Hi there,
I'm using ELK 7.6. I am ingesting logs from S3 buckets via SQS. These S3 logs are piped using Firehose from Cloudwatch logs.
I have encountered Unknown Field, logEvents, in my indices.
What it contains inside is this:
There is no fix number of message fields inside each logEvents field.
How do I pattern this index such that I can search for the logs inside the message field?
Pls guide me patiently as I'm new at this. 
Thanks,
ck