Filebeat JSON Index Fields

sirsteve · July 9, 2016, 7:54pm

Hi,

I'm trying out Filebeat for processing JSON logs and forwarding to Elasticsearch with the hope of visualising in Kibana. I can see the parsed JSON as fields in Kibana discovery just fine, but it warns that they are not indexed and therefore not usable in visualisations.

Is there something extra that needs to be done to get these usable in Kibana? My log config is as follows:

- input_type: log
  paths:
    - /path/to/log
  json.message_key: event
  json.keys_under_root: true

A logline looks like:

{"event":"value","key":"value","timestamp":"timestamp"}

Thanks

EDIT: Turns out I just needed to refresh the field list.

system · July 30, 2016, 7:54pm

This topic was automatically closed after 21 days. New replies are no longer allowed.

Topic		Replies	Views
'Index' json 'message' field without Logstash but within Filebeat? Filebeat > ES > Kibana Beats filebeat	2	289	April 1, 2022
Filebeat - json imports Beats filebeat	2	571	September 25, 2019
Filebeat mapping bug with json enabled? Beats filebeat	5	934	July 18, 2019
Sending JSON to Elasticsearch Beats filebeat	2	347	October 20, 2018
Filebeat decoded JSON fields aren't searchable Kibana	6	580	December 23, 2020

Filebeat JSON Index Fields

Related Topics