diff --git a/docs/en/observability/explore-logs.asciidoc b/docs/en/observability/explore-logs.asciidoc index f2ffdaa7cb..8106a95e38 100644 --- a/docs/en/observability/explore-logs.asciidoc +++ b/docs/en/observability/explore-logs.asciidoc @@ -44,32 +44,10 @@ You can add fields, order table columns, sort fields, and update the row height Refer to the {kibana-ref}/discover.html[Discover] documentation for more information on updating the table. [discrete] -[[analyze-data-with-smart-fields]] -=== Analyze data with smart fields +[[actions-column]] +=== Actions column -Smart fields are dynamic fields that provide valuable insight on where your log documents come from, what information they contain, and how you can interact with them. -The following sections detail the smart fields available in Logs Explorer. - -[discrete] -[[resource-smart-field]] -==== Resource smart field - -The resource smart field shows where your logs are coming from by displaying fields like `service.name`, `container.name`, `orchestrator.namespace`, `host.name`, and `cloud.instance.id`. -Use this information to see where issues are coming from and if issues are coming from the same source. - -[discrete] -[[content-smart-field]] -==== Content smart field - -The content smart field shows your logs' `log.level` and `message` fields. -If neither of these fields are available, the content smart field will show the `error.message` or `event.original` field. -Use this information to see your log content and inspect issues. - -[discrete] -[[actions-smart-field]] -==== Actions smart field - -The actions smart field provides access to additional information about your logs. +The actions column provides access to additional information about your logs. **Expand:** image:images/expand-icon.png[The icon to expand log details] Open the log details to get an in-depth look at an individual log file. diff --git a/docs/en/observability/images/log-explorer.png b/docs/en/observability/images/log-explorer.png index 0f5047fc18..9d7e3950a3 100644 Binary files a/docs/en/observability/images/log-explorer.png and b/docs/en/observability/images/log-explorer.png differ diff --git a/docs/en/observability/images/log-menu.png b/docs/en/observability/images/log-menu.png index db61571ca2..07b9412bd4 100644 Binary files a/docs/en/observability/images/log-menu.png and b/docs/en/observability/images/log-menu.png differ diff --git a/docs/en/serverless/images/log-explorer.png b/docs/en/serverless/images/log-explorer.png new file mode 100644 index 0000000000..9d7e3950a3 Binary files /dev/null and b/docs/en/serverless/images/log-explorer.png differ diff --git a/docs/en/serverless/images/log-menu.png b/docs/en/serverless/images/log-menu.png new file mode 100644 index 0000000000..07b9412bd4 Binary files /dev/null and b/docs/en/serverless/images/log-menu.png differ diff --git a/docs/en/serverless/logging/view-and-monitor-logs.asciidoc b/docs/en/serverless/logging/view-and-monitor-logs.asciidoc new file mode 100644 index 0000000000..251f531370 --- /dev/null +++ b/docs/en/serverless/logging/view-and-monitor-logs.asciidoc @@ -0,0 +1,87 @@ +[[observability-discover-and-explore-logs]] += Explore logs + +// :description: Visualize and analyze logs. +// :keywords: serverless, observability, how-to + +preview:[] + +With **Logs Explorer**, based on Discover, you can quickly search and filter your log data, get information about the structure of log fields, and display your findings in a visualization. +You can also customize and save your searches and place them on a dashboard. +Instead of having to log into different servers, change directories, and view individual files, all your logs are available in a single view. + +Go to Logs Explorer by opening **Discover** from the navigation menu, and selecting the **Logs Explorer** tab. + +[role="screenshot"] +image::images/log-explorer.png[Screen capture of the Logs Explorer] + +[discrete] +[[observability-discover-and-explore-logs-required-kib-privileges]] +== Required {kib} privileges + +Viewing data in Logs Explorer requires `read` privileges for **Discover** and **Integrations**. +For more on assigning Kibana privileges, refer to the {kibana-ref}/kibana-privileges.html[{kib} privileges] docs. + +[discrete] +[[observability-discover-and-explore-logs-find-your-logs]] +== Find your logs + +By default, Logs Explorer shows all of your logs according to the index patterns set in the **logs source** advanced setting. +Update this setting by going to _Management_ → _Advanced Settings_ and searching for _logs source_. + +If you need to focus on logs from a specific integrations, select the integration from the logs menu: + +[role="screenshot"] +image::images/log-menu.png[Screen capture of log menu] + +Once you have the logs you want to focus on displayed, you can drill down further to find the information you need. +For more on filtering your data in Logs Explorer, refer to <>. + +[discrete] +[[observability-discover-and-explore-logs-review-log-data-in-the-documents-table]] +== Review log data in the documents table + +The documents table in Logs Explorer functions similarly to the table in Discover. +You can add fields, order table columns, sort fields, and update the row height in the same way you would in Discover. + +Refer to the {kibana-ref}/discover.html[Discover] documentation for more information on updating the table. + +[discrete] +[[observability-discover-and-explore-logs-actions-column]] +==== Actions column + +The actions column provides access to additional information about your logs. + +**Expand:** (image:images/icons/expand.svg[expand icon]) Open the log details to get an in-depth look at an individual log file. + +**Degraded document indicator:** (image:images/icons/pagesSelect.svg[degraded document indicator icon]) Shows if any of the document's fields were ignored when it was indexed. +Ignored fields could indicate malformed fields or other issues with your document. Use this information to investigate and determine why fields are being ignored. + +**Stacktrace indicator:** (image:images/icons/apmTrace.svg[stacktrace indicator icon]) Shows if the document contains stack traces. +This indicator makes it easier to navigate through your documents and know if they contain additional information in the form of stack traces. + +[discrete] +[[observability-discover-and-explore-logs-view-log-details]] +== View log details + +Click the expand icon (image:images/icons/expand.svg[expand icon]) in the **Actions** column to get an in-depth look at an individual log file. + +These details provide immediate feedback and context for what's happening and where it's happening for each log. +From here, you can quickly debug errors and investigate the services where errors have occurred. + +The following actions help you filter and focus on specific fields in the log details: + +* **Filter for value (image:images/icons/plusInCircle.svg[filter for value icon]):** Show logs that contain the specific field value. +* **Filter out value (image:images/icons/minusInCircle.svg[filter out value icon]):** Show logs that do _not_ contain the specific field value. +* **Filter for field present (image:images/icons/filter.svg[filter for present icon]):** Show logs that contain the specific field. +* **Toggle column in table (image:images/icons/listAdd.svg[toggle column in table icon]):** Add or remove a column for the field to the main Logs Explorer table. + +[discrete] +[[observability-discover-and-explore-logs-view-log-quality-issues]] +== View log quality issues + +From the log details of a document with ignored fields, as shown by the degraded document indicator ((image:images/icons/pagesSelect.svg[degraded document indicator icon])), expand the **Quality issues** section to see the name and value of the fields that were ignored. +Select **Data set details** to open the **Data Set Quality** page. Here you can monitor your data sets and investigate any issues. + +The **Data Set Details** page is also accessible from **Project settings** → **Management** → **Data Set Quality**. +Refer to <> for more information.