File data

Access file data using file search terms, directory scanning and Automatic extraction of compressed files (gz, tgz, zip…). The data is read via Secure Shell (SSH) from remote servers or from your local hard drive which allows for:

• Password or SSH key authorization

• Handling of different shells and installed Unix programs

• Server load handling with max connections, max parallel processes and Unix execution priority

• Identity change with sudo/su

• Jump servers

• Import of Putty sessions

Container data

You can access files from your local Docker and your remote or local Kubernetes. Container data is read via Docker and Kubernetes commands. Select container data using:

• Container and image names

• Kubernetes namespaces and pod names

• Kubernetes labels

Log Time Synchronization

When Retrospective collects log entries, it automatically converts their timestamps to the local time using the time zone information found in the log entry timestamps.

The "Time zone fallback" option determines if the time zone of the host shall be used as a fallback for converting log entry timestamps that don't contain a time zone themselves.

Search and monitor

Searching phrases, time ranges and regex is most useful for file-based logs. It is optimized for speed, so that even large file bases can be efficiently processed. Most Linux and Windows file compression formats are supported.

Monitoring is the primary use case for container logs. When used for log files, it uses intelligent discovery of new files, covering the major log rotation schemas.

Unified view and context diving

Data from different container and file sources is combined into a unified result view that is timestamp-sorted by default. This allows for diving into the context of log entries by creating new searches or adapting the current search criteria.

Session State

When launching the program, the entire session is restored to the state they had when the program was terminated. This includes the size and position of the windows as well as the collected data.

Result Snapshots

You can create snapshots (immutable copies) of the current result data and restore the result table at any time. Restored result tables will be backed by another copy of the snapshot, the original snapshot remains unchanged after its creation.

Profiles

The configuration of hosts and containers as data sources can be made quickly ad-hoc or comprehensively elaborated. Saved configuration profiles allow you to reuse your specific setup and share it with other Retrospective users. All saved configuration is encrypted.

Bookmarks

A search or monitor window can be saved as a bookmark. The bookmark includes the sources configuration and the search criteria that you may have built on top of it.

Status and History Views

The History view allows viewing the search criteria of the previously triggered search actions and opening a search tab with exactly the same search criteria.

The Status view allows viewing of the application status information stored in Retrospective log file.

Parallel and multi-window desktop app

Retrospective is a multi-window desktop application for Windows, Mac and Linux. Search/Monitor windows are managed with simple tabs and can be “exploded” into individual windows that are intelligently distributed amongst your available screens.

A windows view setup can be stored and reused later.

Autofind (automatic detection)

When selecting new log data sources, encoding, log entry separation and timestamp pattern is automatically detected. The detection result and any problems and their cause are reported and the user is advised on how to rectify them.

Manual configuration

The automatically detected encoding, log entry separation and timestamp pattern can be manually corrected or fine-tuned within a series of wizard pages.

Custom Columns

During Autofind, Retrospective also detects recurring name-value pairs through regex statements and lets you assign them to custom columns.

Beside name-value pairs, any custom regex statement can be created to split log data into custom columns. For pre-structured log data, separators (e.g. a semicolon) can be used to split log data in multiple columns.

Custom columns may also be based on fixed position fields.

Locally Filtering

The collected data can be locally filtered with the feature rich Retrospective Query Language (RQL) using all pre-defined columns and custom columns. A query consists of one or multiple terms and groups. Terms and groups can be combined with Boolean operators to form a more complex query. Individual columns may be combined with an operator (=, <, <=, >, >=) and the term you are looking for.

Log Level Definitions

REtrospective lets you define individual log level definitions. Every such definition specifies how individual log entries shall be interpreted by Retrospective in order to find/extract the appropriate log level. It also contains information on how log entries with an assigned log level shall be displayed in the result table.

Highlighting and Sorting

XML markup and JSON structures in the collected log data are auto-formatted for an easy clipboard copy.

In addition to a fast local search term highlighting, Retrospective has automatic coloring of log levels and can be extended with custom log level definitions and color schemas based on name-value pairs and custom regex statements.

Export

The tabularized data can be exported from the Retrospective result view as text, comma-separated (CSV), Microsoft Excel or JSON for further analysis in other software.

It is also possible to export to the online data visualization tool Koia.

Further Data Visualization

Koia is an angular-based, open-source web application which was developed to analyze and visualize log data collected from Retrospective.

In Koia, the data can be be refined and displayed as charts, relationship graphs, summary or pivot tables. A variety of chart types are offered such as: Pie charts, donut charts, bar charts, line charts, area charts, scatter charts and sunburst charts.

Besides simply visualizing data, Koia also features time and value filters to present a closer look at diagrams and the numbers behind them.