You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/en/observability/logs-stream.asciidoc
+5-6Lines changed: 5 additions & 6 deletions
Original file line number
Diff line number
Diff line change
@@ -76,8 +76,7 @@ inputs:
76
76
type: filestream
77
77
streams:
78
78
- id: your-log-stream-id
79
-
data_stream:
80
-
dataset: generic
79
+
data_stream.dataset: generic
81
80
paths:
82
81
- /var/log/your-logs.log
83
82
----
@@ -258,7 +257,7 @@ In the following command, the dissect processor extracts the timestamp from the
258
257
----
259
258
PUT _ingest/pipeline/logs-example-default
260
259
{
261
-
"description": "Extracts the timestamp from log",
260
+
"description": "Extracts the timestamp",
262
261
"processors": [
263
262
{
264
263
"dissect": {
@@ -453,7 +452,7 @@ Add the `%{log.level}` option to the dissect processor pattern in the ingest pip
453
452
----
454
453
PUT _ingest/pipeline/logs-example-default
455
454
{
456
-
"description": "Extracts the timestamp from log",
455
+
"description": "Extracts the timestamp and log level",
457
456
"processors": [
458
457
{
459
458
"dissect": {
@@ -606,7 +605,7 @@ You should see the following results showing only your high-severity logs:
606
605
[[logs-stream-extract-host-ip]]
607
606
== Extract the `host.ip` field
608
607
609
-
Extracting the `host.ip` field lets you filter logs by host IP addresses allowing you to focus on specific hosts that you’re having issues with or find disparities between hosts.
608
+
Extracting the `host.ip` field lets you filter logs by host IP addresses allowing you to focus on specific hosts that you're having issues with or find disparities between hosts.
610
609
611
610
The `host.ip` field is part of the {ecs-ref}/ecs-reference.html[Elastic Common Schema (ECS)]. Through the ECS, the `host.ip` field is mapped as an {ref}/ip.html[`ip` field type]. `ip` field types allow range queries so you can find logs with IP addresses in a specific range. You can also query `ip` field types using CIDR notation to find logs from a particular network or subnet.
612
611
@@ -636,7 +635,7 @@ Add the `%{host.ip}` option to the dissect processor pattern in the ingest pipel
636
635
----
637
636
PUT _ingest/pipeline/logs-example-default
638
637
{
639
-
"description": "Extracts the timestamp from log",
638
+
"description": "Extracts the timestamp log level and host ip",
0 commit comments