Watch current logs
Follow new rows as traffic, deploys, retries, and errors happen.
Use case / Incident response
Live Tail Incident Response for Active Log Streams
Live tail helps when an incident is still active and recent logs need to stay readable. Fluxtail receives logs into streams, then helps narrow the active window with filters, facets, histograms, alerts, MCP diagnostics, and AI chat while the raw rows remain visible.
Live tail incident response
Live log viewer
Real time logs
Filtered rows
Narrow before reading deeply
Filter by stream, service, host, namespace, container, severity, label, request ID, or message text.
Keep the sequence visible
A good live window shows warnings, retries, errors, and recovery messages in order.
Summarize selected rows after filtering
Use MCP diagnostics and AI chat after the stream and time range are focused.
Source
When this source should be centralized
Use this path when the source already emits logs and central reading, filtering, or alerting is the next need.
01
The issue is active now
Use live tail during a deploy, restart, traffic spike, dependency failure, or degraded path that is still producing fresh logs.
02
Raw terminal tailing is too noisy
Several services, hosts, pods, or containers can produce similar rows. Filters and stream boundaries keep the active window readable.
03
An alert needs row-level evidence
The next step after an alert is reading the exact rows behind the condition, not exporting a large after-the-fact file.
Incident window
Example live tail rows from one active window
Start with a stream, service, severity band, and short time window. Then read the sequence before asking for summaries.
Filter target
output
stream=checkout-live service=checkout-api level>=warn window=14:20-14:30Live rows
output
2026-04-25T14:21:09Z ERROR checkout-api timeout after 3 retries order_id=ord_4921
2026-04-25T14:21:12Z WARN checkout-api retry scheduled order_id=ord_4921 attempts=2
2026-04-25T14:21:15Z ERROR checkout-api payment retry budget exhausted order_id=ord_4921
2026-04-25T14:22:01Z INFO checkout-api gateway latency returned to baselineDiagnostic prompt after filtering
text
1summarize errors in checkout-live for service checkout-api from 14:20 to 14:30
Filters
Filters That Keep Live Logs Readable
Live tail works best when the stream is narrowed before the row count becomes unreadable.
01
Start broad, then narrow
Begin with stream and severity, then add service, host, namespace, container, request_id, trace_id, or message text.
Useful live filters
text
1service = checkout-api2level >= warn3namespace = production4container = checkout-api5host = app-prod-036request_id = req_9d81f37message contains "timeout"
02
Use facets before changing the query
Facets can show whether errors concentrate on one service, host, pod, container, severity, or error code.
03
Use histograms for time shape
A histogram shows whether the incident is a sudden spike, slow climb, repeated burst, or recovery pattern.
Setup
How logs move into Fluxtail
Keep the sender configuration explicit, then confirm the resulting stream keeps the fields needed for reading and filtering.
01
Start with the stream and time window
Start with the stream closest to the failing service, namespace, host class, or receiver.
02
Filter before reading deeply
Apply service, severity, host, label, Kubernetes, request, or message filters before the stream becomes unreadable.
03
Read the sequence
Keep warnings, retries, failures, and recovery rows in order so the event chain is visible.
04
Use diagnostics after narrowing
Use alerts, MCP diagnostics, or AI chat only after the selected rows are narrow enough to inspect.
Incident window
Example live tail rows from one active window
Start with a stream, service, severity band, and short time window. Then read the sequence before asking for summaries.
Filter target
output
stream=checkout-live service=checkout-api level>=warn window=14:20-14:30Live rows
output
2026-04-25T14:21:09Z ERROR checkout-api timeout after 3 retries order_id=ord_4921
2026-04-25T14:21:12Z WARN checkout-api retry scheduled order_id=ord_4921 attempts=2
2026-04-25T14:21:15Z ERROR checkout-api payment retry budget exhausted order_id=ord_4921
2026-04-25T14:22:01Z INFO checkout-api gateway latency returned to baselineDiagnostic prompt after filtering
text
1summarize errors in checkout-live for service checkout-api from 14:20 to 14:30
Verification
What to check before relying on it
Collection is useful only when the resulting rows still carry enough context to search, filter, and alert on.
01
Live tail shows new logs
Confirm new rows appear without manual refresh while the source is producing events.
02
Filters reveal the first useful error
Confirm the first useful error is visible after applying stream, service, severity, host, namespace, container, request, or message filters.
03
Facets and histograms match the rows
Facets should identify noisy services, hosts, pods, containers, severities, or error codes. Histograms should show when the spike started and whether it is falling.
04
Summaries stay tied to selected rows
MCP diagnostics or AI chat should summarize the selected rows, not an unbounded stream.
Incident window
Example live tail rows from one active window
Start with a stream, service, severity band, and short time window. Then read the sequence before asking for summaries.
Filter target
output
stream=checkout-live service=checkout-api level>=warn window=14:20-14:30Live rows
output
2026-04-25T14:21:09Z ERROR checkout-api timeout after 3 retries order_id=ord_4921
2026-04-25T14:21:12Z WARN checkout-api retry scheduled order_id=ord_4921 attempts=2
2026-04-25T14:21:15Z ERROR checkout-api payment retry budget exhausted order_id=ord_4921
2026-04-25T14:22:01Z INFO checkout-api gateway latency returned to baselineDiagnostic prompt after filtering
text
1summarize errors in checkout-live for service checkout-api from 14:20 to 14:30
Incident window
Example live tail rows from one active window
Start with a stream, service, severity band, and short time window. Then read the sequence before asking for summaries.
Filter target
output
stream=checkout-live service=checkout-api level>=warn window=14:20-14:30Live rows
output
2026-04-25T14:21:09Z ERROR checkout-api timeout after 3 retries order_id=ord_4921
2026-04-25T14:21:12Z WARN checkout-api retry scheduled order_id=ord_4921 attempts=2
2026-04-25T14:21:15Z ERROR checkout-api payment retry budget exhausted order_id=ord_4921
2026-04-25T14:22:01Z INFO checkout-api gateway latency returned to baselineDiagnostic prompt after filtering
text
1summarize errors in checkout-live for service checkout-api from 14:20 to 14:30
Related
Related pages
Related page
Live log viewer
Watch production logs in real time with a live log viewer for readable streams, live tail, filters, and diagnostics.
Related page
AI log analysis
Use Fluxtail for AI-assisted log analysis through MCP and built-in AI chat while keeping the raw logs available for verification.
Related page
Log management
Centralized log management with readable live tail, clear streams, and straightforward ingest.
Related page
Kubernetes log aggregation
Aggregate Kubernetes logs from pods, nodes, and collectors into Fluxtail streams with live tail, filters, facets, histograms, alerts, MCP diagnostics, and AI chat.
Related page
Syslog analyzer
What a syslog analyzer should help you do: filter syslog logs by host, app, severity, and time, then summarize the selected rows.
Related page
AI log diagnostics
Use AI log diagnostics with Fluxtail MCP tools and AI chat to summarize errors, find exceptions, check receiver health, and explain missing logs.
Next step
Send one real source and read the logs
The fastest check is to point one real source at Fluxtail and see whether the resulting stream is easier to read.
Point one real source at Fluxtail.
Create a receiver, send one source, and inspect the first stream.