Explore logs

[preview] This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.

With Logs Explorer, based on Discover, you can quickly search and filter your log data, get information about the structure of log fields, and display your findings in a visualization. You can also customize and save your searches and place them on a dashboard. Instead of having to log into different servers, change directories, and view individual files, all your logs are available in a single view.

Go to Logs Explorer by opening Discover from the navigation menu, and selecting the Logs Explorer tab.

Viewing data in Logs Explorer requires read privileges for Discover and Integrations. For more on assigning Kibana privileges, refer to the Kibana privileges docs.

By default, Logs Explorer shows all of your logs according to the index patterns set in the logs source advanced setting. Update this setting by going to Management → Advanced Settings and searching for logs source.

If you need to focus on logs from a specific integrations, select the integration from the logs menu:

Once you have the logs you want to focus on displayed, you can drill down further to find the information you need. For more on filtering your data in Logs Explorer, refer to Filter logs in Logs Explorer.

The documents table in Logs Explorer functions similarly to the table in Discover. You can add fields, order table columns, sort fields, and update the row height in the same way you would in Discover.

Refer to the Discover documentation for more information on updating the table.

The actions column provides access to additional information about your logs.

Expand: () Open the log details to get an in-depth look at an individual log file.

Degraded document indicator: () Shows if any of the document’s fields were ignored when it was indexed. Ignored fields could indicate malformed fields or other issues with your document. Use this information to investigate and determine why fields are being ignored.

Stacktrace indicator: () Shows if the document contains stack traces. This indicator makes it easier to navigate through your documents and know if they contain additional information in the form of stack traces.

Click the expand icon () in the Actions column to get an in-depth look at an individual log file.

These details provide immediate feedback and context for what’s happening and where it’s happening for each log. From here, you can quickly debug errors and investigate the services where errors have occurred.

The following actions help you filter and focus on specific fields in the log details:

From the log details of a document with ignored fields, as shown by the degraded document indicator , expand the Quality issues section to see the name and value of the fields that were ignored. Select Data set details to open the Data Set Quality page. Here you can monitor your data sets and investigate any issues.

The Data Set Details page is also accessible from Project settings → Management → Data Set Quality. Refer to Monitor data sets for more information.