I am trying to understand how to get access to fields that I told Logstash to parse out of log messages for me.
In the data shown below there is a field under _host called log_level. How do I get a hold of that in Kibana? I can see it on the Discover tab. But when I go to the Visualize tab I dont see it. I can see it in the mapping for my index. I assume I missing some step that tells Kibana to use the field in aggregations.
Part of the mapping that shows the field is there.
"log_level" : {
"type" : "keyword",
"ignore_above" : 1024
},
Saved Object
{
"_index" : "filebeat-6.5.3-2018.12.17",
"_type" : "doc",
"_id" : "dj_AvWcBz3QtXipN1I_5",
"_score" : 1.3429976,
"_source" : {
"host" : {
"containerized" : true,
"architecture" : "x86_64",
"os" : {
"codename" : "Final",
"version" : "6.10 (Final)",
"platform" : "centos",
"family" : "redhat"
},
"name" : "yellow"
},
"offset" : 14922,
"prospector" : {
"type" : "log"
},
"log_level" : "INFO",
"message" : "2018-12-17 02:07:47,118 INFO --- [ost-startStop-2] c.e.l.s.p.m.TenantRoutingDataSource:125 : Connecting to database (with ComboPooledDataSource) cborg2002 at: 127.0.0.1",
"@timestamp" : "2018-12-17T19:59:46.468Z",
"input" : {
"type" : "log"
},
"@version" : "1",
"source" : "/usr/cbridge/msg/Reporting/spring.log",
"beat" : {
"hostname" : "yellow",
"version" : "6.5.3",
"name" : "yellow470.dev.etisoftware.local"
},
"tags" : [
"beats_input_codec_plain_applied"
]
}
},