Logs monitoring overviewedit

Logs monitoring enables you to view logs from your infrastructure to help identify problems in real-time. You can view logs from servers, containers, services, and so on. Additionally, you can drill down to view detailed information about an individual log entry, or you can seamlessly switch to view corresponding metrics, uptime information, or APM traces where available. You can also use machine learning to detect specific log anomalies automatically.

Logs monitoring componentsedit

logs monitoring architecture

Logs monitoring requires the following Elastic Stack components.

Elasticsearch is a real-time, distributed storage, search, and analytics engine. Elasticsearch can store, search, and analyze large volumes of data in near real-time. The Logs app uses Elasticsearch to store logs data in Elasticsearch documents which are queried on demand.

Beats are open source data shippers that you install as agents on your servers to send data to Elasticsearch. The Logs app uses Filebeat to collect logs from the servers, containers, and other services in your infrastructure. Filebeat modules are available for most typical servers, containers, and services.

Kibana is an open source analytics and visualization platform designed to work with Elasticsearch. You use Kibana to search, view, and interact with the logs data stored in Elasticsearch. You can perform advanced data analysis and visualize your data in a variety of charts, tables, and maps. The Logs app in Kibana provides a dedicated user interface to view logs from the servers, containers, and services in your infrastructure.