Back to Details

solarwinds-logs

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

SolarWinds Log Search

SolarWinds日志搜索

Search DealerVision production logs through the SolarWinds Observability API using the 
logs
CLI tool.
使用
logs
CLI工具,通过SolarWinds Observability API搜索DealerVision生产日志。

First-Time Setup (On Demand)

首次设置(按需)

This skill requires the 
logs
CLI tool, .NET 10, and a SolarWinds API token. Install only when the skill is activated.
此技能需要
logs
CLI工具、.NET 10和SolarWinds API令牌。仅在激活该技能时进行安装。

1. Check if Already Installed

1. 检查是否已安装

Linux/macOS:
bash
logs --help 2>/dev/null || echo "Not installed - setup required"
echo "$SOLARWINDS_API_TOKEN"
Windows (PowerShell):
powershell
logs --help 2>$null
Write-Host "SOLARWINDS_API_TOKEN=$env:SOLARWINDS_API_TOKEN"
Linux/macOS:
bash
logs --help 2>/dev/null || echo "Not installed - setup required"
echo "$SOLARWINDS_API_TOKEN"
Windows (PowerShell):
powershell
logs --help 2>$null
Write-Host "SOLARWINDS_API_TOKEN=$env:SOLARWINDS_API_TOKEN"

2. Install Dependencies and Tool (One-Time Setup)

2. 安装依赖项和工具(一次性设置)

Run the setup script from the deployed skill folder:
Linux/macOS:
bash
bash ~/.codex/skills/solarwinds-logs/scripts/setup.sh
Windows (PowerShell):
powershell
pwsh ~/.codex/skills/solarwinds-logs/scripts/setup.ps1
If you are using Claude Code, replace 
~/.codex/skills
with 
~/.claude/skills
.
What this does:
  • Installs .NET SDK 10 if missing (user-level)
  • Installs the 
    logs
    CLI tool from the skill-local package
  • Verifies the installation
  • Checks for required environment variables
Note: Installation only happens once; the tool becomes globally available.
从已部署的技能文件夹运行设置脚本:
Linux/macOS:
bash
bash ~/.codex/skills/solarwinds-logs/scripts/setup.sh
Windows (PowerShell):
powershell
pwsh ~/.codex/skills/solarwinds-logs/scripts/setup.ps1
如果使用Claude Code,请将
~/.codex/skills
替换为
~/.claude/skills
脚本执行操作:
  • 若缺失则安装.NET SDK 10(用户级)
  • 从技能本地包安装
    logs
    CLI工具
  • 验证安装情况
  • 检查所需环境变量
注意: 安装仅需执行一次,工具将变为全局可用。

3. Configure Environment Variable

3. 配置环境变量

The tool requires a SolarWinds API token for authentication.
Linux/macOS:
bash
export SOLARWINDS_API_TOKEN="your-token-here"
Windows (PowerShell):
powershell
$env:SOLARWINDS_API_TOKEN = "your-token-here"
To obtain a token:
  1. Log in to SolarWinds Observability
  2. Navigate to Settings -> API Tokens
  3. Create a new token with 'Logs Read' permission
该工具需要SolarWinds API令牌进行身份验证。
Linux/macOS:
bash
export SOLARWINDS_API_TOKEN="your-token-here"
Windows (PowerShell):
powershell
$env:SOLARWINDS_API_TOKEN = "your-token-here"
获取令牌步骤:
  1. 登录SolarWinds Observability
  2. 导航至“设置” -> “API令牌”
  3. 创建一个拥有“日志读取”权限的新令牌

4. Verify Setup

4. 验证设置

Linux/macOS:
bash
dotnet tool list --global | grep SolarWindsLogSearch
logs "test" --limit 1
Windows (PowerShell):
powershell
dotnet tool list --global | Select-String SolarWindsLogSearch
logs "test" --limit 1
Linux/macOS:
bash
dotnet tool list --global | grep SolarWindsLogSearch
logs "test" --limit 1
Windows (PowerShell):
powershell
dotnet tool list --global | Select-String SolarWindsLogSearch
logs "test" --limit 1

Prerequisites

前提条件

  • .NET SDK 10.0+ (required to install the tool)
  • SOLARWINDS_API_TOKEN environment variable (required to use the tool)
  • Default data center: 
    na-01
  • .NET SDK 10.0+(安装工具所需)
  • SOLARWINDS_API_TOKEN环境变量(使用工具所需)
  • 默认数据中心:
    na-01

Alternative: Manual Installation

替代方案:手动安装

If you prefer to install manually without the setup script:
bash
undefined
如果您希望不使用设置脚本进行手动安装:
bash
undefined

Requires .NET SDK 10.0+

需要.NET SDK 10.0+

dotnet tool install --global DealerVision.SolarWindsLogSearch --version 2.4.0 --add-source ~/.codex/skills/solarwinds-logs/tools
dotnet tool install --global DealerVision.SolarWindsLogSearch --version 2.4.0 --add-source ~/.codex/skills/solarwinds-logs/tools

If using Claude Code, replace ~/.codex/skills with ~/.claude/skills

如果使用Claude Code,请将~/.codex/skills替换为~/.claude/skills

Windows path: %USERPROFILE%\.codex\skills\solarwinds-logs\tools (or .claude for Claude Code)

Windows路径:%USERPROFILE%\.codex\skills\solarwinds-logs\tools(Claude Code用户则为.claude)

Verify

验证

logs --help
undefined
logs --help
undefined

⚠️ Critical: Prefer Simple Searches (No Time Arguments)

⚠️ 重要提示:优先使用简单搜索(无时间参数)

The SolarWinds/Papertrail API is finicky with time ranges and often skips recent entries when time arguments are used. The 
logs
tool is designed to start from the most recent entries and page backward through time automatically until a predefined limit (typically 24 hours worth of data).
SolarWinds/Papertrail API对时间范围的处理较为敏感,使用时间参数时常会遗漏最新条目。
logs
工具默认从最新条目开始,自动按时间向后翻页,直到覆盖预定义的时间范围(通常为24小时的数据)。

Default Search Pattern

默认搜索模式

Always prefer simple keyword searches without time arguments:
bash
undefined
始终优先使用无时间参数的简单关键词搜索:
bash
undefined

✅ RECOMMENDED - Simple searches that capture current entries

✅ 推荐 - 可捕获当前条目的简单搜索

logs 'error' logs 'exception' logs 'timeout' logs 'DbUpdateException'
logs 'error' logs 'exception' logs 'timeout' logs 'DbUpdateException'

✅ GOOD - Add filters, but avoid time arguments

✅ 良好 - 添加过滤条件,但避免使用时间参数

logs 'error' --severity ERROR logs 'exception' --program webhook-api
undefined
logs 'error' --severity ERROR logs 'exception' --program webhook-api
undefined

Why Avoid Time Arguments?

为何要避免时间参数?

When you use 
--time-range
, 
--start-time
, or 
--end-time
, the API may return a subset of entries that misses vital current/recent log entries. This is a known quirk of the underlying Papertrail API.
bash
undefined
当使用
--time-range
--start-time
--end-time
时,API可能返回的条目子集会遗漏关键的当前/最新日志条目。这是底层Papertrail API的已知特性。
bash
undefined

⚠️ AVOID - Time arguments can miss recent entries

⚠️ 避免使用 - 时间参数可能遗漏最新条目

logs "error" --time-range 1h # May miss errors from the last few minutes logs "error" --time-range 24h # May skip entries that just happened
undefined
logs "error" --time-range 1h # 可能会遗漏过去几分钟内的错误 logs "error" --time-range 24h # 可能会跳过刚刚发生的条目
undefined

How to Handle User Requests with Time References

如何处理包含时间参考的用户请求

When a user asks for something like "errors from today" or "logs from the last hour":
  1. Default to simple search: Run 
    logs 'error'
    without time arguments
  2. Filter results after retrieval: The agent can filter out older entries from the results
  3. Only use time arguments if the user explicitly wants to exclude current/recent results
Example interpretations:
  • "Search logs for errors from today" → 
    logs 'error' OR 'exception'
    (filter results yourself)
  • "Find exceptions in the last 4 hours" → 
    logs 'exception'
    (filter results yourself)
  • "Show me errors, but only from yesterday, not today" → Time arguments are appropriate here
当用户要求“今天的错误”或“过去一小时的日志”时:
  1. 默认使用简单搜索:运行不带时间参数的
    logs 'error'
  2. 检索后过滤结果:Agent可自行从结果中过滤掉较旧的条目
  3. 仅当用户明确希望排除当前/最新结果时,才使用时间参数
示例解读:
  • “搜索今天的错误日志” → 
    logs 'error' OR 'exception'
    (自行过滤结果)
  • “查找过去4小时内的异常” → 
    logs 'exception'
    (自行过滤结果)
  • “只显示昨天的错误,不要今天的” → 此时适合使用时间参数

When Time Arguments Are Appropriate

适合使用时间参数的场景

Only use time arguments when the user explicitly wants to:
  • Exclude current/recent results
  • Look at a specific historical window (e.g., "what happened last Tuesday between 2-4pm")
  • Investigate a known past incident with specific timestamps
仅当用户明确需要以下操作时,才使用时间参数:
  • 排除当前/最新结果
  • 查看特定历史时间段(例如:“上周二下午2-4点发生了什么”)
  • 调查已知的过去事件,且有具体时间戳

Quick Commands

快速命令

bash
undefined
bash
undefined

Search for errors (recommended - no time arguments)

搜索错误(推荐 - 无时间参数)

logs 'error'
logs 'error'

Find specific exceptions

查找特定异常

logs 'DbUpdateException' --severity ERROR --limit 10
logs 'DbUpdateException' --severity ERROR --limit 10

Filter by service (still no time arguments)

按服务过滤(仍不使用时间参数)

logs 'timeout' --program webhook-api
logs 'timeout' --program webhook-api

Get full details for a specific log entry

获取特定日志条目的完整详情

logs --id 1901790063029837827 --with-data
logs --id 1901790063029837827 --with-data

Export large result sets to file

将大量结果导出到文件

logs 'exception' --output-file results.json
undefined
logs 'exception' --output-file results.json
undefined

Key Options

关键选项

OptionDescription
--time-range
1h
, 
4h
, 
12h
, 
24h
, 
2d
, 
7d
, 
30d
--severity
INFO
, 
WARN
, 
ERROR
, 
DEBUG
--program
Filter by service name (e.g., 
media-processing
)
--hostname
Filter by host
--limit
Max results (default 1000, max 50000)
--with-data
Include structured JSON payload
--no-data
Exclude payload (faster, smaller response)
--output-file
Save full results to file
选项描述
--time-range
1h
, 
4h
, 
12h
, 
24h
, 
2d
, 
7d
, 
30d
--severity
INFO
, 
WARN
, 
ERROR
, 
DEBUG
--program
按服务名称过滤(例如:
media-processing
--hostname
按主机过滤
--limit
最大结果数(默认1000,上限50000)
--with-data
包含结构化JSON负载
--no-data
排除负载(速度更快,响应体积更小)
--output-file
将完整结果保存到文件

Workflow Strategy

工作流策略

  1. Start broad - Run initial search without many filters
  2. Narrow progressively - Add severity, time-range, or program filters based on results
  3. Retrieve details - Use 
    --id
    with 
    --with-data
    for full log entry inspection
  4. Export large datasets - Use 
    --output-file
    for comprehensive analysis
  1. 从宽泛搜索开始 - 初始搜索时不使用过多过滤条件
  2. 逐步缩小范围 - 根据结果添加严重性、时间范围或程序过滤条件
  3. 检索详情 - 使用
    --id
    搭配
    --with-data
    查看完整日志条目
  4. 导出大型数据集 - 使用
    --output-file
    进行全面分析

Output Format

输出格式

Returns JSON with:
  • success
    : boolean status
  • query
    : search parameters used
  • summary
    : statistics including severity breakdown, truncation info
  • results
    : array of log entries with timestamps, source, severity, message
  • pagination
    : info for getting more results
返回JSON格式数据,包含:
  • success
    : 布尔值状态
  • query
    : 使用的搜索参数
  • summary
    : 统计信息,包括严重性分布、截断信息
  • results
    : 日志条目数组,包含时间戳、来源、严重性、消息
  • pagination
    : 获取更多结果的分页信息

Advanced Usage

高级用法

For detailed documentation on query syntax, MCP server modes, and advanced patterns, see references/REFERENCE.md.
For common investigation patterns and recipes, see references/RECIPES.md.
有关查询语法、MCP服务器模式和高级模式的详细文档,请参阅references/REFERENCE.md
有关常见调查模式和操作指南,请参阅references/RECIPES.md