better-stack-logginglisted

# Better Stack Log Management (Logtail) ## Overview Better Stack Logs (formerly Logtail) provides centralized log management with structured log ingestion, real-time search, and log-based alerting. MSPs use it to aggregate logs from client infrastructure, investigate incidents, and set up proactive alerting on error patterns. ## Key Concepts ### Log Sources Sources define where logs come from and how they're ingested: - **Platform sources** - AWS, Azure, GCP, Heroku, Vercel, etc. - **Language sources** - Node.js, Python, Ruby, Go, etc. - **Infrastructure sources** - Docker, Kubernetes, syslog, HTTP - Each source gets a unique source token for authentication ### Log Structure Logs in Better Stack are structured JSON documents: - `dt` - Timestamp (ISO 8601) - `level` - Log level (info, warn, error, debug, fatal) - `message` - Log message text - Any additional custom fields (request_id, user_id, service, etc.) ### Query Language Better Stack supports SQL-like queries for log searching: - Field-based filters: `level:error`, `service:api` - Text search: `"connection refused"` - Time ranges: `dt:[2026-03-27T00:00:00Z TO 2026-03-27T23:59:59Z]` - Boolean operators: `AND`, `OR`, `NOT` - Wildcards: `host:prod-*` ### Log-Based Alerts Create alerts that trigger when log patterns match: - Error rate thresholds (e.g., more than 10 errors in 5 minutes) - Specific error message patterns - Absence of expected log entries (heartbeat-style) ## API Patterns ### Query Logs ``` bette