Logs monitoring overviewedit

Logs monitoring enables you to view logs from your infrastructure and identify problems in near real time. You can view logs from servers, containers, services, and so on. Then you can drill down to view more detailed information about an individual log entry, or you can seamlessly switch to view corresponding metrics, uptime information or APM traces where available. You can also use machine learning to automatically detect some kinds of log anomalies.

Logs monitoring componentsedit

logs monitoring architecture

Logs monitoring requires the following Elastic Stack components.

Elasticsearch is a real-time, distributed storage, search, and analytics engine. Elasticsearch can store, search, and analyze large volumes of data in near real-time. The Logs app uses Elasticsearch to store logs data in Elasticsearch documents which are queried on demand.

Beats are open source data shippers that you install as agents on your servers to send data to Elasticsearch. The Logs app uses Filebeat to collect logs from the servers, containers, and other services in your infrastructure. Filebeat modules are available for most common servers, containers and services.

Kibana is an open source analytics and visualization platform designed to work with Elasticsearch. You use Kibana to search, view, and interact with the logs data stored in Elasticsearch. You can easily perform advanced data analysis and visualize your data in a variety of charts, tables, and maps. The Logs app in Kibana provides a dedicated user interface to view logs from the servers, containers and services in your infrastructure.