Logstash log tail in browser

Question

So I setup Logstash 1.4.2 with ElasticSearch and Kibana using logstash-forwarder(lumberjack) and thats working pretty well but I also wanted to show just a raw log output(maybe searchable) via a browser similar to something like papertrail?

Is this possible, thanks!

score 5 · Answer 1 · answered Jan 14 '16 at 10:43

5

In the discover view, in the top-right corner, there is a play (triangle) button. Press that and your log output should periodically update (default every 10 seconds for me).

answered Jan 14 '16 at 10:43

Zoltán

21,321
14
93
134

Where is this setting in Kibana v5? – Gajus Apr 11 '17 at 14:57
1

To answer my own question – it becomes visible after clicking the time picker. – Gajus Apr 11 '17 at 14:59

avis · Answer 2 · 2016-09-15T09:10:59.770

5

Checkout my new Kibana plugin LogTrail, that supports live tail, search and option seek to a particular time in logs in console like GUI.

edited Sep 15 '16 at 09:10

answered Sep 15 '16 at 09:05

avis

599
1
6
18

Krešimir Nesek · Answer 3 · 2016-03-07T09:40:42.520

There are command line utilities that can tail or query logs stored in elasticsearch. While they're not web based, they may achieve what you need.

EsTail: https://github.com/ElasticSearchCLITools/esTail

To tail the logs using EsTail issue the following command:

node ./esTail.js --url=localhost:9200 --index=logstash*

Elktail: https://github.com/knes1/elktail

To tail the logs using Elktail issue the following command:

elktail --url localhost:9200

More info on Elktail can be found in blogpost here.

Disclaimer: I'm author of Elktail

score 0 · Answer 4 · answered Feb 10 '15 at 21:27

I might not be following exactly... how would what you desire differ from what Kibana can offer?

Anyway, I think there are a number of options, write your own web proxy that just queries recent data from elasticsearch (could then have search too) or use the stdout type output and serve that up on your web server, could rotate that flat file to get a 'tail' like view. Or even send the data to papertrail if you really like that tail and search interface.

score -11 · Answer 5 · answered Feb 10 '15 at 23:58

-11

There is no "live tail" functionality in kibana.

Unless you're Rainman, or your boss is impressed by content-less blinking lights, ask yourself deeply why you want it.

answered Feb 10 '15 at 23:58

Alain Collins

16,268
2
32
55

4

A tail function could make sense to debug some issues... the days of ssh'ing into systems are over. – volker Feb 11 '15 at 16:59
2

Having a live tail in some lockdown environments is the only way to see the logs. We use Kibana and it's possible to configure it for this purpose (-1 for the offensive comment, mate) – Eduardo Sanchez-Ros Sep 21 '15 at 11:11
@spaniard how did you configure this in kibana? – Torben Knerr Jan 07 '16 at 17:15
At 20000 events/sec (a medium-sided installation), what do you think you're going to see going by in a live tail? Unless you have amazingly good visual pattern matching skills? – Alain Collins Mar 14 '16 at 13:38
2

You may want to tail a single host, or a single application. – Daniele Venzano Apr 26 '16 at 10:30
With plugins live streaming is possible. There's no reason to be snarky over it. This has plenty of application and it's even one of the big features added to Sumo Logic that I'd wanted and love to have. When following a single host or a couple in a slow environment (beta maybe) it's very useful. – Nathan V Jun 22 '17 at 06:23

Logstash log tail in browser

5 Answers5