We're currently setting up a POC where we - among other things - collect a whole bunch of logs from many different machines. The idea was to centralize logs so we don't have to go rummage around multiple machines to find the errors and look at the stack traces.
After setting everything up, we've run into the issue of actually looking through the logs. What do people use? The feedback we've got from developers was that the log viewer in Kibana (Logs->Stream) was unusable:
Most of the screen estate is occupied by empty space with no obvious possibility to resize the columns and no way to properly display the stack traces, due to - once again - non resizable broken views in the entry details:
Is this something people don't use in first place? Are there third party front-ends tailored to the simple use case of searching and viewing log entries?
I think that the Logs feature is something to emulate the tail of a log file, which is something that is not always useful for a lot of people.
In my experience, I never used the Logs feature for more than a couple tests, I prefer to use Discover to look and search at the logs as I can easily change the columns, create filters and custom searchs, this is what the devs and support team on a company I worked liked to use.
I would recommend that you try to look at the logs using Discover, create some custom visualizations for your dev team and see what is the reception.
Yep. We've already built a whole bunch of Dashboards and Rules/Alerts based on logs, which are immensely helpful. The new Discover (table based view) works way better, although I'd love to see both put together. Adding visualizations from the library to the Discover view would help navigating documents quite a bit. You probably could build it using App Search though. Would have to check...
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
