Skip to content
Kibana plugin to view, search & live tail log events
JavaScript CSS HTML
Branch: master
Clone or download
Latest commit 86fae6a Aug 23, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
.vscode upgrade 6.6.1 and fix few issues Feb 24, 2019
docs updated readme with loading logtrail config from ES Mar 17, 2018
public support for 7.1.0 May 24, 2019
server/routes upgrade to 6.7.1 Apr 9, 2019
.eslintrc added append_keyword field in logtrail.json to specfiy the keyword su… Jul 1, 2018
.gitignore First commit Jan 11, 2016
.kibana-plugin-helpers.json updated release to 0.1.20 and add plugin helpers config to ship logtr… Sep 2, 2017 fixes to support 5.0 ES. replace hostname.raw with hostname.keyword, … Oct 27, 2016 update version to 7.3.1 Aug 23, 2019 fixes and removed console.log Sep 11, 2016
index.js upgrade 6.6.1 and fix few issues Feb 24, 2019
logtrail.json initial support for 6.6 Feb 12, 2019
package-lock.json upgrade 6.6.1 and fix few issues Feb 24, 2019
package.json upgrade deps Aug 24, 2019
screenshot.png updated screenshot Sep 26, 2017
yarn.lock upgrade deps Aug 24, 2019

LogTrail - Log Viewer plugin for Kibana

Github All Releases Kibana 7.3.1 License Donate

LogTrail is a plugin for Kibana to view, analyze, search and tail log events from multiple hosts in realtime with devops friendly interface inspired by Papertrail.



  • View, analyze and search log events from a centralized interface
  • Clean & simple devops friendly interface
  • Live tail
  • Filter aggregated logs by hosts and program
  • Quickly seek to logs based on time
  • Supports highlighting of search matches
  • Supports multiple Elasticsearch index patterns each with different schemas
  • Can be extended by adding additional fields to log event
  • Color coding of messages based on field values


  • Prerequisites
    • Download and install Elasticsearch and Kibana
    • Logtrail is supported and tested with Kibana 6.x and 5.x
  • Install logtrail plugin (requires restart of Kibana after install)
    • Kibana 7.3.1 : ./bin/kibana-plugin install
    • Kibana 5.6.5 : ./bin/kibana-plugin install
    • Other versions :
  • Kibana requires exact match of plugin version to the Kibana version. If you can't find logtrail plugin release for a Kibana release, follow the instrcutions here to update Kibana version in your logtrail plugin archive.
  • Refer Logtrail Config Examples Repo for sample configurations for syslog, Java app, Kubernetes logs.


  • Logtrail can be configured by editing following fields present in logtrail.json file located inside./plugins/logtrail directory.
  • default_index - Elasticsearch index where the syslog events are stored (default: logstash-*)
  • default_time_range_in_days - Default time range in days to search when time is not specified using Seek button. Example: Value of 30 means logtrail will search only in logs from last 30 days, unless time is specified using Seek button. Value of 0 means logtrail will search in all available logs by default.
  • display_timezone - Timezone to display the timestamp in Event Viewer. e.g. America/Los_Angeles. Default value of local will use the timezone of browser. The time specified in Seek To popup will always use browser timezone.
  • display_timestamp_format - Format to display the timestamp in Event Viewer. For list of valid value refer here
  • default_search - if specified, this will applied as default search text while launching logtrail. The value can be any search text. e.g. ssh - shows all logs with ssh in message field. or log_level:SEVERE - shows all logs where log_level field is SEVERE. The field name should be a valid field in elasticsearch document. The default search field is the field mapped to message.
  • fields - Edit this parameter to map the event fields in ES to logtrail fields
    • timestamp - maps to @timestamp field inserted by logstash. This will be used for querying internally. Logtrail recommends @timestamp to be stored in UTC in ES.
    • hostname - hostname from where the events were received. Also used by hostname filter. Hostname field should be of type keyword. For more info checkout Hostname field need to be of type keyword
    • program - program that generated this event.
    • message - actual event message. This field will be used by search.
  • Example: If the event fields names are @timestamp, host, process, message the mapping should be
"mapping" : {
        "timestamp" : "@timestamp",
        "hostname" : "host",
        "program": "process",
        "message": "message"
  • By default each line displayed in the events view is of format: display_timestamp hostname program:message
  • message_format - Used to add additional fields to be shown for log event. For more details refer Adding additional fields
  • keyword_suffix - Specifies the keyword suffix to be appended for hostname & program fields. Set it to "" to not append any suffix. If not specified (undefined) logtrail will append keyword.
  • color_mapping - Color code messages based on field values. For more details refer Color coding messages
  • Any changes in logtrail.json requires restart of Kibana
  • Logtrail can read logtrail.json configuration from Elasticsearch instead of filesystem. This will be useful when sharing same configuration across multiple installations. For more info refer Load Logtrail configuration from Elasticsearch
  • Refer logtrail-config-examples repo for sample configurations
  • Logs & Events from Windows, Java, Python, PHP, Perl, Ruby, Android, Docker, .Net can be shipped using syslog protocol.
  • Beats/Fluentd can also be used to ship events to ES and fields can be mapped using fields parameter in logtrail.json
You can’t perform that action at this time.