I recently wrote a Transform to aggregate my log events (see previous post if curious). I would like to be able to stream the results of this transform using the Observability > Logs > Stream feature. However, if I try to reference my Transform's destination index I see the errors below. How can I configure my Transform's destination index to be treated as a log index? I have a timestamp field and can come up with a "message" field, but I suspect there's more to it than that. Thank you!
The Transforms UI allows you to create an Kibana Index Pattern on the fly, but it doesn't support setting up a default time field. For your use case, you will have to create the Kibana Index Pattern manually from its dedicated UI in the Kibana Management section and pick the desired date field to be used as the default. That and adding a message field should fix your problem.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.