Filebeat JSON Index Fields

sirsteve · July 9, 2016, 7:54pm

Hi,

I'm trying out Filebeat for processing JSON logs and forwarding to Elasticsearch with the hope of visualising in Kibana. I can see the parsed JSON as fields in Kibana discovery just fine, but it warns that they are not indexed and therefore not usable in visualisations.

Is there something extra that needs to be done to get these usable in Kibana? My log config is as follows:

- input_type: log
  paths:
    - /path/to/log
  json.message_key: event
  json.keys_under_root: true

A logline looks like:

{"event":"value","key":"value","timestamp":"timestamp"}

Thanks

EDIT: Turns out I just needed to refresh the field list.

system · July 30, 2016, 7:54pm

This topic was automatically closed after 21 days. New replies are no longer allowed.

Topic		Replies	Views
'Index' json 'message' field without Logstash but within Filebeat? Filebeat > ES > Kibana Beats filebeat	2	291	April 1, 2022
Use of beats, logstash, kibana somewhat of distaster Beats	2	727	July 10, 2016
Filebeat - json imports Beats filebeat	2	571	September 25, 2019
Filebeat mapping bug with json enabled? Beats filebeat	5	936	July 18, 2019
Sending JSON to Elasticsearch Beats filebeat	2	348	October 20, 2018

Filebeat JSON Index Fields

Related topics