Elasticsearch Unknown Field, logEvents

ckough · April 28, 2020, 5:23am

Hi there,

I'm using ELK 7.6. I am ingesting logs from S3 buckets via SQS. These S3 logs are piped using Firehose from Cloudwatch logs.

I have encountered Unknown Field, logEvents, in my indices.

What it contains inside is this:

There is no fix number of message fields inside each logEvents field.
How do I pattern this index such that I can search for the logs inside the message field?
Pls guide me patiently as I'm new at this.

Thanks,
ck

system · May 26, 2020, 5:27am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Object mapping for [data.value] tried to parse field [value] as object, but found a concrete value Logstash	3	7722	October 21, 2022
Fields Coming as unknown in Index Elasticsearch elastic-stack-monitoring	1	318	November 19, 2020
Fields Coming as unknown in Index Elasticsearch elastic-stack-monitoring , ilm-index-lifecycle-management	1	354	November 17, 2020
Possibility of Duplicate Value in Field Elasticsearch ecs-elastic-common-schema	5	336	December 1, 2022
Logstash does not index event to elastic due to issue on host field Logstash	6	516	January 8, 2021

Elasticsearch Unknown Field, logEvents

Related Topics