Custom Log Dashboards allow you to visualize log data using tables based on ESQL queries. You can create multiple panels with different queries and organize them into a single dashboard for easier monitoring and analysis. 

• Navigate to Log Management from the left panel.

• Click Log Dashboards.

• If no dashboards exist, click Create New Dashboard.

1. Enter the Dashboard Name.

2. Optionally enter a Description.

3. Click Add Panel.

This opens the panel configuration screen.

Configure Panel:

A. Panel Name: Enter a meaningful name for the panel.

B. Select Chart Type: Choose the required visualization type:

• Table

• Bar Chart

• Pie Chart

• Gauge Chart

• Area Chart

• Markdown

• Timeline Chart

For log listing and structured fields, select Table:

Enter ESQL Query

In the ESQL editor:

Example: FROM ALL | LIMIT 50

Click Run to validate and preview data.

Preview Data: The preview section displays returned records based on your query.

Bar Chart

A Bar Chart is used to compare counts or values across categories. It is commonly used to visualize metrics such as request counts, error distribution, or service usage.

Example Use Cases

• HTTP status code distribution
• Requests per service
• Errors by host
• Top IP addresses generating logs

The x axis represents categories such as status codes or services, while the y axis represents the aggregated count.

Bar charts are useful for quickly identifying dominant patterns or spikes.

Pie Chart

A Pie Chart displays the proportional distribution of values within a dataset. It is ideal for understanding percentage based breakdowns.

Example Use Cases

• Error vs success request ratio
• Service traffic share
• Log source distribution
• Protocol usage breakdown

Each slice represents a category, and the size of the slice reflects its percentage contribution to the total dataset.

Pie charts are best used when comparing a small number of categories.

Gauge Chart

A Gauge Chart displays a single numeric metric relative to a defined range. It is commonly used for monitoring thresholds or system health indicators.

Example Use Cases

• Error rate percentage
• Average response time
• CPU utilization from logs
• Failed login rate

The gauge shows a numeric value against predefined limits to quickly determine if a metric is within normal or critical ranges.

Gauge charts are useful for monitoring real time performance indicators.

Area Chart

An Area Chart visualizes how values change over time and highlights cumulative trends. It is commonly used for time series log analysis.

Example Use Cases

• Requests over time
• Errors over time
• Log volume trends
• Traffic growth patterns

The x axis represents time intervals and the y axis represents the aggregated count. The filled area highlights overall trends and volume changes.

Area charts help identify spikes, drops, and seasonal patterns.

Timeline Chart

A Timeline Chart displays events in chronological order and helps visualize sequences of log activity.

Example Use Cases

• Incident timelines
• Service outages
• Security events over time
• Request activity tracking

Events are plotted along a time axis, allowing administrators to analyze the sequence and timing of events.

Timeline charts are useful for troubleshooting and event correlation.

Markdown Panel

A Markdown Panel allows users to add formatted documentation, explanations, or instructions directly inside a dashboard.

Example Use Cases

• Dashboard descriptions
• Operational notes
• Incident investigation instructions
• Monitoring guidelines

Markdown panels display formatted text, links, headings, and lists to provide context for the dashboard.

Panel Settings (Optional):

Under Settings tab, you can configure:

• Show Header

• Pagination

• Rows Per Page

• Enable Search Filtering

• Reset to Default

Adjust based on reporting requirements. Click on Add Dashboard.

Click Save on the dashboard screen. The panel will now appear on your dashboard.

Manage Panels on Dashboard

Once saved, each panel provides toolbar options:

• Enlarge panel

• Edit panel

• Duplicate panel

• Delete panel

• Resize panel by dragging corners

You can adjust the panel size and placement to optimize visibility.

Create Multiple Panels:

• Add multiple tables using different ESQL queries.

• Combine different chart types in the same dashboard.

• Create panels for different log sources or identifier tags.

• Filter based on time ranges.

Each panel operates independently based on its own query. Final Save

After arranging panels:

1. Click Save.

2. Dashboard becomes available under Log Dashboards list.

3. You can later Edit or Delete the dashboard.