maxmustermann/kibana
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
kibana/docs/logs/using.asciidoc
EamonnTP 63eabdbc19
[DOCS] Move Uptime Kibana documentation into Uptime guide (#67508) 
* Move Uptime content from Kibana doc

* Fix doc build

* Committing deleted image files

* Updates following review

* Change attribute name

* Update Uptime doc link in UI

* Update doc url

* Doc url update

* Update alert images and further edits

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
2020-06-04 15:58:58 +01:00

101 lines
5.1 KiB
Plaintext
Raw Blame History

[role="xpack"]
[[xpack-logs-using]]
== Using the Logs app
Use the Logs app in {kib} to explore and filter your logs in real time.
You can customize the output to focus on the data you want to see and to control how you see it.
You can also view related application traces or uptime information where available.
[role="screenshot"]
image::logs/images/logs-console.png[Logs Console in Kibana]
[float]
[[logs-search]]
=== Use the power of search
Use the search bar to perform ad hoc searches for specific text.
You can also create structured queries using {kibana-ref}/kuery-query.html[Kibana Query Language].
For example, enter `host.hostname : "host1"` to see only the information for `host1`.
// ++ this isn't quite the same as the corresponding metrics description now.
[float]
[[logs-configure-source]]
=== Configure the data to use for your logs
Are you using a custom index pattern to store the log entries?
Do you want to limit the entries shown or change the fields displayed in the columns?
If so, <<xpack-logs-configuring, configure the logs source data>> to change the index pattern and other settings.
[float]
[[logs-time]]
=== Specify the time and date
Click image:images/time-filter-calendar.png[time filter calendar], then choose the time range for the logs.
Log entries for the specified time appear in the middle of the page. To quickly jump to a nearby point in time, click the minimap timeline to the right.
// ++ what's this thing called? It's minimap in the UI. Would timeline be better?
[float]
[[logs-customize]]
=== Customize your view
Click *Customize* to customize the view.
Here, you can choose whether to wrap long lines, and choose your preferred text size.
[float]
=== Configuring the data to use for your logs
If your logs have custom index patterns, use non-default field settings, or contain parsed fields which you want to expose as individual columns, you can <<xpack-logs-configuring, override the default configuration settings>>.
[float]
[[logs-stream]]
=== Stream or pause logs
Click *Stream live* to start streaming live log data, or click *Stop streaming* to focus on historical data.
When you are viewing historical data, you can scroll back through the entries as far as there is data available.
When you are streaming live data, the most recent log appears at the bottom of the page.
In live streaming mode, you are not able to choose a different time in the time selector or use the minimap timeline.
To do either of these things, you need to stop live streaming first.
// ++ Not sure whether this is correct or not. And what about just scrolling through the display?
// ++ There may be a bug here, (I managed to get future logs) see https://github.com/elastic/kibana/issues/43361
[float]
[[logs-highlight]]
=== Highlight a phrase in the logs stream
To highlight a word or phrase in the logs stream, click *Highlights* and enter your search phrase.
// ++ Is search case sensitive?
// ++ Can you search for multiple phrases together, if so, what's the separator?
// ++ What about special characters? For example, I notice that when searching for "Mozilla/4.0" which appears as written in my logs, "Mozilla" is highlighted, as is "4.0" but "/" isn't. The string "-" (which appears in the logs as written, quotes and all, isn't found at all. Any significance?
[float]
[[logs-event-inspector]]
=== Inspect a log event
To inspect a log event, hover over it, then click the *View actions for line* icon image:logs/images/logs-action-menu.png[View actions for line icon]. On the menu that opens, select *View details*. This opens the *Log event document details* fly-out that shows the fields associated with the log event.
To quickly filter the logs stream by one of the field values, in the log event details, click the *View event with filter* icon image:logs/images/logs-view-event-with-filter.png[View event icon] beside the field.
This automatically adds a search filter to the logs stream to filter the entries by this field and value.
[float]
[[log-view-in-context]]
=== View log line in context
To view a certain line in its context (for example, with other log lines from the same file, or the same cloud container), hover over it, then click the *View actions for line* image:logs/images/logs-action-menu.png[View actions for line icon]. On the menu that opens, select *View in context*. This opens the *View log in context* modal, that shows the log line in its context.
[role="screenshot"]
image::logs/images/logs-view-in-context.png[View a log line in context]
[float]
[[view-log-anomalies]]
=== View log anomalies
When the machine learning anomaly detection features are enabled, click *Log rate*, which allows you to
<<xpack-logs-analysis,use machine learning to detect and inspect anomalies>> in your log data.
[float]
[[logs-integrations]]
=== Logs app integrations
To see other actions related to the event, click *Actions* in the log event details.
Depending on the event and the features you have configured, you may also be able to:
* Select *View status in Uptime* to {uptime-guide}/uptime-app-overview.html[view related uptime information] in the *Uptime* app.
* Select *View in APM* to <<traces, view related APM traces>> in the *APM* app.
Reference in a new issue View git blame Copy permalink