- Observability: other versions:
- Get started
- What is Elastic Observability?
- What’s new in 8.17
- Quickstart: Monitor hosts with Elastic Agent
- Quickstart: Monitor your Kubernetes cluster with Elastic Agent
- Quickstart: Monitor hosts with OpenTelemetry
- Quickstart: Unified Kubernetes Observability with Elastic Distributions of OpenTelemetry (EDOT)
- Quickstart: Collect data with AWS Firehose
- Add data from Splunk
- Applications and services
- Application performance monitoring (APM)
- Get started
- Learn about data types
- Collect application data
- View and analyze data
- Act on data
- Use APM securely
- Manage storage
- Configure APM Server
- Monitor APM Server
- APM APIs
- Troubleshooting
- Upgrade
- Release notes
- Known issues
- Synthetic monitoring
- Get started
- Scripting browser monitors
- Configure lightweight monitors
- Manage monitors
- Work with params and secrets
- Analyze monitor data
- Monitor resources on private networks
- Use the CLI
- Configure projects
- Multi-factor Authentication
- Configure Synthetics settings
- Grant users access to secured resources
- Manage data retention
- Use Synthetics with traffic filters
- Migrate from the Elastic Synthetics integration
- Scale and architect a deployment
- Synthetics support matrix
- Synthetics Encryption and Security
- Troubleshooting
- Real user monitoring
- Uptime monitoring (deprecated)
- Tutorial: Monitor a Java application
- Application performance monitoring (APM)
- CI/CD
- Cloud
- Infrastructure and hosts
- Logs
- Troubleshooting
- Incident management
- Data set quality
- Observability AI Assistant
- Reference
Logs index template reference
editLogs index template reference
editIndex templates are used to configure the backing indices of data streams as they’re created. These index templates are composed of multiple component templates—reusable building blocks that configure index mappings, settings, and aliases.
You can view the default logs
index template in Kibana. To open Index Management, find Stack Management in the main menu or use the global search field. Select Index Templates and search for logs
.
Select the logs
index templates to view relevant component templates.
Edit the logs
index template
editThe default logs
index template for the logs-*-*
index pattern is composed of the following component templates:
-
logs@mappings
-
logs@settings
-
logs@custom
-
ecs@mappings
You can use the logs@custom
component template to customize your Elasticsearch indices. The logs@custom
component template is not installed by default, but you can create a component template named logs@custom
to override and extend default mappings or settings. To do this:
- To open Index Management, find Stack Management in the main menu or use the global search field.
- Select Component Templates.
- Click Create component template.
- Name the component template logs@custom.
- Add any custom metadata, index settings, or mappings.
Changes to component templates are not applied retroactively to existing indices. For changes to take effect, create a new write index for impacted data streams by triggering a rollover. Do this using the Elasticsearch Rollover API. For example, to roll over the logs-generic-default
data stream, run:
POST /logs-generic-default/_rollover/
Set the default_field
using the custom template
editThe logs
index template uses default_field: [*]
meaning queries without specified fields will search across all fields.
You can update the default_field
to search in the message
field instead of all fields using the logs@custom
component template.
If you haven’t already created the `logs@custom`component template, create it as outlined in the previous section. Then, follow these steps to update the Index settings of the component template:
- To open Index Management, find Stack Management in the main menu or use the global search field.
- Select Component Templates.
-
Search for
logs
and find thelogs@custom
component template. - Open the Actions menu and select Edit.
-
Select Index settings and add the following code:
{ "index": { "query": { "default_field": [ "message" ] } } }
- Click Next through to the Review page and save the component template.
ElasticON events are back!
Learn about the Elastic Search AI Platform from the experts at our live events.
Register now