Create log visualization for my recently created logs

leostereo · January 15, 2021, 1:01pm

Hy guys.
Im sending some logs from a custom process using elasticsearch api interface.
I can see logs at discover section.
Now , I need to create a visualization for non technical personal.
I dont need any graphs , just a basic log visualization , similar to graylog , with basic search function.
Im googling but can not find hot to achieve it.
Any idea would be wellcome.
Im using kibana 7.9.
Regards.
Leandro.

matw · January 15, 2021, 5:53pm

Hi

You could select the fields you want to have displayed, save the search:

Then you can add this search to a dashboard. you could add multiple searches / processes on 1 dashboard, adding a search would then be applied to all widgets containing process data.

Would that cover your use case?

Best,
Matthias

Nathan_Reese · January 15, 2021, 6:02pm

Now , I need to create a visualization for non technical personal.
I dont need any graphs , just a basic log visualization , similar to graylog , with basic search function.

How are you running Kibana? Are you using Elastic's distribution?

Elastic's kibana distribution contains a logging application that makes it easy to view and search logs and is exactly what you are looking for.

leostereo · January 18, 2021, 5:18pm

I worked !! thank!!

leostereo · January 18, 2021, 5:19pm

I worked , thanks !!!

leostereo · January 18, 2021, 5:28pm

Hi , It seems a nice tool but can not view my index info there.
How should I setup it to show my index info ?
I already set "settings -> Index pattern for matching indices that contain log data
and set hotspot , wich is my indes pattern but nothing happend".

Thanks.

Nathan_Reese · January 18, 2021, 7:30pm

Are your logs in Elastic Common Schema?

leostereo · January 19, 2021, 11:37am

Dear Nathan ... Im not using ECS , , I didnt know about it , now you mentioned I began reading about that.
In my case , im loggin my hotspot activity , so , when user connects to hotspot I do something like this:

 date_default_timezone_set('UTC');
    $today = date("Y-m-d\TH:i:s").".000Z";

    $endpoint = 'http://172.10.100.113:9200/hotspot/_doc/';
    $params = array(
            'name' => $name,
            'mac' => $mac_address,
            'code' => $code,
            'customer' => $customer,
            'dni' => $document,
            'mail' => $mail,
            'phone' => $phone,
            'timestamp' => $today
    );

    #$url = $endpoint . '?' . http_build_query($params);
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $endpoint);
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json'));
    curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($params));

    curl_exec($ch);

Im not sure how to move my scenario to ECS.
I have been googling but could not find similar example, can you suggest ?
BTW , thank you very much for pointing me about ECS , I consider this is a very important piece on elk.
Leandro.