Log Wizard - a Log Viewer that is easy and fun to use!

John Torjo

Rate me:

4.89/5 (35 votes)

19 Apr 2016GPL334 min read

139.6K

4.4K

128

Monitoring Log files can be fun!

Introduction
Using LogWizard (1.6+)
Background
Logging - as much as possible
Views and Filtering!
Pretty Formatting (1.8+)
A deeper look at LogWizard - On/Off switches
Hotkeys
Notes
Go To Line/Time
Details Pane (1.6+)
Windows Event Logs and Debug Viewer (1.6+)
Database Support (1.8+)
nlog / log4net Enhanced support (1.8+)
Dropping Zip files
Real-time Monitoring
Remember My Settings / Auto-Saving
The Hard Core stuff
- LogWizard Templates (Advanced)
- Logging Syntax (Advanced)
History

Others in the Log Wizard series

Pretty Formatting, Filters, Notes, Windows Event Logs

Introduction

I created LogWizard to help anyone that really needs to deal with logs in order to hunt down bugs and/or issues that happen somewhere else (read = at customer site).

Notes:

The project is hosted on github, but I did attach the 1.6 snapshot here.
Starting with 1.5, when you run LogWizard, you're automatically notified when there's a new release.
Since inception, the UI has changed a lot. As of 23 Dec 2015, I have updated the images and article to show just that. Any feedback is deeply appreciated.

Using LogWizard

My focus has been on ease of use from the get go. When using LogWizard, most things should be straightforward. In case they're not, I've done something wrong :) Let me know!

Everything you want to do with LogWizard is:

Available via Hotkeys. Pretty much everything can be accessed via hotkeys.
Available via the Actions menu. Yes, it's a single button, shown on the bottom-right.
Available via Mouse Right Click. Either select some text, right click, and see what happens, or right click on any Column header

When you first run LogWizard, you will be greeted by something more or less like this:

So, to get started, just drag and drop a log file. Then, we'll get to work :)

As of version 1.6, LogWizard supports the following types of Logs:

Log Files
- Your usual log4net, NLog, log4j files, that log messages line-by-line (the full message is one line)
- CSV files (comma-separated values files)
- XML Files
- Part-per-line log files (each part of the message is written on a separate line, having the syntax name:value
Windows Event Logs: local and remote Windows Event Logs
Debug Viewer: anything outputted via the OutputDebugString function
Database: as of 1.8+, you can connect to databases.

I plan to add support for more log types - in case you have something in mind, just let me know!

To find out if a log type is supported, as I release new versions of LW, just simulate an Actions >> Open Log (Ctrl-O). Right now, it looks like this, and I will update it as I suppor new stuff:

Background

My team and I have created a rather large piece of software that is running on thousands of machines every day. Our customers, when they encounter an issue, send us their logs. The software is pretty big, we run 10+ threads, we log a lot of information, and parsing through it is pretty complex. Focusing on a certain issue (the customer's) has always been rather complicated.

The first thing we wanted was to identify common issues/problems at the blink of an eye - open the log, and have some crafted views that would show us instantly details if and when a common issue occurred.

The second thing was the exact opposite - if there are some issues that should never happen but did, we would want to know about it as well - once again, instantly.

Logging - As Much As Possible

When it comes to logging, it's a constant battle - as to what to log and what not to log. You're never sure if the log message you're just about to turn off would end up being useful when run at the customer site. So why not log it? Unless that log message will clog your log file with tens of megabytes, it's probably a good idea to log it - and filter it out from within LogWizard (you can always go back to seeing it at any time).

You should always log as much as possible, and the use LogWizard to create views (filters) for what you want to focus on.

Viewing and Filtering!

As of version 1.4, you can create filters a lot easier. See more info here.

At the core of LogWizard is the concept of a View. The View is just what the name suggests - a filtered subset of the existing log (file) that you are looking at.

Here's what to remember:

A View is a combination of Filters, each yielding some information.
The Filters are OR-ed, and all the lines that match them are shown in the View.
The first filter that matches gives the color of the line - it's a very easy way to distinguish the importance of each information.

Here's an example of View that shows an overview of the application start and exit.

There are 3 types of Filters:

Include Filters - they contain lines to include in the View
Exclude Filters - they contain lines to exclude from the View
Color Filters - they specify which color a line or match should have
- When you have a color-the-line filter, it will color the full line
- When you have a color-the-match filter, it will color just the characters that match the filter. It also works for regexes :)

By default, the view contains all log entries. In order to have it show what you want, you have the following choices:

Start excluding rows (in other words, use Exclude Filters)
Specify which rows to include (in other words, use Include Filters)
You can also combine the two. It's important to remember: the Exclude Filters are run after the Include Filters.

At any point, you can add Color Filters, which can make the information you want to stand out.

As you get used to LogWizard, you'll use the Color Filter more and more - it's sooo powerful! And as you'll see, editing/adding/removing filters is easy, thus you can tweak colors on/off as your application gets developed.

Views are Persistent

What's more important is that as your focus changes, your Views don't have to get lost. Say you move to work on a different module of your application. Leave your existing View as is (maybe you'll need it later!), create a new View with what interests you at this time - and go from there.

You can also create Views for rare-occuring events - just so that you are notified if they ever happen. This is a very important feature. For example, I have View that shows me User-Interface Notifications, Errors, and Fatal Errors. When I open a log from a customer, the first thing I look at is - how many lines are in that view? If too many, that's the first thing I check.

Another View you could find useful is an overview of how the application is behaving. This is clearly dependant on your application - but you can log your application's start (version, when it started, where it was installed, etc.), the modules it's running, how much CPU is using, how your application ended and so on. When you get a log from your customer, this will give you just that - an overview of what you would want to ask the customer.

Filter as you type

When you first drag and drop a log file, all the lines in the log are shown. You'll want to filter some in, some out, color some lines, and so on.

To get a starter feel, just click on a line, and start typing. Notice that as you type, if found, it's shown slighly emphasized, like this (typing "roam"):

From the get-go, LogWizard functions as a very smart file viewer and filter-er. As you type, it will take you to the first line that contains what you typed, and it will have what you typed as selected.

You can do whatever you want to the selection, such as, Ctrl-Shift-Right, which will word select "Roaming", just like in a full fludged file editor.

With the current selection, you can do some pretty neat stuff:

F3/Shift-F3 - it will automatically take you to the next/previous occurence of what you have selected
Ctrl-Alt-F - it will toggle between only the lines that cotain the given text and the full view

And last but not least, just do a Mouse Right Click:

It will allow you to create Filters from your selection. To set the Color of the "Roaming" text to blue, you would select "Filter: Change Color of Lines Including [Roaming] >> Match Color", set a color, and you'll instantly have:

Filtering in itself is a pretty long concept, so I devoted a full article to it.

Editing Filters (Advanced)

As of version 1.4, it's much easier to create filters. More details here.

Usually, you don't need to know how to Edit the Filters, since starting with 1.4+, it's extremely easy to create them. You can go to the next section, and read this when you need it.

To Edit the filters in the current View, first make sure the Filter Pane is shown (if it's not shown, toggle it on with Alt-F hotkey). When you drag-and-drop your first log file, it will have no views. The current View will show ALL lines. At this point, you'll want to filter what messages you want to see in this View.

You can add as many Filters as you want. Filters are matched top-down, and the first filter that matches will decide the color of the line (this also means that the Filters are OR-ed - if any filter matches, it will be shown in the current View).

To add/remove filters, you have the '+' and '-' buttons. Each Filter can consist of several lines. Each line can be:

a condition that needs to match
extra information about the filter (such as, color or if case-insensitive)
a comment (starts with #, it's ignored)

In order for the filter to match, all conditions must yield true. So, within a filter, conditions are AND-ed. This also answers the question - what if I want my filters AND-ed? Simple, just make a new filter, and add there all the conditions you want AND-ed.

Condition lines are like any of the following lines:

$[part-of-line] regex
$[part-of-line] [condition] [text]

$[part-of-line] can be any of:

$level - the category of the message (such as, INFO, DEBUG, ERROR, etc.)
$msg - the message
$file - the file where the message was logged from (only if you're logging this)
$func - the function where the message was logged from (only if you're logging this)
$class - the class where the message was logged from (only if you're logging this)
$ctx1, $ctx2, $ctx3 - extra context (depending on your log, you can decide to log extra information, such as - the module where the message is coming from)

The second argument can simply be a regex. Or,

[condition] is any of:

= - matches if it's equal to the given text
!= - matches if it's not equal to the given text
startswith - matches if it starts with the given text
!startswith - matches if it doesn't start with the given text
contains - matches if it contains the given text
!contains - matches if it doesn't contain the given text
any - matches if the text contains any of the subexpressions in the given text. Each subexpression is - separated by "|". Example: $msg any Kaspersky|Norton|Avg
none - matches if the text contains none of the subexpressions in the given text. Each subexpression is separated by "|". Example: $msg none Kaspersky|Norton|Avg

Extra information lines:

color fg [bg]
match_color fg [bg]
case-insensitive

The color specifies what color to apply if the filter matches (it will color the full line). The match_color specifies what color to apply if the filter matches, but it will only apply it to the match itself.

The colors are in the #RRGGBB syntax, and some of the known colors are recognized. So you can say things like 'color red', 'color darkred', 'color #ee0022'. As of version 1.2, to set the color of your filter, you can also click on the eyedropper tool on the left of the text, set the color, and that's all. Changes will also take effect instantly!

By default, the filter is case-sensitive. If you want it to be case-insensitive, just add a line saying 'case-insensitive'.

Example:

case-insensitive  
$msg contains kaspersky  
$msg startswith process  
color green

This will create a case-insensitive filter that matches all lines that start with 'process' and contain 'kaspersky'. It will show all lines matching it in green color.

Finally, I added two more buttons: ToC / FromC (= To Clipboard / From Clipboard). ToC will copy ALL the filters from the current View to clipboard, and FromC will paste them. Say you have a colleague and you want to "send him" your current View - copy it to cliboard, send it to him. He'll paste it and voila - he's got the same View as yours!

Find (with Preview)

If you want to search within your Current View or Full Log, just press Ctrl-F. It's a rather straightforward dialog.

It will auto-preview what your Find would find in the surrounding rows - very useful when creating a regex Find.
It will mark all matches containing the text with a slightly darker background, and you can also move to the next/previous line containing the text with F3/Shift-F3.
As of 1.8+, you can also Search All Columns. By default, this is turned off (thus, searching only inside the Message column)

Here's how searching for a Process with the Pid starting with 11 would look like:

... and the results:

To end the Find (thus, un-marking all lines containing the text), just press Escape.

Find >> To Filter (1.8+)

As of version 1.8, you can transform the result of a Find into a Filter - the To Filter button. Note that this will be:

a Color Filter : it will use the colors Fg / Bg from the "Find" itself (see that you have a Mark Found words with color section)
You can tweak the filter until you like it, since you have instant preview, and then press To Filter.
You can also have it search for the text or regex in all Columns (Search All Columns checkbox)

Snoop Around (1.9+)

This is just another easy way to filter your logs. On any column except Message/Date/Time/Line, you can snoop around:

Just click on the small down arrow present on the left down side of the cell
This will look around 100000 rows, gather all available unique values and present them to you
You can check any value or several values, click Run (this will Apply the filter), and tada - you will have filtered only to those rows containing the checked values.

It's that simple! In addition to the above:

You can snoop by as many columns as you wish, in the same manner, to refine the snoop as much as you want
The columns that are snooped are shown in a different icon, so you can easily see which is column is filtered and which not
You can easily enable (Apply) or disable (Clear) a filter. Just move the mouse close to your snoop, and an extra small button will appear: a filter. Click on it to enable/disable it
It works on both View and Details panes
Not sure what you filtered by? Just click on the small down arrow, and it will show you. You can even modify that, re-click Run, and it automatically gets re-Applied.

Here's how to further snoop in addition to the first snoop (Level = Warning or Error):

And finally, the results. Notice how easy it is to spot the columns that are snooped:

Pretty Formatting (1.8+)

As of 1.8, Log Wizard allows for Pretty Formatting, to help you easily focus on what's relevant to you. Or put another way, have the relevant information stand out.

A picture is worth a thosand words:

current selection is at line 8813
bookmarks at 8727 and 8784
lines are shown quite nicely, a' la intelliJ
notice how lines background alternates, but just a bit, so that it doesn't hurt the eyes
notice how the selection is just a tad darker, enough to let you know where it is
time: I'll let you figure it out for yourself Wink | ;)
level: lines 8697, 8854 and 8978 are warnings
numbers are shown in red

Pretty Formatting is a complicated feature, thus, I dedicated another article to it.

A Deeper Look at LogWizard - On/Off Switches

I developed LogWizard to show you as much information as possible - at any time, you can choose to remove any clutter information you don't care about. Here are all the panes available in Log Wizard:

Left Pane - This contains extra information you can edit, about the view and/or log. Usually, it's all the Filters in the Current View. It enables editing filters and to easily enable/disable them. But it can be other information (such as, notes about log).
S[o]urce Pane (Top Pane) - This contains information about the Log Source - what template to apply to the log (the template contains all the Views that are shown). These are all advanced topics - and you'll very seldom need to change them.
Current View Pane (Middle Pane) - This contains the Current View.
Full Log Pane (Right Pane) - This contains all lines in the Log. As an added bonus, you'll see the "View(s)" column - which for each line, shows what Views match it. It can be very useful when you find a culprit line and you want to see what happened before and after it.
Details Pane - it shows details about the current message. You can basically specify some columns to be visible here, just in case they contain too much information to be fully visible in the Current View itself. For instance, you can have here the Message, in case the message itself is very long and/or contains several lines. Note that you can easily edit what information to show here, and where to show it.
Status - shows information about what is happening. I recommend you leave this on for the first few weeks of using LogWizard. After that, you might want to turn it off, and get more space for the information that matters. It also shows tips every now and then.

You will usually want to see probably one or two panes: The Current View Pane, perhaps The Details Pane, and/or The Full Log Pane.

Say Hi to Toggling Hotkeys:

Alt-F - Toggle Filter Pane ON/OFF
Alt-O - Toggle Source Pane ON/OFF
Alt-L - Toggle Current View Pane/Full Log Pane (rotate between CV-only <-> CV/FL <-> FL-only)
Alt-D - Toggle Details Pane ON/OFF
Alt-S - Togggle Status information ON/OFF. Usually you see here information about the current log, when it's loading, filters, searches. If there's an error, and you have it toggled off, it will toggle itself back on temporarily - so you can read the error. As of version 1.6, the Status pane also contains the "Actions" button.

Note that there is quite a bit more information you can toggle ON/OFF - so that you can really focus on what's important to you:

Alt-H - Toggle Table Header ON/OFF (Table Header = the header that shows the columns in the view)
Alt-T - Toggle Title ON/OFF. If you toggle this OFF, I remove the title + border.
Alt-V - Toggles showing the Tabs on/off. You can of course toggle them off to save some space. If you toggle them off, the name of the current view is shown in the Header (in the Message column).
Alt-N - Toggles the Notes Pane on/off. If turned on, you can write notes on log lines (in case you spot problems). Several people can write notes on a specific log, and notes are automatically merged.

Here's LogWizard with only the Current View Pane, Header and Status shown:

Hotkeys

I'm a developer - mouse is too slow. I want to do as much as possible with keys - hotkeys. As I've explained above: the 'Alt-F', 'Alt-O', 'Alt-L', 'Alt-T' - toggle the Panes ON/OFF.

In addition to that:

Ctrl-Tab/ Ctrl-Shift-Tab - Navigate between the Views (tabs).
Tab/Shift-Tab - Navigates between Panes - rotates between Current View Pane, Full Log Pane, Filters Pane/Filters List, Filters Pane/Current Filter (text box)
Ctrl-F/F3/Shift-F3 - Search for text within the Current View
Ctrl-G - Go to Line/Time
Ctrl-C/Ctrl-Shift-C - Copy to Clipboard (copies Just the Message Part/The Full Line).
+/- - Increase/decrease the Font size
Ctrl-F2 - Toggle Bookmark (Mark/Unmark line as Bookmark). Note: Bookmarks are shown in all Views.
F2/Shift-F2 - Go to Next/Previous Bookmark
Ctrl-Shift-F2 - Clear all Bookmarks.
F5 - Refreshes the current View
Ctrl-H - Toggle History. Press it once to get focus into the History combo, to allow you to select a previous log. Press it again to get back to where you were before.
Ctrl-O - Open file in Windows Explorer.
Ctrl-P - Open the Preferences window.
Ctrl-1 to Ctrl-9. It toggles you to/from Custom Position 1-9. Normally, everything is saved in your "default" position. However, you can move to a custom position - and settings like location/size + toggles are saved into that position. So you can end up having 10 "working areas" - depending on your log file and what you're doing at a specific time.

As of version 1.2, copying to clipboard copies as HTML as well. So want to email someone about an issue on a log file? Select the lines, Ctrl-C, and paste that in your email editor. It will preserve the lines color!

Comments On Thy Logs

As of version 1.2, you can create notes on the logs you're viewing. This is a huuuge feature, and I will wrote a different article about this.

But long story short, you can create notes on a certain log. The idea here is to mark the lines that are perhaps problematic - so they are either an error, or a misconfiguration on the user's part.

What you want is to get to the bottom of the problem - and as always, the more eyes, the better!

A common scenario would be - the customer support looks at the log. They might find some problems, and then, pass their findings to the team leader. Team leader looks at the comments, may add some of his own, then he can pass it to his team. Everyone on his team can comment (notes) on the log, and then they share their notes. Notes are automatically merged. You just drag someone's notes over LogWizard, and they are imported. It's that easy!

Go To Line/Time

It's the usual Ctrl-G, with a few twists:

If it's a number, I interpret it as a line, and go to the closest line (since your current View might not contain the exact line)
If it's a time ([hh:]mm:ss[.fff]), I interpret it as a time, and go to the closest time there is
If it's prefixed by + or -, I interpret this as relative to the selected line. Such as '+10' goes 10 lines after, '-3:5' goes 3 minutes and 5 seconds below.

Details Pane

LogWizard can handle logs with very complex information. In addition to the date, time, file/class/function, level, message, you can decide to log extra information about each message. It's totally up to you - especially http logs have quite a bit more info.

That is totally ok - right now, LogWizard allows for an extra up-to-15 new columns (I plan to allow up to 50). Having said that, if you have that much information, it won't fit nicely into the View - they will end up taking each-other's space. The solution is to hide some in the View, and show them in the Details pane.

The above is exactly as easy as it sounds:

Right click on any the Column Header - you will see the available columns, and you can move them around and/or show/hide any of them.
Toggle the Details Pane ON (Ctrl-D).
By default, all extra informatoin is shown in Row 1 (from Details Pane), and Row 2 contains the Message Column.
You can edit the Details Pane and select which Columns go where - right click it and select "Edit Description Layout". It will be pretty self-explanatory.
You can have up-to-6 Rows in which you can place information exactly as you wish.
Note that you can have a column show in both the View and the Details Pane. That is totally fine. Usually you will want the Message column to be like that.

Windows Event Logs (1.6+)

As of version 1.6, LogWizard handles Windows Event Logs and Debug Viewer logs. There's quite a bit to talk about here, and I wrote another article on it. For now, the basics.

To open a Windows Event Log:

Go to Actions >>Open Log, or Ctrl-O
Select 'Windows Event Log' in the combo box
You can select several logs to be merged into one - like, the "System" and "Application" logs.
There's no easy way to know all the Windows Event Log names. For instance, on my machine, "Microsoft-Windows-TWinUI/Operational" is a valid name. A way to find them out is by browsing %SystemRoot%\System32\Winevt\Logs
You can also read the event logs from a remote machine. Note that the password (in case you connect to a remote machine) is never stored - so you would need to re-enter it each time you re-open the log

Once you've opened the Windows Event Log(s), you can do anything you can do on normal logs: filtering in/out, coloring, having several views of the log and so on.

Debug Viewer (1.6+)

You can also have LogWizard function as a Debug Viewer: namely, capture anything an application writes using OutputDebugString.

To open a Debug Viewer:

Go to Actions >>Open Log, or Ctrl-O
Select 'Debug Print' in the combo box
You can filter only messages from your application - just write your application name, without the ending .exe . Otherwise, LogWizard will capture everything.

Database Support (1.8+)

As of 1.8, Log Wizard Can read from common databases, such as MSSQL, Oracle, SQLite.

As a bonus - drop an Sqlite database onto Logwizard and it automatically guesses the log table + log fields

You can test the connection, to see that it's correct, and then click OK, to open the log.

nlog / log4net Enhanced Support

As of version 1.8+, Log Wizard has enhanced support for nlog / log4net logging libraries. When first you first view a log in Log Wizard, depending on its syntax (how you write each piece of information into it), it can be sometimes a bit difficult to accurately describe it so Log Wizard shows it correctly from the get-go.

Thus, I have enhanced it to make this process as seamless as possible.

Auto-recognize nlog / log4net syntax

First, when it comes to syntax, Log Wizard now recognizes both nlog and log4net syntaxes. Or,

in nlog jargon, layout renderers
in log4net jargon, pattern layouts

So, when you open a log file (Ctrl-O), you can click on "Edit", and paste your nlog/log4net syntax.

Instead of Log Wizard syntax, such as

$time[0,' | '] $level['',' | '] $msg['']

you can now copy-paste your nlog/log4net syntax:

${date:format=dd.MM.yyyy HH\\:mm\\:ss,fff} | ${level:uppercase=true} | ${message}<br />
%-70file(%4line): %date{HH:mm:ss,fff} %-5level - %message%newline

But, it gets better...

.config files

Log Wizard can now parse nlog / log4net .config files, to automatically load the syntax from them:

When you drop a file onto Log Wizard, it will automatically look to see if there is any .config file (if not found, it will look in the directory's parent and its parent's parent). If a .config file is found, is parsed, and settings are automatically applied.

When you open a log manually (Ctrl-O), you can now click on "Load Config" - where you can manually select where your nlog/log4net config file is.

Once it parses a .config file, it will try to to load as much information from there. At this time:

if it's a log file, it will look for its syntax and its file name (the latter can not always be inferred, but that's ok, because very likely you've drag and dropped the file name)
if it's a database table, it will pre-load all the database connection information

Drag and drop of .config files

You can also drag and drop an nlog/log4net .config file. At this point, Log Wizard will pre-load all the information it could parse from the configuration file, fill it, and then open the "Open Log" dialog.

At this point, you can check that the information is correct, press OK, and that's it - enjoy viewing the log!

Dropping Zip Files

As of version 1.2, you can drop .zip files onto LogWizard.

When you drop a .zip file, LogWizard will look for log files. By default, it will look for .log and .txt files.

The first file that matches, is unzipped, imported and shown. It's that easy!

If you want more control, press Shift while drag-dropping. This will show you a list of log files - all the log files found in your zip file, together with their size. Just select one, and LogWizard will show it.

To modify what files to look for when parsing a .zip file, go to Preferences (Ctrl-P), and go to Zip Files.

Real-time Monitoring

Of course, LogWizard monitors the file constantly. As soon as new information is appended to the log, you see it instantly. And you see which Views contain new lines (except for the current View) - the View names turn to bold - which is what you'd expect.

And if you re-write the file, LogWizard instantly restarts from scratch - thus, when debugging, you can monitor your log file - not having to worry each time the log gets re-written.

Even more, I have added an option - "Bring to Top on Restart". If you check it, it will bring LogWizard to the top when the log file gets re-written.

The idea behind this is that usually, your IDE takes 100% of your screen. When debugging with Visual Studio, you'll look at Output window (which is docked somewhere). You would then resize LogWizard to be cover the Output Window, toggle LogWizard's Title OFF (Alt-T hotkey), and everytime you restart debugging, LogWizard pops up where you would expect:

This way, when debugging, you can easily focus on the information you want.

This feature works awesomely combined with "Custom positions" (see Hotkeys above). You have your default position where you want to see your logs (which will probably take at least half of your screen). But then, when debugging, you want Custom Position 1 - which will take you exactly to where your LogWizard should be when debugging your app.

Remember My Settings / Auto-Saving

I've made LogWizard to automatically save everything you do - any filter you modify, any view you add/delete/edit, everything is automatically saved and remembered.

Every Pane you've shown/hidden - LogWizard remembers it, and will show it in the same way next time you open it. Same goes for Everything you've toggled ON or OFF, or where you moved/sized the LogWizard application.

It even remembers the location of the splitters!

The log file you viewed last is opened by default. All the log files you've viewed - are kept in history. Change a setting, it's automatically saved.

All you need to do is - focus on Viewing your logs.

As of version 1.5, you can resize and/or move the columns around. You can even rename them - this is all auto-saved.

The Hard Core Stuff

You probably won't need to know the following - but just in case you're wondering...

LogWizard Templates (Advanced)

The Template decides the Views you see and what filters each View has. The default template is boringly called 'Default'. You can however create more templates to match different types of logs.

Say you work with 3 applications. Very likely, you'll want a template per application (each application will have its own Views).

LogWizard does its best to accomodate. When you open a log file, LogWizard will automatically create a new template matching the name of the file. Say you open the file Pidgin.log. Logwizard will create a template called Pidgin.

Every view you create and edit, every filter you make, is automatically saved in that template (Pidgin, in our case. Next time you open this log file, we'll automatically re-open the Pidgin template, and reshow the views you've previously created.

Say you open a new log file - called Yahoo.log. LogWizard, by default, will create a template called Yahoo. Again, you can create, edit views as you please. Or, say this matches some template you've created before. Just toggle the Source Pane ON (Alt-O hotkey), and manually select that template from the Template combo-box. That's all!

So, if your Yahoo.log mathes the Pidgin template, you will select it, and bam - you'll benefit from everything you saved there! Now, any change you make to the views and/or filters, are saved in the Pidgin template. And, all files using the Pidgin template will benefit from that!

By default, when you open a new log:

If the log name (excluding directory and extension) matches any existing template, we'll use that template. You can override this, as pointed below:
If the log file contains some specific text in its header (namely, in its 8192 bytes), you can have that log file automatically match a certain template.
If the log does not fall into any of the above cases, we'll create a new template, excluding directory and extension, and go from there.

The second case is very important. Say you have created the Pidgin template. But your customers are sending you logs such as Pidgin001.log, mycustomp.log, my29395529.log, and so on - but they are all Pidgin logs.

Thus, every time you open such a log file, you would need to manually select the Pidgin template to view the information you need.

Or, you can go to Preferences (Ctrl-P), go to Auto Match Template, and add a line that will point to your log template. Here's how:

Probably 99.99% of the time, each log will contain, at its beginning, some welcome/starting message that indirectly identifies the log (template). Messages can be in the form of Starting Pidgin v1.02.2334 at 24 april 2015 or so.

You just need to specify the text that is always written (such as, Starting Pidgin v) and there you go. LogWizard will auto match any file containing that to your Pidgin template. Much more stress free for you!

As a bonus, you can copy the full template to clipboard ('ToC') or paste it from clipboard ('FromC') - so that you can easily share the way you View your log with your colleagues.

Logging Syntax (Advanced)

When dealing with regular log files (where a row matches to a complete line in the file), LogWizard will try to guess its syntax (what each part of the line means). In case it guesses wrong, you can manually edit it. It's easy - Toggle the Source Pane ON (Alt-O) and click Edit Log Settings. Or, right click on any Column header and select Edit Log Settings. Then click on Edit.

The dialogue will be pretty self-explanatory - just note that you can at any time modify the syntax, press Enter, and you'll see below what LogWizard parsed. You can trial-and-error until you get it right. Then, press the "Use It" button, and that's it!

The syntax goes like this:

$part-of-line1[start,end] $part-of-line2[start,end] ... $part-of-lineN[start,end] $msg[start]

$part-of-line can by any of:

$msg - the logged message itself. This must always be last
$date - Date of the message
$time - Time of the message
$level - Level (INFO, DEBUG, ERROR, FATAL, etc.)
$file - file:line the message was logged from (in case you're logging it)
$func - Function the message was logged from (in case you're logging it)
$class - Class the message was logged from (in case you're logging it)
$ctx1 - $ctx15 - Extra contextual information about the message (in case you're logging it)

The start and end can be any of:

a number (the index in line where the part-of-line starts or ends)
a string (where the part-of-line starts or ends). It is not considered part of the message.