Hi
I'm new to Elasticsearch and I am trying to get information from a Juniper SRX firewall. The logs are being ingested but the information I would like to search is in event.original which is not indexed or searchable. The information does appear in error.message "Provided Grok expressions do not match field value: ..." but it doesn't seem right to search this error field. Is the correct solution to enable indexing on event.original?
Elasticsearch 8.2
Thanks
Welcome to our community! 
Let's step back a bit here. How are these logs being sent to Elasticsearch? Where are you defining this grok pattern that is erroring?
Hi
So I have added the Juniper SRX integration to my Fleet server and installed an Elastic Agent on a different host to receive logs from the firewall and pass them to Elasticsearch. I haven't defined any grok pattern specifically.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.