Hi,
I'm trying out Filebeat for processing JSON logs and forwarding to Elasticsearch with the hope of visualising in Kibana. I can see the parsed JSON as fields in Kibana discovery just fine, but it warns that they are not indexed and therefore not usable in visualisations.
Is there something extra that needs to be done to get these usable in Kibana? My log config is as follows:
- input_type: log
paths:
- /path/to/log
json.message_key: event
json.keys_under_root: true
A logline looks like:
{"event":"value","key":"value","timestamp":"timestamp"}
Thanks
EDIT: Turns out I just needed to refresh the field list.