How can I do log analysis using kibana

nitesh · May 10, 2016, 6:35am

Hello Team,

Till now what I have implemented.
Filebeat(logs)--->Logstash----->Elasticsearch----->Kibana

I can see these logs on kibana dashboard when I make a search * in discover.

Can you please help me how can I improve search on dashboard like:

1) I have logs of same file like /mnt/logs/logxyz.log from various different remote machine, so how can I see all these log in same search.

Here I want same logs file from different node to viewed on Kibana.

**2)**How can I apply some analysis based on which I will get graph/diagram showing error. As of now even if there are error in log file and I apply to view pie-diagram/graph diagram it shows all passed. There would be a way I am sure to but I am not sure how to do that.

TIA

warkolm · May 10, 2016, 7:06am

If they are all the same filename, then just search for that filename.
That's too hard to answer, if you cannot find the errors in a basic search then how do you graph them? Are you sure you have errors in your logs?

nitesh · May 10, 2016, 11:14am

Thanks Mark.

Also can you let me know how can I use OR operator in search.
Like eg: I have file name tntracksp.log from 4 different nodes so I want to see it from only host1

Here host1 is the hostname which is also there in logfile so can we write
"tntracksp.log" "host1" in discover search option.

TIA.

warkolm · May 10, 2016, 8:50pm

tntracksp.log AND host1 would be more accurate.