Grafana Series - Unified Display - 7 - ElasticSearch Data Source
This article was last updated on: May 17, 2026 am
Series Articles
ElasticSearch Data Source
Grafana ships with built-in support for Elasticsearch. You can perform various types of queries to visualize logs or metrics stored in Elasticsearch, and annotate graphs with log events stored in Elasticsearch.
Configuring the ES Data Source
The key configuration items are as follows:
- URL: Set the HTTP protocol, IP, and port of your Elasticsearch server. For example: http://192.168.2.1:9200
Index Configuration
Use the index settings to specify the default value for the time field and the name of your Elasticsearch index. You can use a time pattern such as YYYY.MM.DD, or a wildcard as the index name. Examples:
Index name: [applog.*-]YYYY.MM.DD
Pattern: Daily
Time field name: @timestamp
Log Configuration
You can optionally configure two Logs parameters:
- Message field name
- Level field name
to determine which fields the data source uses for the log message and log level when visualizing logs in Explore.
For example, if you use Filebeat’s default settings to ship logs to Elasticsearch, set:
- Message field name: message
- Level field name: fields.level
Configure according to your actual setup, for example:
- Message:
- _source
- Level:
- level
Data links
Data links create a link from a specified field that can be accessed in the Logs view in Explore.
Each data link configuration includes:
| Parameter | Description |
|---|---|
| Field | Set the field name used by the data link. |
| URL/query | If the link is external, set the full link URL. If the link is internal, this input serves as the query for the target data source. In both cases, you can interpolate values from the field using the ${__value.raw } macro. |
| URL Label | (Optional) Set a custom display label for the link. The link label defaults to the full external URL or the name of the linked internal data source, and is overridden by this setting. |
| Internal link | Set whether the link is internal or external. For internal links, you can select the target data source using the data source selector. This only supports tracing data sources. |
A common use case for Data Links here is jumping from ES Logs to Traces via trace_id.
This will be covered in detail in a later article.
Example ES Data Source Configuration
The final ES data source configuration example is as follows:
EOF