i am using filebeat in one aws instance where our application is running as docker container, elasticsearch and kibana are running on another aws instance.
i can see the logs in kibana,
here we are having three types of logs (debug,error,info). i couldnot differentiate these logs. i am using "container.name : "XXX" and message error" this kql to check error message.
how can i get different types of logs in log level instead of same message
Your Filebeat configuration should parse your application logs into separate fields. I can't tell from your screenshot if it's doing that or not. If you click the arrow > to expand one of those docs do you see individual field for the log level?
If not, you should modify your filebeat configuration. This might help you; https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-installation-configuration.html#enable-modules
If you still need help, we can switch this post from Kibana to Beats.
Regards,
Lee
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.