Logstash log tail in browser

V

5

12

So I setup Logstash 1.4.2 with ElasticSearch and Kibana using logstash-forwarder(lumberjack) and thats working pretty well but I also wanted to show just a raw log output(maybe searchable) via a browser similar to something like papertrail?

Is this possible, thanks!

Vituperate answered 9/2, 2015 at 19:24 Comment(0)

F

5

In the discover view, in the top-right corner, there is a play (triangle) button. Press that and your log output should periodically update (default every 10 seconds for me).

Funches answered 14/1, 2016 at 10:43 Comment(2)

Where is this setting in Kibana v5? – Elliott 11/4, 2017 at 14:57

To answer my own question – it becomes visible after clicking the time picker. – Elliott 11/4, 2017 at 14:59

U

5

Checkout my new Kibana plugin LogTrail, that supports live tail, search and option seek to a particular time in logs in console like GUI.

Undies answered 15/9, 2016 at 9:5 Comment(0)

C

1

There are command line utilities that can tail or query logs stored in elasticsearch. While they're not web based, they may achieve what you need.

EsTail: https://github.com/ElasticSearchCLITools/esTail

To tail the logs using EsTail issue the following command:

node ./esTail.js --url=localhost:9200 --index=logstash*

Elktail: https://github.com/knes1/elktail

To tail the logs using Elktail issue the following command:

elktail --url localhost:9200

More info on Elktail can be found in blogpost here.

Disclaimer: I'm author of Elktail

Cyme answered 6/3, 2016 at 18:53 Comment(0)

P

0

I might not be following exactly... how would what you desire differ from what Kibana can offer?

Anyway, I think there are a number of options, write your own web proxy that just queries recent data from elasticsearch (could then have search too) or use the stdout type output and serve that up on your web server, could rotate that flat file to get a 'tail' like view. Or even send the data to papertrail if you really like that tail and search interface.

Purapurblind answered 10/2, 2015 at 21:27 Comment(0)

E

-11

There is no "live tail" functionality in kibana.

Unless you're Rainman, or your boss is impressed by content-less blinking lights, ask yourself deeply why you want it.

Extramarital answered 10/2, 2015 at 23:58 Comment(6)

A tail function could make sense to debug some issues... the days of ssh'ing into systems are over. – Parting 11/2, 2015 at 16:59

Having a live tail in some lockdown environments is the only way to see the logs. We use Kibana and it's possible to configure it for this purpose (-1 for the offensive comment, mate) – Interradial 21/9, 2015 at 11:11

@spaniard how did you configure this in kibana? – Levileviable 7/1, 2016 at 17:15

At 20000 events/sec (a medium-sided installation), what do you think you're going to see going by in a live tail? Unless you have amazingly good visual pattern matching skills? – Extramarital 14/3, 2016 at 13:38

You may want to tail a single host, or a single application. – Beside 26/4, 2016 at 10:30

With plugins live streaming is possible. There's no reason to be snarky over it. This has plenty of application and it's even one of the big features added to Sumo Logic that I'd wanted and love to have. When following a single host or a couple in a slow environment (beta maybe) it's very useful. – Arratoon 22/6, 2017 at 6:23

Recommended topics

Hot tags