Tech Topics

Searching through logs with the free and open Logs app in Kibana

Log exploration and analysis is a key step in troubleshooting performance issues in IT environments — from understanding application slow downs to investigating misbehaving containers. Did you get an alert that heap usage is spiking on a specific server? A quick search of the logs filtered from that host shows that cache misses started around the same time as the initial spike. Digging into the metadata (date and version) of the highlighted logs from that time period show us that this was likely due to a recent code push. As seen here — and in many other cases — logs hold the clues to what was happening during, before, or after an issue, which can help identify where to focus our attention next.

The Elastic Stack has long been a favorite for log management and log analytics because it’s built for both speed (which shortens investigations) and scale (which alleviates concerns about dropping data). And, with the Elastic Common Schema, event data is normalized so you can better analyze, visualize, and correlate across all types of events.

There are many ways to explore your logs in Kibana; you can look at them in the Discover app, create custom charts and dashboards, and use tools like Lens to create visualizations in just a few clicks. In addition, the Elastic Logs app is a powerful tool for searching, filtering, visualizing, and tailing your logs directly in Kibana. Think of it like a souped-up tail -f for logs from your entire environment with powerful search and filtering capabilities. The Logs app is part of the free and open distribution of Elastic Observability for a frictionless getting started experience without limits on ingest, users, or anything else.

See a streaming view of your logs (tail your log files)

As logs start flowing in from components across your environment, one of the first things you will want to see is the stream of these events as they happen. The Logs app combines the familiar view you’d see in a terminal window with the on-demand analysis capabilities of Kibana. Watch the events stream in live and zoom in on specific log lines to view the details.

Customize columns with available fields

Log events are rich with detail across a range of fields — any one of which might hold the next clue in your investigation. However, that metadata can clutter our window when it’s not relevant to our specific issue. Choose the fields you want to see so the information you need is displayed on screen while the granular details are still at your fingertips. Include or exclude fields like timestamp, message, and host.ip, or slice and dice to make custom columns with runtime fields.

Search (and filter) across all of your logs

Pinpoint the relevant logs with plain text search or auto-completing keywords (and values) via the search bar. For instance, you can search for logs that contain the word “error.” As you start to type, the Kibana Query Language provides suggestions on which fields to search. Use the “Highlights” function to jump to relevant logs based on a keyword. With the filter still in place, we can further sift through the events. The Logs app will highlight your requested term. Save time by jumping directly to the log lines that are pertinent to your investigation.

View your logs in context

A data point in isolation is a valuable indicator, but a data point in context tells a story. Now that you’ve pinpointed the concerning logs, take a step back and get a sense for what was happening around that time in the specific application or container. What happened just before and after? Use this context to identify root causes faster and lower MTTR.

Try the free Logs app for yourself

Follow along with this video to see the app in action.

Start analyzing your logs with a simple download of Elasticsearch and Kibana following these best practices. Play with sample data, start shipping your logs with one of the hundreds of out-of-the-box integrations, or ship the logs from your custom applications and services, and use runtime fields to split things up later.

Everything mentioned here is also available on Elastic Cloud for a fully-managed experience.