i am using filebeat in one aws instance where our application is running as docker container, elasticsearch and kibana are running on another aws instance.
i can see the logs in kibana,
here we are having three types of logs (debug,error,info). i couldnot differentiate these logs. i am using "container.name : "XXX" and message error" this kql to check error message.
how can i get different types of logs in log level instead of same message
Your Filebeat configuration should parse your application logs into separate fields. I can't tell from your screenshot if it's doing that or not. If you click the arrow > to expand one of those docs do you see individual field for the log level?
If not, you should modify your filebeat configuration. This might help you; https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-installation-configuration.html#enable-modules
If you still need help, we can switch this post from Kibana to Beats.
Regards,
Lee