Elastic
Loading

Explore logs in Discover

Elastic Stack Serverless

From the logs-* or All logs data view in Discover, you can quickly search and filter your log data, get information about the structure of log fields, and display your findings in a visualization. You can also customize and save your searches and place them on a dashboard. Instead of having to log into different servers, change directories, and view individual files, all your logs are available in a single view.

To open Discover, find Discover in the global search field. Select the logs-* or All logs data view from the Data view menu.

Screen capture of Discover

Viewing data in Discover logs data views requires read privileges for Discover, Index, Logs, and Integrations. For more on assigning Kibana privileges, refer to the Kibana privileges docs.

By default, the All logs data view shows all of your logs, according to the index patterns set in the logs sources advanced setting. To open Advanced settings, find Stack Management in the main menu or use the global search field.

To focus on logs from a specific source or sources, create a data view using the index patterns of those source. For more information on creating data views, refer to Create a data view

Once you have the logs you want to focus on displayed, you can drill down further to find the information you need. For more on filtering your data in Discover, refer to Filter logs in Discover.

The documents table lets you add fields, order table columns, sort fields, and update the row height in the same way you would in Discover.

Refer to the Discover documentation for more information on updating the table.

The actions column provides additional information about your logs.

Expand: The icon to expand log details Open the log details to get an in-depth look at an individual log file.

Degraded document indicator: The icon that shows ignored fields This indicator shows if any of the document’s fields were ignored when it was indexed. Ignored fields could indicate malformed fields or other issues with your document. Use this information to investigate and determine why fields are being ignored.

Stacktrace indicator: The icon that shows if a document contains stack traces This indicator makes it easier to find documents that contain additional information in the form of stacktraces.

Click the expand icon icon to open log details to get an in-depth look at an individual log file.

These details provide immediate feedback and context for what’s happening and where it’s happening for each log. From here, you can quickly debug errors and investigate the services where errors have occurred.

The following actions help you filter and focus on specific fields in the log details:

  • Filter for value (filter for value icon): Show logs that contain the specific field value.
  • Filter out value (filter out value icon): Show logs that do not contain the specific field value.
  • Filter for field present (filter for present icon): Show logs that contain the specific field.
  • Toggle column in table (toggle column in table icon): Add or remove a column for the field to the main Discover table.

Go to Data Sets to view more details about your data sets and monitor their overall quality. To open Data Set Quality, find Stack Management in the main menu or use the global search field.

Refer to Data set quality for more information.