Hello,
I am using filebeat to route log data from my machine to Elasticsearch.
The log-files contain multiple lines with every line being one JSON object literal.
I want each line to become an event with as many fields as there are properties.
But so far this only works partly. Every JSON object literal becomes an event in the index but then the whole line is just put into one field called "message".
Is this a mapping problem or configuration problem? Can anyone help?
Thanks in advance 
Hi!
Since you want to handle json logs I would suggest you playing around with the json related features that Filebeat provides:
https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-log.html#filebeat-input-log-config-json
https://www.elastic.co/guide/en/beats/filebeat/current/decode-json-fields.html
Thank you!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.