[hyperpape]

You missed the key criterion, which is being able to see the logs from that process "as a text file", or the way I'd rephrase it "with the same ease of a text file."

Kibana is ok (definitely beats grep) when you want to look across a fleet and determine if a specific thing is happening. But when you have a specific symptom that happens on a particular instance, what you want to do is see logs in the order they happened, and Kibana isn't close. Querying and viewing logs are just slow and cumbersome relative to less/grep.

[dzikimarian]

Well, honestly I don't understand what's missing - you just pick time window, instance and have logs displayed line-by-line as they happened.

Best to configure view for this to limit columns and maybe pre-configure some filters. Plus annotate your logs with timestamp, so you rely on time of event and not time of ingestion.

But these both are one-time configuration thing and then you can simply scroll.

[umanwizard]

> Well, honestly I don't understand what's missing - you just pick time window, instance and have logs displayed line-by-line as they happened.

What's missing is that I don't want to learn and use some clunky web UI in order to do this. I want the UI to be "download this text file" and then use the tools I already know and understand (local text processing utilities and text editors)

[adra]

This seems like a solution for pets. If you have a lot of pets, this sounds totally reasonable, but it isn't some universal truism. People are moving away from pets as they're often harder to work with cattle. That also means you need an observability aggregation which can make sense of what's happening everywhere, not just one instance of on machine.

[dzikimarian]

If GUI is main issue, you can use CLI client to extract data from elastic :-)