- Observability: other versions:
- What is Elastic Observability?
- What’s new in 8.15
- Get started
- Observability AI Assistant
- Application performance monitoring (APM)
- Self manage APM Server
- Data Model
- Features
- Navigate the APM UI
- Perform common tasks in the APM UI
- Configure APM agents with central config
- Control access to APM data
- Create an alert
- Create and upload source maps (RUM)
- Create custom links
- Filter data
- Find transaction latency and failure correlations
- Identify deployment details for APM agents
- Integrate with machine learning
- Explore mobile sessions with Discover
- Observe Lambda functions
- Query your data
- Storage Explorer
- Track deployments with annotations
- Use OpenTelemetry
- Manage storage
- Configure
- Advanced setup
- Secure communication
- Monitor
- APM Server API
- APM UI API
- Troubleshoot
- Upgrade
- Release notes
- Known issues
- Log monitoring
- Infrastructure monitoring
- AWS monitoring
- Azure monitoring
- Synthetic monitoring
- Get started
- Scripting browser monitors
- Configure lightweight monitors
- Manage monitors
- Work with params and secrets
- Analyze monitor data
- Monitor resources on private networks
- Use the CLI
- Configure projects
- Multi-factor Authentication
- Configure Synthetics settings
- Grant users access to secured resources
- Manage data retention
- Use Synthetics with traffic filters
- Migrate from the Elastic Synthetics integration
- Scale and architect a deployment
- Synthetics support matrix
- Synthetics Encryption and Security
- Troubleshooting
- Uptime monitoring
- Real user monitoring
- Universal Profiling
- Alerting
- Service-level objectives (SLOs)
- Cases
- CI/CD observability
- Troubleshooting
- Fields reference
- Tutorials
Logs index template reference
editLogs index template reference
editIndex templates are used to configure the backing indices of data streams as they’re created. These index templates are composed of multiple component templates—reusable building blocks that configure index mappings, settings, and aliases.
You can view the default logs index template in Kibana.
Navigate to Stack Management → Index Management → Index Templates, and search for logs.
Select the logs index templates to view relevant component templates.
Edit the logs index template
editThe default logs index template for the logs-*-* index pattern is composed of the following component templates:
-
logs@mappings -
logs@settings -
logs@custom -
ecs@mappings
You can use the logs@custom component template to customize your Elasticsearch indices. The logs@custom component template is not installed by default, but you can create a component template named logs@custom to override and extend default mappings or settings. To do this:
- Open Kibana and navigate to Stack Management → Index Management → Component Templates.
- Click Create component template.
- Name the component template logs@custom.
- Add any custom metadata, index settings, or mappings.
Changes to component templates are not applied retroactively to existing indices. For changes to take effect, create a new write index for impacted data streams by triggering a rollover. Do this using the Elasticsearch Rollover API. For example, to roll over the logs-generic-default data stream, run:
POST /logs-generic-default/_rollover/
Set the default_field using the custom template
editThe logs index template uses default_field: [*] meaning queries without specified fields will search across all fields.
You can update the default_field to search in the message field instead of all fields using the logs@custom component template.
If you haven’t already created the `logs@custom`component template, create it as outlined in the previous section. Then, follow these steps to update the Index settings of the component template:
- Open Kibana and navigate to Stack Management → Index Management → Component Templates.
-
Search for
logsand find thelogs@customcomponent template. - Open the Actions menu and select Edit.
-
Select Index settings and add the following code:
{ "index": { "query": { "default_field": [ "message" ] } } }
- Click Next through to the Review page and save the component template.