Custom Logs
Collect custom logs with Elastic Agent.
Version |
2.3.0 (View all) |
Compatible Kibana version(s) |
8.8.0 or higher |
Subscription level |
Basic |
The Custom Logs package is used for ingesting arbitrary log files and manipulating their content/lines by using Ingest Pipelines configuration.
In order to use the package, please follow these steps:
- Setup / Install Elastic Agent at the machine where the logs should be collected from
- Identify the log location at that machine e.g.
/tmp/custom.log. Note that/var/log/*.logis fully ingested by the System, no need to add this path if the System integration is already used - Enroll Custom Logs integration and add it to the installed agent. Give the dataset a name that fits to the log purpose, e.g.
pythonfor logs from a Python app. Make sure to configure the path from the step 2 - Check that the raw log data is coming in via Discover by filtering the
logs-*indices to the dataset name given in step 3, e.g.logs-python - Configure the parsing rules via Ingest Pipelines, e.g. JSON Parsing or grok parsing
- Create a custom dashboard that analyzes the incoming log data for your needs
ECS Field Mapping
This integration includes the ECS Dynamic Template, all fields that follows the ECS Schema will get assigned the correct index field mapping and does not need to be added manually.
Changelog
| Version | Details | Kibana version(s) |
|---|---|---|
2.3.0 | Enhancement View pull request | 8.8.0 or higher |
2.2.0 | Enhancement View pull request | 8.8.0 or higher |
2.1.0 | Enhancement View pull request | 8.8.0 or higher |
2.0.0 | Enhancement View pull request | 8.8.0 or higher |
1.1.2 | Enhancement View pull request | — |
1.1.1 | Enhancement View pull request | — |
1.1.0 | Enhancement View pull request | — |
1.0.0 | Enhancement View pull request | — |
0.5.1 | Enhancement View pull request | — |
0.5.0 | Enhancement View pull request | — |
0.4.6 | Enhancement View pull request | — |
0.1.0 | Enhancement View pull request | — |