I have a basic configuration of logstash sending syslogs to Elasticsearch. I created my index pattern and can make visualizations, etc. However, I want to view the logs in real time on my dashboard.
My dashboard has 4 different visualizations, and all of them show data. The only one that doesn't show anything is the 'Log Stream' widget.
By Log Stream you mean the Logs app in Kibana, part of the Observability module?
The logs app per default will only look into index named filebeat-* and nothing else, if you are using different index names you will need to edit the settings and change which index pattern the log stream should look and which fields it will show.
How you will do that will depend on the version you are using. What is the stack version you are using?
In this link you have the documentation for version 7.17, just change to your current version to see what you need to change.
I do not have any logging integrations. The observability > logs tab is completely empty, just prompting me to integrate-- which I shouldn't have to do in order to display logs that I can already see in Discover.
You do not need any logging integrations, you just need to configure the Logs app in the Observability session to use your index patterns and fields, check the documentation I shared and the answer above.
The Logs tab is completely different from discover, it won't work unless you change it from the default setting that uses the filebeat-* index.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.