Logs quick reference

edit

Logs quick reference

edit

To make the most of this quick reference, read this guide to learn how to create data views, and use two Kibana tools, Logs and Discover, to view and query your logs.

The following table contains key information about Enterprise Search logs, including log types, index patterns, and filenames:

  • The event.dataset value makes it easier to filter by events when querying your logs.
  • Filter event.dataset further by finding the Elasticsearch index patterns for your logs of interest in the table below. Use these index patterns when creating data views in Kibana.
  • This table specifies which Elastic Cloud index patterns are intended to be used on your Enterprise Search deployment, versus your monitoring deployment, and whether a given index pattern matches hidden data streams and indices.
  • Read this guide to learn how to create data views, and use the Kibana tools, Logs and Discover, to view and query your logs.
Log type Elasticsearch index pattern (Self-managed) Elasticsearch index pattern (Cloud) Local filename event.dataset Description

API logs

logs-enterprise_search.api-default

logs-enterprise_search.api-default (Enterprise Search deployment)

filebeat.log

api

Enterprise Search API logs, including queries and inserts.

App Search analytics

logs-app_search.analytics-default

logs-app_search.analytics-default (Enterprise Search deployment)

filebeat.log

app-search-analytics

App Search Analytics logs, including click-through and query metrics.

Workplace Search analytics

logs-workplace_search.analytics-default

logs-workplace_search.analytics-default (Enterprise Search deployment)

filebeat.log

workplace-search-analytics

Workplace Search Analytics logs, including click-through and query metrics.

Application logs

N/A

.ds-elastic-cloud-logs* (monitoring deployment, hidden index)

app-server.log

enterprise_search.server

Main application logs, including API calls made to the server, errors and corresponding stack traces.

When troubleshooting an issue, you will typically start here. Elasticsearch debug logs also appear here.

Audit logs

logs-enterprise_search.audit-default

logs-enterprise_search.audit-default (Enterprise Search deployment)

audit.log

enterprise-search-audit

Log of events across Enterprise Search, useful for security-related auditing.

Content sources events

logs-workplace_search.content_events-default

logs-workplace_search.content_events-default (Enterprise Search deployment)

filebeat.log

workplace_search.content_events

Workplace Search content sources events.

Web crawler logs

logs-crawler-default

logs-crawler-default (Enterprise Search deployment)

ds-elastic-cloud-logs* (monitoring deployment, hidden index)

crawler.log

enterprise_search.crawler

Detailed App Search web crawler logs.

Filebeat process

N/A

N/A

filebeat

N/A

Use these logs to confirm that Filebeat is correctly pushing events to Elasticsearch.

JVM GC statistics

N/A

N/A

gc.log

N/A

Java Virtual Machine (JVM) garbage collection statistics.

Internal statistics

N/A

N/A

stats.log

N/A

Timing statistics for various internal processes.

System requests

N/A

.ds-elastic-cloud-logs* (monitoring deployment, hidden index)

system.log

enterprise_search.system

Contains web requests, including method, status code, and parameters used.

Internal worker jobs

N/A

.ds-elastic-cloud-logs* (monitoring deployment, hidden index)

worker.log

enterprise_search.worker

High-level worker job queue logs.

Search relevance suggestions events

logs-app_search.search_relevance_suggestions-default

logs-app_search.search_relevance_suggestions-default (Enterprise Search deployment)

filebeat.log

search-relevance-suggestions, search-relevance-suggestions

Created when Curations powered by Adaptive Relevance is enabled.

Logs all adaptive relevance curation suggestion events.

Search relevance suggestions system logs

N/A

N/A

search-relevance-suggestions.log

N/A

Created when Curations powered by Adaptive Relevance is enabled.

Logs all adaptive relevance curation suggestion details.

Apply the Elastic Enterprise Search Filebeat configuration to ingest Enterprise Search log files into Elasticsearch.