I am trying to access the log files sent to Elasticsearch outside of the Kibana browser but don't know where to find them.
I am running Elasticsearch on a remote CentOS 7 server with another AWS CentOS 7 server sending it Nginx logs with Filebeat. I have tried navigating to /var/lib/Elasticsearch/indexes but am unsure where to go from there or what to make of the files I found.
Ideally I would be able to open and move the parsed log files received by Elasticsearch (the JSON's on Kibana would be great).
You can't access the files directly, it is not possible.
Elasicsearch is REST based, to see what you have stored without using a visualization tool like Kibana, or something like Grafana, you would need to make a request using the Search API and work with the result.
For example, if you have an index named nginx-logs and want to see what you have stored a simple GET request using curl would return you some data.
curl -X GET "localhost:9200/nginx-logs/_search?pretty"
You also can use the Query DSL to make more complex queries with filters and things like that.
It is also possible to write some tool or script using one of the clients to retrieve and parse the logs.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
