph: A visual representation of log volume over the selected time period.
  5. Column List (Sidebar): A collapsible panel on the left listing all available columns, grouped by category.
  6. Log Table: The main area where log entries are displayed.

Working with Logs

Selecting a Time Range

Use the Time Controls in the header to define the period for your investigation.

  • Quick Select: Choose from predefined intervals like "Last 15 minutes" or "Last 24 hours".
  • Custom Range: Click the date display to open a calendar and select a specific start and end date/time.

Searching with KQL

The search bar uses KQL (Kibana Query Language) for powerful, text-based filtering.

  • Basic Search: httpstatuscode:200 AND method:GET
  • Wildcards: path:/api/*
  • Ranges: bytesin:[1000 TO 5000]
  • Exclusion: NOT geoip_country_code:US

Click the Help (?) icon next to the search bar for a full KQL cheat sheet.

Using the Timeseries Graph

The graph at the top visualizes the number of log entries over your selected time range. - Zooming: Click and drag across a section of the graph to zoom in on that specific time window. The log table will update automatically.

Managing Columns

The Column List on the left allows you to customize the log table.

  • Add/Remove Columns: Click the Plus (+) or Minus (-) icon next to a column name to add or remove it from the table.
  • View Column Details: Click on a column name to open a pop-up showing the top values for that field in the current result set. From here, you can quickly add filters.
  • Create Charts: From the column details pop-up, click Create Chart to open the Chart Builder with that column pre-selected.

Filtering Data in the Table

You can apply filters directly from the log data.

  • Hover over a cell value in the table.
  • Click the Plus (+) icon to create an "include" filter (e.g., geoip_country_code: "AU").
  • Click the Minus (-) icon to create an "exclude" filter (e.g., NOT geoip_country_code: "AU").
  • All active filters appear below the search bar. Click the (x) on any filter to remove it.

Aggregating Data

Instead of viewing individual logs, you can group them to see trends.

  • Add Aggregation: In the Column List, find a column you want to group by (e.g., geoip_country_code) and click the Plus (+) icon in its pop-up or header.
  • View Aggregated Data: The timeseries graph will update to show data grouped by your selected columns. The log table will show aggregated counts.
  • Remove Aggregation: Click the (x) on the aggregation pill in the active filters area.

Viewing Log Details

To see all data for a single log entry: 1. Click the chevron (>) icon at the start of any log row. 2. An expanded view will appear below the row, showing all available fields and their values for that specific log entry.

Diagnosing a Request

For any given log entry, you can run an automated diagnosis to understand how Peakhour processed the request. 1. Hover over a log row to reveal a stethoscope icon. 2. Click the icon to initiate the diagnosis. 3. A modal window will appear with a detailed analysis, including the outcome, security checks, origin server status, and configuration details that were applied.

Saving and Sharing Queries

  • Save Query: Click the Save button in the header to save the current set of filters, columns, and time range for later use.
  • My Queries: Click My Queries to view, load, or share your saved queries.
  • Share: Click Share to generate a unique link to your current query view that you can send to others.