When looking at a specific Agent's logs in the Fleet UI, the only fields shown are timestamp and message.
For normal logs we are missing things like component.id and others which make consuming the logs difficult.
For errors, there are key fields missing like error.message which hides the cause of agent errors behind the cryptic values placed in message. This is especially true across inputs which put the cause of the error in the error.message field.
There is a button to open Logs Explorer, and Logs Explorer lets you expand out messages:
But Logs Explorer only appears to show indexed fields.
So the only way to view this additional information is to download an agent diagnostic or open the logs in Discover.
When looking at a specific Agent's logs in the Fleet UI, the only fields shown are timestamp and message.
For normal logs we are missing things like component.id and others which make consuming the logs difficult. For errors, there are key fields missing like
error.message
which hides the cause of agent errors behind the cryptic values placed inmessage
. This is especially true across inputs which put the cause of the error in theerror.message
field.There is a button to open Logs Explorer, and Logs Explorer lets you expand out messages:
But Logs Explorer only appears to show indexed fields.
So the only way to view this additional information is to download an agent diagnostic or open the logs in Discover.