This documentation contains work-in-progress information for future Elastic Stack and Cloud releases. Use the version selector to view supported release docs. It also contains some Elastic Cloud serverless information. Check out our serverless docs for more details.
« Inspect log anomalies Logs Stream »
Elastic Docs Elastic Observability [master] Log monitoring Explore logs

Configure data sources

edit

Configure data sources

edit

Specify the source configuration for logs in the Logs app settings in the Kibana configuration file. By default, the configuration uses the index patterns stored in the Kibana log sources advanced setting to query the data. The configuration also defines the default columns displayed in the logs stream.

If your logs have custom index patterns, use non-default field settings, or contain parsed fields that you want to expose as individual columns, you can override the default configuration settings.

Edit configuration settings
edit
  1. To access this page, go to Observability > Logs.

  2. Click Settings.

    Name

    Name of the source configuration.

    Kibana log sources advanced setting

    Use index patterns stored in the Kibana log sources advanced setting, which provides a centralized place to store and query log index patterns. Update this setting by going to Stack ManagementAdvanced Settings and searching for logs sources.

    Data view (deprecated)

    The Logs UI integrates with data views to configure the used indices by clicking Use data views.

    Log indices (deprecated)

    Kibana index patterns or index name patterns in the Elasticsearch indices to read log data from.

    Log columns

    Columns that are displayed in the logs Stream page.
  3. When you have completed your changes, click Apply.
Customize Stream page
edit

If Spaces are enabled in your Kibana instance, any configuration changes you make here are specific to the current space. You can make different subsets of data available by creating multiple spaces with other data source configurations.

By default, the Stream page within the Logs app displays the following columns.

Timestamp

The timestamp of the log entry from the timestamp field.

Message

The message extracted from the document. The content of this field depends on the type of log message. If no special log message type is detected, the Elastic Common Schema (ECS) base field, message, is used.
  1. To add a new column to the logs stream, select Settings > Add column.
  2. In the list of available fields, select the field you want to add. To filter the field list by that name, you can start typing a field name in the search box.
  3. To remove an existing column, click the Remove this column icon.
  4. When you have completed your changes, click Apply.

If the fields are grayed out and cannot be edited, you may not have sufficient privileges to modify the source configuration. For more information, see Granting access to Kibana.

« Inspect log anomalies Logs Stream »