- Observability: other versions:
- Get started
- What is Elastic Observability?
- What’s new in 8.17
- Quickstart: Monitor hosts with Elastic Agent
- Quickstart: Monitor your Kubernetes cluster with Elastic Agent
- Quickstart: Monitor hosts with OpenTelemetry
- Quickstart: Unified Kubernetes Observability with Elastic Distributions of OpenTelemetry (EDOT)
- Quickstart: Collect data with AWS Firehose
- Add data from Splunk
- Applications and services
- Application performance monitoring (APM)
- Get started
- Learn about data types
- Collect application data
- View and analyze data
- Act on data
- Use APM securely
- Manage storage
- Configure APM Server
- Monitor APM Server
- APM APIs
- Troubleshooting
- Upgrade
- Release notes
- Known issues
- Synthetic monitoring
- Get started
- Scripting browser monitors
- Configure lightweight monitors
- Manage monitors
- Work with params and secrets
- Analyze monitor data
- Monitor resources on private networks
- Use the CLI
- Configure projects
- Multi-factor Authentication
- Configure Synthetics settings
- Grant users access to secured resources
- Manage data retention
- Use Synthetics with traffic filters
- Migrate from the Elastic Synthetics integration
- Scale and architect a deployment
- Synthetics support matrix
- Synthetics Encryption and Security
- Troubleshooting
- Real user monitoring
- Uptime monitoring (deprecated)
- Tutorial: Monitor a Java application
- Application performance monitoring (APM)
- CI/CD
- Cloud
- Infrastructure and hosts
- Logs
- Troubleshooting
- Incident management
- Data set quality
- Observability AI Assistant
- Reference
Configure data sources
editConfigure data sources
editSpecify the source configuration for logs in the Logs settings in the Kibana configuration file. By default, the configuration uses the index patterns stored in the Kibana log sources advanced setting to query the data. The configuration also defines the default columns displayed in the logs stream.
If your logs have custom index patterns, use non-default field settings, or contain parsed fields that you want to expose as individual columns, you can override the default configuration settings.
Edit configuration settings
edit-
Find
Logs / Settingsin the global search field.Name
Name of the source configuration.
Kibana log sources advanced setting
Use index patterns stored in the Kibana log sources advanced setting, which provides a centralized place to store and query log index patterns. To open Advanced settings, find Stack Management in the main menu or use the global search field.
Data view (deprecated)
The Logs UI integrates with data views to configure the used indices by clicking Use data views.
Log indices (deprecated)
Kibana index patterns or index name patterns in the Elasticsearch indices to read log data from.
Log columns
Columns that are displayed in the logs Stream page.
- When you have completed your changes, click Apply.
Customize Stream page
editIf Spaces are enabled in your Kibana instance, any configuration changes you make here are specific to the current space. You can make different subsets of data available by creating multiple spaces with other data source configurations.
By default, the Stream page within the Logs app displays the following columns.
Timestamp |
The timestamp of the log entry from the |
Message |
The message extracted from the document.
The content of this field depends on the type of log message.
If no special log message type is detected, the Elastic Common Schema (ECS)
base field, |
- To add a new column to the logs stream, select Settings > Add column.
- In the list of available fields, select the field you want to add. To filter the field list by that name, you can start typing a field name in the search box.
- To remove an existing column, click the Remove this column icon.
- When you have completed your changes, click Apply.
If the fields are grayed out and cannot be edited, you may not have sufficient privileges to modify the source configuration. For more information, see Granting access to Kibana.
On this page