Error on the Logs page in Kibana on Elastic cloud hosted on AWS

We are using the Elastic Cloud hosted solution on AWS at version 6.6.1. We are using filebeats 6.6.0 and the IIS module to parse IIS 10 logs into Elastic Search.

When we look at the logs page we are seeing many

failed to format message from c:\inetpub\logs\Logfiles\W3SVC3\u_ex190220.log

lines. This error appears at https://github.com/elastic/kibana/blob/master/x-pack/plugins/infra/server/lib/domains/log_entries_domain/builtin_rules/index.ts in the source code. My typescript isn't good enough for me to trace the problem.

Does anybody know if we are doing anything wrong or is there a bug in Kibana?

Hi @ajazam1,

the message you're seeing stems from the fact that the Logs UI didn't properly support the docs created by filebeat's IIS module. This has been fixed in Kibana issue #30398 and will be part of the 6.7 release of the Elastic stack.

If you are looking for a quick workaround until then, you could adjust the ingestion pipeline to not delete the message field during ingestion. The pipeline should be called something like filebeat-6.6.0-iis-access-pipeline and can be read or written using the ingest pipeline APIs.

Please let me know if you require more assistance with that. I apologize for the inconvenience this has caused.

Thank you. I think I will wait for the next version of Elastic Stack.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.