search

elastic / kibana

Your window into the Elastic Stack
https://www.elastic.co/products/kibana
Other
19.69k stars 8.12k forks source link

Fleet Logs UI is not showing additional fields required for Elastic Agent / Integration troubleshooting #188662

Closed strawgate closed 1 day ago

strawgate commented 1 month ago

When looking at a specific Agent's logs in the Fleet UI, the only fields shown are timestamp and message.

Screenshot 2024-07-18 at 9 26 25 AM

For normal logs we are missing things like component.id and others which make consuming the logs difficult. For errors, there are key fields missing like error.message which hides the cause of agent errors behind the cryptic values placed in message. This is especially true across inputs which put the cause of the error in the error.message field.

There is a button to open Logs Explorer, and Logs Explorer lets you expand out messages:

Screenshot 2024-07-18 at 9 27 07 AM

But Logs Explorer only appears to show indexed fields.

So the only way to view this additional information is to download an agent diagnostic or open the logs in Discover.

elasticmachine commented 1 month ago

Pinging @elastic/fleet (Team:Fleet)