2 things we can do here:
- expand the time range via the time picker in the top right corner to see more results,
- check details of the shards failure via the button in the bottom right corner.
If the message field can be missing, then the script should be wrapped into an additional check:
if (doc["message.keyword"].size() > 0) {
// ... the rest
return;
}
emit("");