I've implemented filebeat a while ago and started to send log events to Logstash to be inserted into Elasticsearch for viewing in Kibana. Ever since , people (Users of Kibana Logs) have been complaining about it's usability, how clunky it is, the stream process needs to be turned off and on again before it kicks in, filters don't always work, etc.
Now people are asking for "the good old way" to look at logs which is an HTTP server with the "application.log" files served in the browser.
I don't believe it was the intention of the Kibana Logs application to scare people away, so I am asking if there is something I could do differently to make my users like and adopt the Kibana Logs application?
If there is anybody out there that has the same bad experience and has some magic steps to make this work for everyone, I am open to suggestions.
Yes, I am talking about the observability Logs app in Kibana (v7.10.0).
My users have an account to log into Kibana, they click on the Logs app in the left menu. It opens in the "Stream" view automatically. They then try to search by different tags in the search bar. Those logs are shipped by filebeat (v7.10.0) on the source host to Logstash, and Logstash stores in Elasticsearch after applying filters (or not).
Do you think the problem finding logs events comes down to training people to use the appropriate search tags for their application? I am trying to facilitate the shift from using the logs served over HTTP to Kibana, and it's not going well. They prefer the "old way". Maybe Elasticsearch offers other dashboards the are more intuitive to use by my users, or 3rd party tools that have a tie into Elasticsearch and have a better presentation layer, etc.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.