Hi,
I'm using the elk stack in docker and I am looking for a way to configure the default columns displayed in the log stream. Right now those default columns are timestamp, event.dataset and message.
I can change them from the setting menu, but I haven't been able to reproduce this from the kibana config file.
Is there a way to do it ?
Thanks in advance !
Hi @Yomain,
unfortunately there's no mechanism to change the columns via the configuration file at the moment. What makes using the settings UI impractical for you?
Hi,
I am running my whole stack in a docker-compoe file and my main issue was about loosing Kibana settings when doing a docker-compose down.
I am only using the elastic stack to parse a single application log file for now so I don't have that many needs.
Anyway to solve that issue I have made a volume of elasticsearch data folder (as Kibana settings are saved there).
But logs are also saved there and initially I wanted to avoid this as I wanted elastic/filebeat to start from 0 and reparse the totally of my log file. Now it's on tail mode in order to avoid duplicate.
But thank you for your answer !
Thanks for providing the insights. I can empathize - automatically restoring Kibana settings after a redeployment is not trivial. Maybe I can help by providing some insights into how the log source settings are stored:
Upon saving the settings in the Logs UI a space-specific saved object is stored in the Kibana system index. You should be able to query such saved objects using the saved object _find API as in
curl -u "${USERNAME}:${PASSWORD}" -X GET '${KIBANA_URL}/api/saved_objects/_find?type=infrastructure-ui-source' -H 'kbn-xsrf: true'
and restore them using the _bulk_create API after container startup. A one-shot sidecar container is a common pattern for that.
Let me know if that makes sense.
In the meantime I have created https://github.com/elastic/kibana/issues/61773 to put more convenient export/import mechanisms on the roadmap. Please feel free to chime in with your use-case details there to provide some weight to the request.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.