Get Log Stream from Serilog in Elasticstack

Question

I'm currently evaluating the Serilog.Sinks.Elasticsearch sink for Serilog in a .NET Core web service. I successfully managed to pump some log messages through that sink using the following config (through JSON rather than code):

    ...
    "WriteTo": [
      {
        "Name": "Elasticsearch",
        "Args": {
          "nodeUris": "http://localhost:9200",
          "connectionGlobalHeaders": "Authorization=Basic <base64 encrypted user:pwd here>",
          "indexFormat": "serilog-{0:yyyy.MM.dd}"
        }
      }
    ],
    ...

I can see and filter these messages in the Analytics->Discovery page in Kibana. However displaying e.g. just the messages in a readable manner doesn't seem to be possible (or I missed it). The Observability->Logs page would provide that, but I can't see the logs in there. (I can see them there if I do .NET -> file -> filebeat -> elasticsearch, but not with the Elasticsearch sink)

Do I have to configure something in Kibana or the Elasticsearch sink configuration so I can see the log stream?

Answer 1

This was a configuration issue in Kibana. If you go to the Observability->Logs page and click on Settings in the top-right area of the page you can configure your sources to either use a single Data View as used in the Analytics->Discovery page, or acumulate logs of several sources by providing the indexes.

In this case, serilog-* (compare the JSON config in the question) needed to be added to the indexes which get displayed in that page.