Kibana: show logs with a specifc field name value only

I started ingesting Kubernetes logs into ElasticSearch, using the Filebeat Input Container:
Filebeat -> Logstash -> ElasticSearch

My filebeat.yml looks like this:

- type: container
  paths:
    - /var/lib/docker/containers/*/*.log
  fields:
    logs_type: "k8s"
  fields_under_root: true
  multiline.type: pattern
  multiline.pattern: '^[[:space:]]+(at|\.{3})[[:space:]]+\b|^Caused by:'
  multiline.negate: false
  multiline.match: after

processors:
- add_docker_metadata:
    host: "unix:///var/run/docker.sock"

output:
  logstash:
    enabled: True
    hosts:
      - logstash1:5043
      - logstash2:5043
    loadbalance: true

How can I format a Kibana URL to show logs for a specific field name? For example: container.labels.io_kubernetes_container_name = my-k8s-app

http://kibana:5601/app/discover#/?_g=()&options=(container.labels.io_kubernetes_container_name:"my-k8s-app")

Hey there!

I'm not sure there's a great way to filter Kibana globally through the URL but if you're working in Discover, you can set a filter for the container.labels.io_kubernetes_container_name to equal my-k8s-app and then save your search. Once you've saved your search, you can get "Share" and generate a URL that will contain your container_name search filter

Thank you @poff
Your solution serves the purpose.

It would’ve been nice to customize the URL to cater for different applications, but I can easily create filters and share URLs.

Kind regards.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.