Reviewing Logs in Kabana

Hello, I'm currently reviewing event logs in Kibana as part of SOF ELK. I have over 400,000 logs to search though, I can only see a maximum of 500 at a time to search through. How do I configure Kibana to allow me to search through all 400K+ logs at once? Thanks.

Can you ellaborate how are you running your search?

In discover any query on the search bar will be applied to the documents in the time filter range. You can check the exact parameters of your query in the Inspect tool to confirm this.

On this quick clip I use Discover with a data view with some documents, perform a search, and inspect it in the mentioned tool

Peek 2022-06-28 13-39

Hope it helps

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.