Hi,
We use Filebeat to send JSON logs to Logstash and then on to Elasticsearch.
Some of these logs are very verbose and along with a message field / fields of basic datatypes contain one or more JSON payloads (usually data.x.y.z) which we don't necessarily want to parse out, but want to be able to search.
I understand that I can set "type":"object" and "enabled":false, but while this leaves the original nested structure in the _source, it's not searchable.
Is there any way we can just pass through the JSON payload to Elasticsearch as one big searchable text blob?