Beats Logs differentiation based on Environment in Kibana UI

Hi there, I am looking for some help to differentiate the logs which I am sending from various environments to the Elastic.

Flow : File Beat -> Logstash -> Elastic -> Kibana.

I would like to see the logs which I pushed from various environments i.e DEV1, DEV2, DEV3 etc. In Kibana UI, I can see all the logs for each of the host. But this is not good experience for end users.

Is there any possibility in UI, As soon as the user logs in, Where they can able to select the Environment in a dashboard or some where for ex.

User Logs in -> Click on Environment(DEV1 or DEV2) then -> Select Application(Tomcat, Rabbit MQ etc) -> then Select associated hosts under the Application to view the logs for that host.

How can I achieve the above scenario? I need some example which I can declare in my file beat.yml. some thing like to pass env_name, application_name/product_name.

How do you know which environment logs belong to?

Some ideas:

1. in filebeat, add a field called Environment and set the value to DEV1 or DEV2
2. Create a runtime field with logic to set the Environment based on whatever (hostname?)

You then filter on the new field in saved searches. I don't know if you will have to create a dashboard for each environment or if there is a way to filter.

Thanks Len Rugen. I will try the step 1 and see how it goes. At this point in time can't able to differentiate the logs where they belongs to until we apply some identification before we sent to elastic.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.