- Observability: other versions:
- Get started
- What is Elastic Observability?
- What’s new in 8.17
- Quickstart: Monitor hosts with Elastic Agent
- Quickstart: Monitor your Kubernetes cluster with Elastic Agent
- Quickstart: Monitor hosts with OpenTelemetry
- Quickstart: Unified Kubernetes Observability with Elastic Distributions of OpenTelemetry (EDOT)
- Quickstart: Collect data with AWS Firehose
- Add data from Splunk
- Applications and services
- Application performance monitoring (APM)
- Get started
- Learn about data types
- Collect application data
- View and analyze data
- Act on data
- Use APM securely
- Manage storage
- Configure APM Server
- Monitor APM Server
- APM APIs
- Troubleshooting
- Upgrade
- Release notes
- Known issues
- Synthetic monitoring
- Get started
- Scripting browser monitors
- Configure lightweight monitors
- Manage monitors
- Work with params and secrets
- Analyze monitor data
- Monitor resources on private networks
- Use the CLI
- Configure projects
- Multi-factor Authentication
- Configure Synthetics settings
- Grant users access to secured resources
- Manage data retention
- Use Synthetics with traffic filters
- Migrate from the Elastic Synthetics integration
- Scale and architect a deployment
- Synthetics support matrix
- Synthetics Encryption and Security
- Troubleshooting
- Real user monitoring
- Uptime monitoring (deprecated)
- Tutorial: Monitor a Java application
- Application performance monitoring (APM)
- CI/CD
- Cloud
- Infrastructure and hosts
- Logs
- Troubleshooting
- Incident management
- Data set quality
- Observability AI Assistant
- Reference
Logs Stream
editLogs Stream
editWithin the Logs app, the Stream page enables you to monitor all of the log events flowing in from your
servers, virtual machines, and containers in a centralized view. You can consider this as a tail -f
in your browser,
along with the power of search.
Click Stream Live to view a continuous flow of log messages in real time, or click Stop streaming to view historical logs from a specified time range.
Activate Logs Stream
editBecause Logs Explorer is replacing Logs Stream, Logs Stream and the Logs Stream dashboard panel are disabled by default. To activate Logs Stream and the Logs Stream dashboard panel complete the following steps:
- To open Advanced Settings, find Stack Management in the main menu or use the global search field.
- In Advanced Settings, enter Logs Stream in the search bar.
- Turn on Logs Stream.
After saving your settings, you’ll see Logs Stream in the Observability navigation, and the Logs Stream dashboard panel will be available.
Filter logs
editTo help you get started with your analysis faster and extract fields from your logs, use the search bar
to create structured queries using Kibana Query Language.
For example, enter host.hostname : "host1"
to see only the information for host1
.
Additionally, click Highlights and enter a term you would like to locate within the log events. The Logs histogram, located to the right, highlights the number of discovered terms and when the log event was ingested. This helps you quickly jump between potential areas of interest in large amounts of logs, or from a high level, view when a large number of events occurred.
Inspect log event details
editWhen you have searched and filtered your logs for a specific log event, you may want to examine the metadata and the structured fields associated with that event. To view the Log event document details fly-out, hover over the log event, click View actions for line, and then select View details. To further enhance the workflow of monitoring logs, the icons next to each field value enable you to filter the logs per that value.
View contextual logs
editOnce your logs are filtered, and you find an interesting log line, the real context you are looking for is
what happened before and after that log line within that data source. For example, you are running
containerized applications on a Kubernetes cluster, you filter the logs for the term error
, and you find an
interesting error log line. The context you want is what happened before and after the error line within the
logs of this container and application.
Hover over the log event, click View actions for line, and then select View in context. The context is preserved and helps you find the root cause as soon as possible.
Integrate with Uptime and APM
editTo see other actions related to a log event, click Actions in the Log event document details fly-out. Depending on the event and the features you have configured, you can:
- Select View status in Uptime to view related uptime information in the Uptime app.
- Select View in APM to view corresponding APM traces in the Applications UI.
On this page