Configure data sourcesedit

Specify the source configuration for logs in the Logs app settings in the Kibana configuration file. By default, the configuration uses the filebeat-* index pattern to query the data. The configuration also defines field settings for things like timestamps and container names, and the default columns displayed in the logs stream.

If your logs have custom index patterns, use non-default field settings, or contain parsed fields that you want to expose as individual columns, you can override the default configuration settings.

Edit configuration settingsedit

  1. To access this page, go to Observability > Logs.
  2. Click Settings.

    Name

    Name of the source configuration.

    Index pattern

    Kibana index patterns or index name patterns in the Elasticsearch indices to read log data from.

    Each log source now integrates with Kibana index patterns which support creating and querying runtime fields. You can continue to use log sources configured to use an index name pattern, such as filebeat-*, instead of a Kibana index pattern. However, some features like those depending on runtime fields may not be available.

    Instead of entering an index pattern name, click Use Kibana index patterns and select the filebeat-* log index pattern.

    Data view

    This is a new configuration option that can be used instead of index pattern. The Logs UI can now integrate with Data views to configure the used indices by clicking Use Data views.

    Fields

    Configuring fields input has been deprecated. You should adjust your indexing using the Logs app fields, which use the Elastic Common Schema (ECS) specification.

    Log columns

    Columns that are displayed in the logs Stream page.

  3. When you have completed your changes, click Apply.

Customize Stream pageedit

If Spaces are enabled in your Kibana instance, any configuration changes you make here are specific to the current space. You can make different subsets of data available by creating multiple spaces with other data source configurations.

By default, the Stream page within the Logs app displays the following columns.

Timestamp

The timestamp of the log entry from the timestamp field.

Message

The message extracted from the document. The content of this field depends on the type of log message. If no special log message type is detected, the Elastic Common Schema (ECS) base field, message, is used.

  1. To add a new column to the logs stream, select Settings > Add column.
  2. In the list of available fields, select the field you want to add. To filter the field list by that name, you can start typing a field name in the search box.
  3. To remove an existing column, click the Remove this column icon.
  4. When you have completed your changes, click Apply.

If the fields are grayed out and cannot be edited, you may not have sufficient privileges to modify the source configuration. For more information, see Granting access to Kibana.