Can not find mongodb log in Discover

Elastic Stack Elasticsearch
1

Hi (sorry for my bad english)
I'm enabled mongodb module in filebeat to send mongodb log into elasticsearch.
Filebeat created dashboard, my log show in discover but when i want to search in Dicover,it not show [event.original] content or in Dev section when i run below query

GET /filebeat-8.7.1/_search
{
  "_source": ["event.original"],
  "query": {
    "wildcard": {
      "event.original": {
        "value": "*CustomerStep*"
      }
    }
  }
}

it show bellow error:

failed to create query: Cannot search on field [event.original] since it is not indexed nor has doc values

how i can solve this problem

2

Hello, miladghasemi. Welcome to our community!

Could you please check your index mapping?

GET filebeat-8.7.1/_mapping

Make sure the event.original index option value is not set to false: "index": false

The index option controls whether field values are indexed. It accepts true or false.

If it is set to false, you will need to create a new index with the desired mappings and reindex. You can use the reindex API for that.

3

Hi @miladghasemi welcome to the community.

It is possible that text you are looking for is in another field like the message field did you search on that?

Have you looked at what actual fields you have available?

mongodb.log.message
type: alias

alias to: message

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.