Hi,
I have modified filebeat index and index template by removeing error.message field but it is still visible in discovery table. Is there any thing else I should do remove this message. I dont use Logstash and dont know how to configure grok processor in filebeat to parse the log without Provided Grok expressions do not match field value message. Can you advise?
Thanks!
You visit existing processors in filebeat (pipeline.yml files). To build your own grok expression, feel free to use Grok debugger (e.g. https://grokdebug.herokuapp.com/)
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.