How can only show some fields with Kibana + Filebeat?

Joaquin_menchaca · March 29, 2021, 12:38am

I am just getting started with ES + Kibana + Filebeat.

How can I create a visual list of just the log lines form docker containers?

I was able to capture log activity using this:

Filebeat + Dgraph Docker Exploration - First Attempt · GitHub

But I would like to create a list that just hows some of the information, mainly the log messages.

I am not sure how to just see the logs themselves from docker container's stdout/stderr. I am mainly want to get the .fields.message. Some other items from that would be:

."container.name" - to know what container this is from
.fields.@timestamp - when it occurred
.fields.container.image.name - as this containers the version of app used.

How could I do this with Kibana + ES + Filebeat?

Joaquin_menchaca · March 29, 2021, 12:52am

I managed to figure this out with tinkering with Kibana.

http://localhost:5601/app/discover#/?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now%2Fd,to:now%2Fd))&_a=(columns:!(container.name,message),filters:!(),index:'filebeat-*',interval:auto,query:(language:kuery,query:''),sort:!())

system · April 26, 2021, 2:52am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Help needed: Filebeat Container input > Elasticsearch >Kibana Beats docker , filebeat	12	5065	October 22, 2019
Filebeat Docker input: exclude container by name Beats docker , filebeat	1	1064	June 6, 2022
Filebeat not reading all docker container logs Beats filebeat	11	5179	February 5, 2019
Filebeat, elasticsearch,kibana Kibana docker	2	228	November 26, 2020
Can't get kibana to display filebeat logs with docker auto discovery Beats docker , filebeat	4	719	May 15, 2021

How can only show some fields with Kibana + Filebeat?

Related topics