Commit 3af7eeb3 by kay delaney Committed by Marcus Efraimsson

Docs: Adds section on Querying Logs for Elasticsearch (#17730)

Closes #17713
parent f53f0c80
......@@ -149,6 +149,8 @@ Since not all datasources have the same configuration settings we only have the
| esVersion | number | Elasticsearch | Elasticsearch version as a number (2/5/56/60/70) |
| timeField | string | Elasticsearch | Which field that should be used as timestamp |
| interval | string | Elasticsearch | Index date time format. nil(No Pattern), 'Hourly', 'Daily', 'Weekly', 'Monthly' or 'Yearly' |
| logMessageField | string | Elasticsearch | Which field should be used as the log message |
| logLevelField | string | Elasticsearch | Which field should be used to indicate the priority of the log message |
| authType | string | Cloudwatch | Auth provider. keys/credentials/arn |
| assumeRoleArn | string | Cloudwatch | ARN of Assume Role |
| defaultRegion | string | Cloudwatch | AWS region |
......
......@@ -79,6 +79,18 @@ Identifier | Description
`s` | second
`ms` | millisecond
### Logs (BETA)
> Only available in Grafana v6.3+.
There are two parameters, `Message field name` and `Level field name`, that can optionally be configured from the data source settings page that determine
which fields will be used for log messages and log levels when visualizing logs in [Explore](/features/explore).
For example, if you're using a default setup of Filebeat for shipping logs to Elasticsearch the following configuration should work:
- **Message field name:** message
- **Level field name:** fields.level
## Metric Query editor
![Elasticsearch Query Editor](/img/docs/elasticsearch/query_editor.png)
......@@ -162,6 +174,28 @@ Time | The name of the time field, needs to be date field.
Text | Event description field.
Tags | Optional field name to use for event tags (can be an array or a CSV string).
## Querying Logs (BETA)
> Only available in Grafana v6.3+.
Querying and displaying log data from Elasticsearch is available via [Explore](/features/explore).
![](/img/docs/v63/elasticsearch_explore_logs.png)
Select the Elasticsearch data source, change to Logs using the Metrics/Logs switcher, and then optionally enter a lucene query into the query field to filter the log messages.
Finally, press the `Enter` key or the `Run Query` button to display your logs.
### Log Queries
Once the result is returned, the log panel shows a list of log rows and a bar chart where the x-axis shows the time and the y-axis shows the frequency/count.
Note that the fields used for log message and level is based on an [optional datasource configuration](#logs-beta).
### Filter Log Messages
Optionally enter a lucene query into the query field to filter the log messages. For example, using a default Filebeat setup you should be able to use `fields.level:error` to only show error log messages.
## Configure the Datasource with Provisioning
It's now possible to configure datasources using config files with Grafana's provisioning system. You can read more about how it works and all the settings you can set for datasources on the [provisioning docs page](/administration/provisioning/#datasources)
......@@ -181,3 +215,22 @@ datasources:
interval: Daily
timeField: "@timestamp"
```
or, for logs:
```yaml
apiVersion: 1
datasources:
- name: elasticsearch-v7-filebeat
type: elasticsearch
access: proxy
database: "[filebeat-]YYYY.MM.DD"
url: http://localhost:9200
jsonData:
interval: Daily
timeField: "@timestamp"
esVersion: 70
logMessageField: message
logLevelField: fields.level
```
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment