I've been searching and searching for a solution, but I've not managed to find any relevant answers. I suspect I am looking in the wrong place or have misunderstood how some of the ELK stack tools are connected.
Regardless, please let me explain my issue. Using Kibana's log stream, I see all logs that are coming into the ELK solution. However, I cannot order by date. The uppermost logs are the oldest, and all new logs are at the bottom of the page. What I dearly want is the ability to have the livestream logs have the newest entries at the top of the page.
If you look at the attached image, you will see the column marked @timestamp - it has a red mark next to it. There is seemingly no way to order this column, and nothing to click in the column heading.
I don't think you can change the order of logs being displayed in the Log Stream app. You'd need to switch to Discover which is a more generic documents explorer tool.
Thank you, Jorge. My Discover logs look vastly different to my stream logs; they show many of a log message's attributes, but in my case, not the message. I guess this is a configuration thing so I'll go diving in the docs on how to configure it as I wish to have it.
Correct in Discover you decide which fields you want to display in the table, you can reorder them, etc. Check the docs, and remember you can save this configuration as a Saved Search so it can be accessed later, or even reused in your own dashboards.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
