Custom Logs Package
editCustom Logs Package
editVersion |
2.3.3 (View all) |
Compatible Kibana version(s) |
8.8.0 or higher |
Supported Serverless project types |
Security |
Subscription level |
Basic |
Level of support |
Elastic |
The Custom Logs package is used to ingest arbitrary log files and parse their contents using Ingest Pipelines. Follow the steps below to set up and use this package.
Get started
edit- Install Elastic Agent Install an Elastic Agent on the machine from which you want to collect logs.
-
Identify the Log Location Identify the log location on that machine, for example,
/tmp/custom.log
.-
If you need to include multiple log files or an entire directory, consider using wildcard patterns such as
/tmp/*.log
to capture all.log
files, or/tmp/*
to include all file types. -
Note that the System integration ingests
/var/log/*.log
. You do not need to add this path if the System integration is in use.
-
If you need to include multiple log files or an entire directory, consider using wildcard patterns such as
-
Enroll the Custom Logs Integration
- Add the Custom Logs integration to your installed Elastic Agent.
- Provide an Integration name. A descriptive name will make managing this integration in the Kibana UI more intuitive.
- Configure the path to match the location(s) identified in the previous step.
-
Provide a dataset name that reflects the purpose of your logs (for example,
python
for Python application logs).
-
Verify Data in Discover
-
Open Discover in Kibana and filter the
logs-*
indices to your dataset name (e.g.,logs-python
) to confirm that the raw log data is being ingested.
-
Open Discover in Kibana and filter the
-
Configure Parsing Rules
- Use Ingest Pipelines to define parsing rules.
- See Parse and route logs for examples of how to extract structured fields and reroute log data to specific data streams.
-
Create a Custom Dashboard
- Use Kibana to build a dashboard for analyzing incoming log data based on your specific needs.
ECS Field Mapping
editThis integration includes an ECS Dynamic Template, so any fields following the ECS schema will automatically receive the correct index field mappings without additional manual configuration.
Changelog
editChangelog
Version | Details | Kibana version(s) |
---|---|---|
2.3.3 |
Enhancement (View pull request) |
8.8.0 or higher |
2.3.2 |
Enhancement (View pull request) |
8.8.0 or higher |
2.3.1 |
Enhancement (View pull request) |
8.8.0 or higher |
2.3.0 |
Enhancement (View pull request) |
8.8.0 or higher |
2.2.0 |
Enhancement (View pull request) |
8.8.0 or higher |
2.1.0 |
Enhancement (View pull request) |
8.8.0 or higher |
2.0.0 |
Enhancement (View pull request) |
8.8.0 or higher |
1.1.2 |
Enhancement (View pull request) |
— |
1.1.1 |
Enhancement (View pull request) |
— |
1.1.0 |
Enhancement (View pull request) |
— |
1.0.0 |
Enhancement (View pull request) |
— |
0.5.1 |
Enhancement (View pull request) |
— |
0.5.0 |
Enhancement (View pull request) |
— |
0.4.6 |
Enhancement (View pull request) |
— |
0.1.0 |
Enhancement (View pull request) |
— |