Category: Software Development

Programming practices, frameworks, and coding tips.

Set up Datalust Seq in a Docker Container

Learn how to set up Datalust Seq in Docker, configure API access tokens, and explore log queries. Enhance your log management today!

Hello, stranger… Datalust Seq is a powerful log server that makes it easy to monitor your application logs, search for issues and visualize data. Running Seq in a Docker container simplifies the deployment process, and setting up API access tokens ensures secure access. In this post, we’ll cover how to set up Datalust Seq in a docker container, configure API access tokens, and provide some query examples.

What Is Seq?

Datalust Seq is a sophisticated log server designed to help developers and IT professionals manage and analyze log data more effectively. It provides a user-friendly interface for real-time monitoring, searching, and visualizing logs, making it easier to identify and troubleshoot issues in applications. Seq supports structured log data, which enhances its querying capabilities, allowing users to perform both simple and complex searches. It also integrates well with various logging frameworks and tools, offering features like API access tokens for secure data ingestion and queries. This makes Seq a valuable tool for enhancing observability and operational insights in software systems. Read more at datalust.co/seq

Running Seq in a Docker Container

To get started, ensure you have Docker installed on your system. You can pull the official Seq image from Docker Hub and run a container with the following command:

PH=$(echo 'secret-password' | docker run --rm -i datalust/seq config hash)
docker run \
  --name seq \
  -d \
  --restart unless-stopped \
  -e ACCEPT_EULA=Y \
  -e SEQ_API_CANONICALURI=https://public-address-if-any:8088 \
  -e SEQ_FIRSTRUN_ADMINPASSWORDHASH="$PH" \
  -v /path/to/seq/data:/data \
  -p 8088:80 \
  -p 5341:5341 \
  datalust/seq

You should change the parameters in bold to fit your needs.

  • secret-password: is your password to access the web frontend.
  • SEQ_API_CANONICALURI: should be used if you have a public access URL
  • /path/to/seq/data: is the location of Seq data outside of docker

If you defined SEQ_API_CANONICALURI, you should now be able to access the Seq web interface by navigating to https://public-address-if-any:8088 in your browser, you should access http://localhost:8088 otherwise.

Port 5341 is used for data ingestion (log coming from applications).

Seq main panel

If you did all good, you should see this screen after logging in using the defined password.

Configuring API Access Tokens

API access tokens are essential for secure programmatic access to Seq. Follow these steps to configure API access tokens:

  1. Access the Seq Web Interface: Open your browser and go to http://localhost:8088.
  2. Navigate to Settings: Click on the settings menu in the upper navigation bar.
  3. Manage API Keys: In the Settings menu, click on “API Keys” in the left menu.
  4. Create a New API Key: Click on “Add API Key”.
  5. Configure API Key: Provide a name for the key (e.g., “development-key”); select the “Ingest” permission; and, set the minimum level to “Verbose”.
  6. Generate the Key: Click “Save Changes” to generate the API key. Copy the generated key and store it securely, as you won’t be able to see it again.

Using API Access Tokens

You can now use the generated API key to send logs to Seq or perform queries. Here’s an example of sending a log event using curl:

curl -X POST "http://localhost:5341/api/events/raw?apiKey=YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
  "Events": [
    {
      "Timestamp": "2024-07-24T21:09:08.12345-3:00",
      "Level": "Warning",
      "MessageTemplate": "Disk space is low on {Drive}",
      "Properties": {
        "Drive": "C:",
        "MachineName": "nblumhardt-rmbp"
      }
    }
  ]
}'

Replace YOUR_API_KEY with the API key you generated in the previous step.

If the log does not appear in the event panel, check the date and time. Try to put the date you are testing.

Querying Logs in Seq

Seq uses a rich query language for searching and filtering log events. Here are some examples:

Basic Queries

Retrieve all logs:

select * from stream

Filter logs by level:

select * from stream where @Level = 'Error'

Search for a specific message:

select * from stream where @MessageTemplate like '%Hello, Seq!%'

I don’t like these queries because the result is not easy to read. I prefer to use queries like these:

Filter all logs with log level = ‘Information’

@Level = 'Information'

You also could filter by many level values:

@Level in ['Information', 'Error']

Filter all logs with log level = ‘Information’ and the message body contains “date”. The like operator works just like SQL language.

@Level = 'Information' and @Message like '%date%'

Advanced Queries

Count logs by level:

select count(*) as Count, @Level from stream group by @Level

Average log events per hour:

select count(*) as Count, datepart(hour, @Timestamp) as Hour
from stream
group by datepart(hour, @Timestamp)

Logs in a specific time range:

select * from stream where @Timestamp between '2024-07-24T00:00:00Z' and '2024-07-24T23:59:59Z'

Find logs with a specific property:

select * from stream where Properties['App'] = 'MyApp'

Conclusion

This post showed how to set up Datalust Seq in a docker container and how to configure API access tokens as a straightforward process that enhances the security and manageability of your log data. With the provided query examples, you can start exploring your logs effectively. Seq’s powerful query language allows for both simple searches and complex data analysis, making it an invaluable tool for monitoring and troubleshooting your applications.

See ya!

Related posts:

Deploying a Docker Service Stack Distributed Load Testing on AWS Lambda Docker Manager with GTK How to install Portainer.io System Containers and Virtual Machines With LXD Enhance logging in .NET Core Web API