Can not find mongodb log in Discover

miladghasemi · May 24, 2023, 10:19am

Hi (sorry for my bad english)
I'm enabled mongodb module in filebeat to send mongodb log into elasticsearch.
Filebeat created dashboard, my log show in discover but when i want to search in Dicover,it not show [event.original] content or in Dev section when i run below query

GET /filebeat-8.7.1/_search
{
  "_source": ["event.original"],
  "query": {
    "wildcard": {
      "event.original": {
        "value": "*CustomerStep*"
      }
    }
  }
}

it show bellow error:

failed to create query: Cannot search on field [event.original] since it is not indexed nor has doc values

how i can solve this problem

Priscilla_Parodi · May 27, 2023, 6:44pm

Hello, miladghasemi. Welcome to our community!

Could you please check your index mapping?

GET filebeat-8.7.1/_mapping

Make sure the event.original index option value is not set to false: "index": false

The index option controls whether field values are indexed. It accepts true or false.

If it is set to false, you will need to create a new index with the desired mappings and reindex. You can use the reindex API for that.

stephenb · May 27, 2023, 10:05pm

Hi @miladghasemi welcome to the community.

It is possible that text you are looking for is in another field like the message field did you search on that?

Have you looked at what actual fields you have available?

mongodb.log.message
type: alias

alias to: message

system · June 24, 2023, 10:05pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.