I've installed a Graylog2 server and begun collecting log data. It all worked fine, but as soon as I found the first Java exception with attendant stack-trace, a problem occurred to me. How can I see the exception and the following (or preceding) log lines together?
Looking at the forums, others have had the same problem, but it doesn't seem like the the issue has been addressed yet in Graylog.
As a work around I can search for messages from the same source as the line I want context for and limit results to a small timeframe, but what I really want is something akin to Splunk's raw log view.
Am I missing a feature in Graylog or is there and addon or patch I can install to add the functionality?
(PS: I'm not committed to Graylog yet, so if there are opensource alternatives I'd be happy to hear about them)
Edit: I found out how to use NXLog's xm_multilinemodule to group the lines of exceptions into one message, but finding context is still painful.
Best Answer
Upgrade. Graylog 2.0, released in 2016, has the "search for surrounding messages" functionality (changelog link).