You must have Siemplify Integration downloaded and the Elastic Server Address configured with the Siemplify machine address in order to access Kibana logs.
Collecting Logs into EK
All logs generated by the Agent, the Publisher and Siemplify (Remote Execution related) are collected inside Elastic into a specific index that shows all remote activity logs.The logs are updated every X seconds (where x is configurable). The default is 60 seconds. The logs are collected using a Siemplify job called “log collector” and each job is created automatically when a new Publisher is configured to Siemplify.
The Siemplify analyst can filter and sort the logs in the index according to the fields that each log entry has.
How can I see Logs?
From the Settings > Advanced > Publishers screen, next to the required Publisher, click View Publisher Logs. These will show logs for the specified Publisher only
From the Settings > Advanced > Remote Agents screen, click the i icon and then click View Agent Logs. These will show logs for the specified Agent only.
- Enter into the Kibana platform with your machine address and with port 5601 at the end. (For example: 10.0.1.38:5601)
- Click Discover on the top right (this is denoted by the red square).
- In order to see logs which are not specific to an Agent or Publisher, type the following in the Filter field:
For example, type fields.CustomFields.TaskType:“PUBLISHER_CREATE_AGENT”
The following Task Types are supported:
CONNECTOR_EXECUTION (Start Agent)
*Log Record Entry *
Each log should have the same structure (fields):
- Task ID – If the log entry is a Task, it will have the ID here. If the log entry is sending a case package, it will have the package ID here. Otherwise it will have a GUID.
- Task Type – If the log entry is a Task, it will have the type here. Otherwise will put the type of the action done. For example: Agents sending (or re-transmitting) cases
- Actor – Siemplify \ Agent \ Publisher
- Actor Identifier – Unique ID to identify the specific Actor instance
- Module – If the Actor is an Agent, will point the module of the Agent, otherwise will put “None”
- Log Creation Time Unix (GMT)
- Log Creation Time (GMT)
- Log Creation Time Unix (Local)
- Log Creation Time (Local)
- Level – Info \ Warning etc.
- Message – The log message for success or failure with detailed information about the action taken by the Actor (e.g. for sending case packages will include the package ID, count of cases in package etc.)