Understanding Kibana and how to visualize your application logs
What does Kibana do?
Kibana is a user interface that lets you search and visualize your application logs. Kibana has a user guide that explains more about how to use it and to create custom visualizations.
What are some types of logs?
Cloud Foundry assigns a type to each log message depending on its origin. Application logs are assigned the APP log type. HTTP requests being routed to an app will produce the RTR log type. The various types of logs are listed in the documentation here.
Cloudfoundry logs are often translated into field names in Elasticsearch/Kibana using the log type as a prefix. For example, APP logs in Kibana include fields like
app.name for the application name.
How to visualize application traffic
Router log data can be used to create a visualization of your application traffic following the steps below.
After you have logged into Kibana, click “Discover” in the left sidebar menu. Then, add filters and search terms to query for router logs as seen in the screenshot below. Please note that the filters shown here for a specific space and application are just an example. You might want to view logs for all requests to application in a given space, in which case you would not want a filter for
The next step is to visualize your search results based on a specific field. To visualize request logs over time, choose the
@timestamp field from the left sidebar of “Available fields”. Then, click “Visualize”.
By default, visualizing logs based on
@timestamp will produce a histogram chart. To change the chart type to line, which might be more useful for this type of data, click the “Metrics & axes” link in the chart configuration panel on the right side of the screen. Then, under “Metrics” and “Count”, select “Line” from the “Chart type” drop-down. Finally, click the “Update” button at the bottom right of the screen and the chart should update to a line chart.
Fields for router requests
Listed below are the explanations of some field names for router (RTR) logs:
- rtr.app.id: The application guid
- rtr.hostname: The domain/hostname the request was sent to (e.g test.app.cloud.gov)
- rtr.http_user_agent: What user agent the request came from (Chrome, Firefox, Curl, etc…)
- rtr.path: The specific url path that was requested (e.g. /my/test/page)
- rtr.status: Gives the status of the request (200, 404, etc…)
- rtr.verb: The type of request (POST, GET, etc…)
- rtr.x_forwarded_for: The IP address the request came from
- rtr.timestamp: The time of the request in UTC
The full list of fields available for router logs can be found in our Elasticsearch field mapping configuration.