Filtering Errors from Mixed Log Formats

Filtering Errors from Mixed Logs

In real-world debugging scenarios, you often need to quickly find errors in log files that contain entries from multiple sources and formats. The Log Format Parser's severity filter and search capabilities make this efficient.

Step-by-Step Error Filtering

1. Paste your mixed logs — the auto-detect mode handles each line independently
2. Set severity filter to ERROR — instantly hides all DEBUG, INFO, and WARN entries
3. Review the filtered results — only ERROR and FATAL entries remain visible
4. Check extra fields — expand the extra fields for each error to see full context

Example: Mixed Format Input

192.168.1.1 - - [15/Jan/2024:10:30:00 +0000] "GET /api/users HTTP/1.1" 500 89 "-" "Mozilla/5.0"
{"timestamp":"2024-01-15T10:30:01Z","level":"error","logger":"db","message":"Connection pool exhausted","available":0,"max":20}
Jan 15 10:30:02 webserver01 myapp[4321]: ERROR Database query timeout after 30s
E0115 10:30:03.000000       1 controller.go:78] Reconciliation failed: resource not found
192.168.1.2 - - [15/Jan/2024:10:30:04 +0000] "GET /health HTTP/1.1" 200 2 "-" "kube-probe/1.28"
{"timestamp":"2024-01-15T10:30:05Z","level":"info","logger":"api","message":"Health check passed"}

After ERROR Filter

Only these 4 lines remain visible:

• Apache line with status 500 (inferred ERROR)
• JSON log with level: error
• Syslog line with ERROR keyword
• Kubernetes klog with E prefix

Combining Filters

You can combine the severity filter with the search box. For example, set severity to ERROR and search for "database" to find only database-related errors. This is particularly useful when investigating a specific component in a large log dump.

Time-Based Analysis

After filtering, check the timestamps to understand the error sequence. If errors cluster around a specific time, that points to a deployment, infrastructure change, or external dependency failure at that moment.