I'm using Kibana in a browser to query for some log data that has been fed into Elasticsearch.
I'm not able to get enough help material on usage information for various fields.
For example, what is "host" and what is "agent" and what is host.hostname and agent.hostname.
Also, how do I use the @timestamp in the query. Should it be something like @timestamp : "12/26/2019" - what are the various options?
Where can I get detailed information on each of these items?
Thanks.
@ fields are usually ones generated by Logstash as metadata ones, @timestamp being the value that the event was processed by Logstash.
Set @timestamp as the Time Filter field name when setting up your Kibana index pattern. This will allow Kibana's timepicker to filter on @timestamp field.
My log data goes into Elasticsearch from log files on different Windows client machines. Elasticsearch is installed with Kibana on a Windows Server machine.
Filebeat is used on the different clients to feed log information into Elasticsearch.
I'm not using Logstash. I was using it earlier, but am bypassing it now, since there is no real need for it in my environment.
So then, I think the log data should be in ECS.
Basically I need good ways to differentiate which log information comes from which client machine. I think host.hostname may be a good differentiator.
So, in my scenario, do you think it is necessary to create different indexes for different client machines? Or just use one filebeat-* ?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.