47 lines
2.5 KiB
Plaintext
47 lines
2.5 KiB
Plaintext
[role="xpack"]
|
|
[[xpack-logs-configuring]]
|
|
|
|
:ecs-base-link: {ecs-ref}/ecs-base.html[base]
|
|
|
|
== Configuring the Logs data
|
|
|
|
The default source configuration for logs is specified in the {kibana-ref}/logs-ui-settings-kb.html[Logs app settings] in the {kibana-ref}/settings.html[Kibana configuration file].
|
|
The default configuration uses the `filebeat-*` index pattern to query the data.
|
|
The default configuration also defines field settings for things like timestamps and container names, and the default columns to show in the logs stream.
|
|
|
|
If your logs have custom index patterns, use non-default field settings, or contain parsed fields which you want to expose as individual columns, you can override the default configuration settings.
|
|
|
|
To change the configuration settings, click the *Settings* tab.
|
|
|
|
NOTE: These settings are shared with metrics. Changes you make here may also affect the settings used by the *Metrics* app.
|
|
|
|
In the *Settings* tab, you can change the values in these sections:
|
|
|
|
* *Name*: the name of the source configuration
|
|
* *Indices*: the index pattern or patterns in the Elasticsearch indices to read metrics data and log data from
|
|
* *Fields*: the names of specific fields in the indices that are used to query and interpret the data correctly
|
|
* *Log columns*: the columns that are shown in the logs stream
|
|
|
|
By default the logs stream shows following columns:
|
|
|
|
* *Timestamp*: The timestamp of the log entry from the `timestamp` field.
|
|
* *Message*: The message extracted from the document.
|
|
The content of this field depends on the type of log message.
|
|
If no special log message type is detected, the Elastic Common Schema (ECS) {ecs-base-link} field, `message`, is used.
|
|
|
|
To add a new column to the logs stream, in the *Settings* tab, click *Add column*.
|
|
In the list of available fields, select the field you want to add.
|
|
You can start typing a field name in the search box to filter the field list by that name.
|
|
|
|
To remove an existing column, click the *Remove this column* icon
|
|
image:logs/images/logs-configure-source-dialog-remove-column-button.png[Remove column].
|
|
|
|
When you have completed your changes, click *Apply*.
|
|
|
|
If the fields are greyed out and cannot be edited, you may not have sufficient privileges to change the source configuration.
|
|
For more information see <<xpack-security-authorization>>.
|
|
|
|
TIP: If <<xpack-spaces>> are enabled in your Kibana instance, any configuration changes you make here are specific to the current space.
|
|
You can make different subsets of data available by creating multiple spaces with different data source configurations.
|
|
|