Filebeat + opensearch / graylog + grafana for log dashboard

Hi Grafana Community,

as a fresh beginner with this software constellation im trying to archive to collecting logs and visualize it in grafana.

Currently im strugggeling since 3 days to getting it to work. Maybe someone has a hint or link for a tutorial?

  • What Grafana version and what operating system are you using?

OS: Debian 12
Grafana: 10.3.3
Filebeat: 8.12.2
Graylog: Server: 5.2.4-1
Opensearch: 2.11.1

  • What are you trying to achieve?

Collecting journald logs (currently) and (in the future) app logs from e.g apache, redis etc

  • How are you trying to achieve it?

3 Test VM:

1 VM for collecting journald logs sending to the next VM
1 VM graylog with opensearch instead elasticsearch
1 VM with Grafana with PPL (Piped Processing Language)

  • What happened?

If i use the Explorer to view the logs with a PPL Query i get the following:

a nice log volume overview over time with filters for warning / info / errror / unknown

  • What did you expect to happen?

If i use the Explorer view to create a new dashboard, it looks like in the Explorer
But if a create it from the Explorer view or by hand, i canĀ“t reacreate it

In the Explorer with is looks like:

Date - Timestamp - Log message

which is a nice one liner

with Dasboard Type Table it doesnt look like in the Explorer

If i use the visu Log, it only shows the hostname but my PPL query includes the timestamp, source, filebeat_input_type, message

  • Did you receive any errors in the Grafana UI or in related logs? If so, please tell us exactly what they were.
  • no errors in the grafana.log and grafana UI
  • Did you follow any online instructions? If so, what is the URL?