Log Patterns
Log Patterns help you cut through log noise by grouping similar logs based on structure. Instead of digging through thousands of raw lines, you get a clean, high-level view of what’s actually going on
Last updated
Log Patterns help you cut through log noise by grouping similar logs based on structure. Instead of digging through thousands of raw lines, you get a clean, high-level view of what’s actually going on
Last updated
Log Patterns in groundcover help you make sense of massive log volumes by grouping logs with similar structure. Instead of showing every log line, the platform automatically extracts the static skeleton and replace dynamic values like timestamps, user IDs, or error codes with smart tokens.
This lets you:
Cut through the noise
Spot recurring behaviors
Investigate anomalies faster
groundcover automatically detects variable parts of each log line and replace them with placeholders to surface the repeating structure.
<TS>
Timestamp
2025-03-31T17:00:00Z
<N>
Number
404, 123
<IP4>
IPv4 Address
192.168.0.1
<*>
Wildcard (text, path, etc.)
/api/v1/users/42
<V>
Version
v0.32.0
<TM>
Time measure
5.5ms
Log Patterns are collected directly on the sensor.
To see patterns in your environment, make sure your groundcover sensor is upgraded to version 1.9.251 or later.
Raw log:
Patterned:
Go to the Logs section.
Switch from Records to Patterns using the toggle at the top.
Patterns are grouped and sorted by frequency. You’ll see:
Log level (Error, Info, etc.)
Count and percentage of total logs
Pattern’s trend over time
Workload origin
The structured pattern itself
You can hover over any tag in a pattern to preview the distribution of values for that specific token. This feature provides a breakdown of sample values and their approximate frequency, based on sampled log data.
This is especially useful when investigating common IPs, error codes, user identifiers, or other dynamic fields, helping you understand which values dominate or stand out without drilling into individual logs.
For example, hovering over an
<IP4>token will show a tooltip listing the most common IP addresses and their respective counts and percentages.
Click a pattern: Filters the Logs view to only show matching entries.
Use filters: Narrow things down by workload, level, format, or custom fields.
Suppress patterns: Hide noisy templates like health checks to stay focused on what matters.
Export patterns: Use the three-dot menu to copy the pattern for further analysis or alert creation.
