How can only show some fields with Kibana + Filebeat?

Joaquin_menchaca · March 29, 2021, 12:38am

I am just getting started with ES + Kibana + Filebeat.

How can I create a visual list of just the log lines form docker containers?

I was able to capture log activity using this:

Filebeat + Dgraph Docker Exploration - First Attempt · GitHub

But I would like to create a list that just hows some of the information, mainly the log messages.

I am not sure how to just see the logs themselves from docker container's stdout/stderr. I am mainly want to get the .fields.message. Some other items from that would be:

."container.name" - to know what container this is from
.fields.@timestamp - when it occurred
.fields.container.image.name - as this containers the version of app used.

How could I do this with Kibana + ES + Filebeat?

Joaquin_menchaca · March 29, 2021, 12:52am

I managed to figure this out with tinkering with Kibana.

http://localhost:5601/app/discover#/?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now%2Fd,to:now%2Fd))&_a=(columns:!(container.name,message),filters:!(),index:'filebeat-*',interval:auto,query:(language:kuery,query:''),sort:!())

system · April 26, 2021, 2:52am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.