I've got Logs working, I think it's going to be a really helpful feature. I do have one question though.
Here's an example of a query that works in Discovery but if I try it in Logs it says " There are no log messages to display."
beat.name.keyword:/ps-test-app.*/ AND type:rails_json
In Discover this returns quite a bit of logs from the past 15 minutes. Am I doing something wrong?
(edited to add a documentation link)
We should probably document it better, that the filter bar in the Logs UI uses the Kibana Query Language instead of the old lucene query language. The filter would read slightly different because it uses wildcards instead of regular expressions, e.g.
beat.name.keyword:ps-test-app* AND type:rails_json
You can enable the Kibana Query Language in the discover/visualize/dashboard query bar as well using the "Options" button to the right:
That does work, thanks!
If I could make a suggestion, it would be great if Logs could have the option to save filters. And/or to use existing saved filters.
Thanks,
Dan
That is a very good suggestion, thank you. It's something we have on our list of improvements.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
