Elasticsearch Logs Integration
To make use of the Sematext Elasticsearch Logs integration, you'll need to install the Sematext Agent and configure it to ship Elasticsearch logs via the Logs Discovery. You will want to create or select an existing Elasticsearch Logs App because that is what will provide you with all the out of the box dashboards, some of which you can see below.
Once data is in, you can explore it via the built-in reports:
Be sure to check out the Elasticsearch Monitoring integration as well, to get a complete view on Elasticsearch. For example, if you see logs of a node restarting, metrics let you see the impact on the rest of the cluster in terms of CPU, GC, and other metrics. Including query time metrics, even if you don't collect slowlogs from [all] queries.
Exploring logs¶
Once data is in, you can explore it using the built-in reports or create your own. For example, you can use the Queries report to see a breakdown of your queries and "zoom in" to the ones you're interested in:
Other built-in reports include:
- Errors: breakdown of what's wrong: which nodes or components generate errors
- Clustering: logs produced by components that have to do with cluster coordination: master logs, logs related to a node joining/leaving a cluster and shard allocation
- Deprecation: breakdown of deprecation logs by node and coomponent
- Start & Stop: startup-related and shutdown-related logs. Look here if a node went down unexpectedly or doesn't show up in the cluster when started
Troubleshooting¶
If you have trouble sending logs, try out the latest version of Sematext Agent. Also, make sure Sematext Agent is configured to send logs to your Elasticsearch Logs App. Last, check the Log Agents panel for any errors, and refer to our Sematext Logs FAQ for useful tips.